From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
"Steven Rostedt (VMware)" <rostedt@goodmis.org>
Subject: [PATCH 4.4 18/63] ring-buffer: Mask out the info bits when returning buffer page length
Date: Mon, 1 Jan 2018 15:24:36 +0100 [thread overview]
Message-ID: <20180101140045.444425270@linuxfoundation.org> (raw)
In-Reply-To: <20180101140042.456380281@linuxfoundation.org>
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Steven Rostedt (VMware) <rostedt@goodmis.org>
commit 45d8b80c2ac5d21cd1e2954431fb676bc2b1e099 upstream.
Two info bits were added to the "commit" part of the ring buffer data page
when returned to be consumed. This was to inform the user space readers that
events have been missed, and that the count may be stored at the end of the
page.
What wasn't handled, was the splice code that actually called a function to
return the length of the data in order to zero out the rest of the page
before sending it up to user space. These data bits were returned with the
length making the value negative, and that negative value was not checked.
It was compared to PAGE_SIZE, and only used if the size was less than
PAGE_SIZE. Luckily PAGE_SIZE is unsigned long which made the compare an
unsigned compare, meaning the negative size value did not end up causing a
large portion of memory to be randomly zeroed out.
Fixes: 66a8cb95ed040 ("ring-buffer: Add place holder recording of dropped events")
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/ring_buffer.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -280,6 +280,8 @@ EXPORT_SYMBOL_GPL(ring_buffer_event_data
/* Missed count stored at end */
#define RB_MISSED_STORED (1 << 30)
+#define RB_MISSED_FLAGS (RB_MISSED_EVENTS|RB_MISSED_STORED)
+
struct buffer_data_page {
u64 time_stamp; /* page time stamp */
local_t commit; /* write committed index */
@@ -331,7 +333,9 @@ static void rb_init_page(struct buffer_d
*/
size_t ring_buffer_page_len(void *page)
{
- return local_read(&((struct buffer_data_page *)page)->commit)
+ struct buffer_data_page *bpage = page;
+
+ return (local_read(&bpage->commit) & ~RB_MISSED_FLAGS)
+ BUF_PAGE_HDR_SIZE;
}
next prev parent reply other threads:[~2018-01-01 14:25 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-01 14:24 [PATCH 4.4 00/63] 4.4.109-stable review Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 01/63] ACPI: APEI / ERST: Fix missing error handling in erst_reader() Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 02/63] crypto: mcryptd - protect the per-CPU queue with a lock Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 03/63] mfd: cros ec: spi: Dont send first message too soon Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 04/63] mfd: twl4030-audio: Fix sibling-node lookup Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 05/63] mfd: twl6040: Fix child-node lookup Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 06/63] ALSA: rawmidi: Avoid racy info ioctl via ctl device Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 07/63] ALSA: usb-audio: Fix the missing ctl name suffix at parsing SU Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 08/63] PCI / PM: Force devices to D0 in pci_pm_thaw_noirq() Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 09/63] parisc: Hide Diva-built-in serial aux and graphics card Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 10/63] spi: xilinx: Detect stall with Unknown commands Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 12/63] kvm: x86: fix RSM when PCID is non-zero Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 13/63] powerpc/perf: Dereference BHRB entries safely Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 14/63] net: mvneta: clear interface link status on port disable Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 15/63] tracing: Remove extra zeroing out of the ring buffer page Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 16/63] tracing: Fix possible double free on failure of allocating trace buffer Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 17/63] tracing: Fix crash when it fails to alloc ring buffer Greg Kroah-Hartman
2018-01-01 14:24 ` Greg Kroah-Hartman [this message]
2018-01-01 14:24 ` [PATCH 4.4 19/63] iw_cxgb4: Only validate the MSN for successful completions Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 20/63] ASoC: fsl_ssi: AC97 ops need regmap, clock and cleaning up on failure Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 21/63] ASoC: twl4030: fix child-node lookup Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 22/63] ALSA: hda: Drop useless WARN_ON() Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 23/63] ALSA: hda - fix headset mic detection issue on a Dell machine Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 24/63] x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly() Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 25/63] x86/mm: Remove flush_tlb() and flush_tlb_current_task() Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 26/63] x86/mm: Make flush_tlb_mm_range() more predictable Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 27/63] x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range() Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 28/63] x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 29/63] x86/mm: Disable PCID on 32-bit kernels Greg Kroah-Hartman
2018-01-09 16:05 ` David Woodhouse
2018-01-09 18:18 ` David Woodhouse
2018-01-01 14:24 ` [PATCH 4.4 30/63] x86/mm: Add the nopcid boot option to turn off PCID Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 31/63] x86/mm: Enable CR4.PCIDE on supported systems Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 32/63] x86/mm/64: Fix reboot interaction with CR4.PCIDE Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 35/63] ipv6: mcast: better catch silly mtu values Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 36/63] net: igmp: Use correct source address on IGMPv3 reports Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 37/63] netlink: Add netns check on taps Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 39/63] net: reevalulate autoflowlabel setting after sysctl setting Greg Kroah-Hartman
2018-01-21 23:05 ` Ben Hutchings
2018-01-01 14:24 ` [PATCH 4.4 40/63] tcp md5sig: Use skbs saddr when replying to an incoming segment Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 41/63] tg3: Fix rx hang on MTU change with 5717/5719 Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 42/63] net: ipv4: fix for a race condition in raw_sendmsg Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 43/63] net: mvmdio: disable/unprepare clocks in EPROBE_DEFER case Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 44/63] sctp: Replace use of sockets_allocated with specified macro Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 45/63] ipv4: Fix use-after-free when flushing FIB tables Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 46/63] net: bridge: fix early call to br_stp_change_bridge_id and plug newlink leaks Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 47/63] net: Fix double free and memory corruption in get_net_ns_by_id() Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 48/63] net: phy: micrel: ksz9031: reconfigure autoneg after phy autoneg workaround Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 49/63] sock: free skb in skb_complete_tx_timestamp on error Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 50/63] usbip: fix usbip bind writing random string after command in match_busid Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 51/63] usbip: stub: stop printing kernel pointer addresses in messages Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 52/63] usbip: vhci: " Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 53/63] USB: serial: ftdi_sio: add id for Airbus DS P8GR Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 55/63] USB: serial: option: add support for Telit ME910 PID 0x1101 Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 57/63] usb: Add device quirk for Logitech HD Pro Webcam C925e Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 58/63] usb: add RESET_RESUME for ELSA MicroLink 56K Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 59/63] USB: Fix off by one in type-specific length check of BOS SSP capability Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 60/63] usb: xhci: Add XHCI_TRUST_TX_LENGTH for Renesas uPD720201 Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 61/63] nohz: Prevent a timer interrupt storm in tick_nohz_stop_sched_tick() Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 62/63] x86/smpboot: Remove stale TLB flush invocations Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 63/63] n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD) Greg Kroah-Hartman
2018-01-01 17:29 ` [PATCH 4.4 00/63] 4.4.109-stable review Nathan Chancellor
2018-01-01 20:16 ` Greg Kroah-Hartman
2018-01-01 19:26 ` Naresh Kamboju
2018-01-02 16:46 ` Guenter Roeck
2018-01-02 22:26 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180101140045.444425270@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rostedt@goodmis.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).