Received: by 2002:a05:6a10:9e8c:0:0:0:0 with SMTP id y12csp671060pxx; Thu, 29 Oct 2020 11:32:51 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxB5ZyGDJPmETcLIMMxCUqFak8dfbUN73LVnRQjxd6glx9R9YSHNldV7wptl/vv3tiIOC83 X-Received: by 2002:a05:6402:28e:: with SMTP id l14mr5402402edv.157.1603996371555; Thu, 29 Oct 2020 11:32:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1603996371; cv=none; d=google.com; s=arc-20160816; b=mCb1LW6XcIyi5eeww1zOSBI6Q0dMy7iEqyX+NcFFkKSUNWjOq24YhRSt818Y1rC3Vv gCW0ZLqZ4ARcsgP/IAeSJASv096qnWBx/X9+6x3RBuiTzR83z1oFFikfYmkF5XrGVWbh aGZp9PM8u0Gc5M3UCi42eyNptXmoteAEtoPB9XJSCR/1SBpxr3qSzUQhOZjNSDNpA059 lZtKUe7vo9YOvja0pTKDPJHkDS5yxd3qYlWSH6XLCrsKnrYPpGJ3e/i/+pZU0cGHaDGL MEcEqhWP05D+rqWMtW0GfIeN0e4OP41liSzL9FQKoie6dLR64lTc5bLkm1+S7OIRLzFg kHfw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date; bh=TAnFDcfhyooUiiJCIIul2bdHWN+7ha4CM+YhVotmJX4=; b=QUN8ucF9v4V8AauG7I1prLNucBZy9Mae6qWtbOiO46j6atk/iR8ULKe1/5IvqSzgJn I6+dJcF3pBAKbx1Xk4AQ5QI62W6tAKCz1a1Z6SsXedN2trRNPfS38SNWsva3KYlco4q0 1KY24gtrPVWcesZFTC4heN59kfeXiRiajfc//jWRruyYgoZtQrFKDJV4eUObcG5RLXXw NVA4ivm4PkkMFOFXQU/OglK+EIXCQVV3ejaDT1bdawOed1WK9kgjHqSPi8n6uR/+fxyW otsXMieNPcQOIRm/NEUCYFVIcXkCi4CoEhxbezAvH37aqzfI6OCBB2ox2PBUbxU/wT/6 V3LQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v7si2602245edw.389.2020.10.29.11.32.27; Thu, 29 Oct 2020 11:32:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725779AbgJ2Saa (ORCPT + 99 others); Thu, 29 Oct 2020 14:30:30 -0400 Received: from mail.kernel.org ([198.145.29.99]:34678 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725648AbgJ2Saa (ORCPT ); Thu, 29 Oct 2020 14:30:30 -0400 Received: from gandalf.local.home (cpe-66-24-58-225.stny.res.rr.com [66.24.58.225]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id F09DA20732; Thu, 29 Oct 2020 18:30:28 +0000 (UTC) Date: Thu, 29 Oct 2020 14:30:26 -0400 From: Steven Rostedt To: Qiujun Huang Cc: mingo@redhat.com, linux-kernel@vger.kernel.org, Andy Lutomirski Subject: Re: [PATCH v3] tracing: Fix out of bounds write in get_trace_buf Message-ID: <20201029143026.420e25ec@gandalf.local.home> In-Reply-To: <20201029155714.3935-1-hqjagain@gmail.com> References: <20201029155714.3935-1-hqjagain@gmail.com> X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 29 Oct 2020 23:57:14 +0800 Qiujun Huang wrote: > The subscript should be nesting - 1, as nesting had self-added. Thanks Qiujun! I'll add this to my urgent queue, and mark it for stable. I'll update the change log to state: "The nesting count of trace_printk allows for 4 levels of nesting. The nesting counter starts at zero and is incremented before being used to retrieve the current context's buffer. But the index to the buffer uses the nesting counter after it was incremented, and not its original number, which in needs to do." -- Steve > > Fixes: e2ace001176dc ("tracing: Choose static tp_printk buffer by explicit nesting count") > Signed-off-by: Qiujun Huang > --- > v3: > Modify the way of array reference instead. > v2: > Fix a typo in the title. > --- > kernel/trace/trace.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c > index 528971714fc6..daa96215e294 100644 > --- a/kernel/trace/trace.c > +++ b/kernel/trace/trace.c > @@ -3132,7 +3132,7 @@ static char *get_trace_buf(void) > > /* Interrupts must see nesting incremented before we use the buffer */ > barrier(); > - return &buffer->buffer[buffer->nesting][0]; > + return &buffer->buffer[buffer->nesting - 1][0]; > } > > static void put_trace_buf(void)