tracing: Check length before giving out the filter buffer
When filters are used by trace events, a page is allocated on each CPU and used to copy the trace event fields to this page before writing to the ring buffer. The reason to use the filter and not write directly into the ring buffer is because a filter may discard the event and there's more overhead on discarding from the ring buffer than the extra copy. The problem here is that there is no check against the size being allocated when using this page. If an event asks for more than a page size while being filtered, it will get only a page, leading to the caller writing more that what was allocated. Check the length of the request, and if it is more than PAGE_SIZE minus the header default back to allocating from the ring buffer directly. The ring buffer may reject the event if its too big anyway, but it wont overflow. Link: https://lore.kernel.org/ath10k/1612839593-2308-1-git-send-email-wgong@codeaurora.org/ Cc: stable@vger.kernel.org Fixes: 0fc1b09f ("tracing: Use temp buffer when filtering events") Reported-by: Wen Gong <wgong@codeaurora.org> Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
parent
256cfdd6
-
mentioned in commit 7c93d8cf
-
mentioned in commit a0997a86
-
mentioned in commit e46d4337
-
mentioned in commit 0572fc6a
-
mentioned in commit 2e584b1a
-
mentioned in commit 2d598902
-
mentioned in commit 31ceae38
-
mentioned in commit edcce01e
-
mentioned in commit 43c32c22
-
mentioned in commit b16a249e
-
mentioned in commit d63f00ec
Please register or sign in to comment