From: Greg Kroah-Hartman Date: Tue, 23 Nov 2021 12:22:07 +0000 (+0100) Subject: drop queue-5.4/tracing-add-length-protection-to-histogram-string-co.patch X-Git-Tag: v5.15.5~35 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7b5a709cc81b0137541c16fdf1f2e104d4a9a300;p=thirdparty%2Fkernel%2Fstable-queue.git drop queue-5.4/tracing-add-length-protection-to-histogram-string-co.patch --- diff --git a/queue-5.4/tracing-add-length-protection-to-histogram-string-co.patch b/queue-5.4/tracing-add-length-protection-to-histogram-string-co.patch deleted file mode 100644 index 9fbeb771f0b..00000000000 --- a/queue-5.4/tracing-add-length-protection-to-histogram-string-co.patch +++ /dev/null @@ -1,87 +0,0 @@ -From 0a0e233a0c25593f817b6d9ed48fb2d2fd080870 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Sun, 14 Nov 2021 13:28:34 -0500 -Subject: tracing: Add length protection to histogram string copies - -From: Steven Rostedt (VMware) - -[ Upstream commit 938aa33f14657c9ed9deea348b7d6f14b6d69cb7 ] - -The string copies to the histogram storage has a max size of 256 bytes -(defined by MAX_FILTER_STR_VAL). Only the string size of the event field -needs to be copied to the event storage, but no more than what is in the -event storage. Although nothing should be bigger than 256 bytes, there's -no protection against overwriting of the storage if one day there is. - -Copy no more than the destination size, and enforce it. - -Also had to turn MAX_FILTER_STR_VAL into an unsigned int, to keep the -min() comparison of the string sizes of comparable types. - -Link: https://lore.kernel.org/all/CAHk-=wjREUihCGrtRBwfX47y_KrLCGjiq3t6QtoNJpmVrAEb1w@mail.gmail.com/ -Link: https://lkml.kernel.org/r/20211114132834.183429a4@rorschach.local.home - -Cc: Ingo Molnar -Cc: Andrew Morton -Cc: Tom Zanussi -Reported-by: Linus Torvalds -Reviewed-by: Masami Hiramatsu -Fixes: 63f84ae6b82b ("tracing/histogram: Do not copy the fixed-size char array field over the field size") -Signed-off-by: Steven Rostedt (VMware) -Signed-off-by: Sasha Levin ---- - include/linux/trace_events.h | 2 +- - kernel/trace/trace_events_hist.c | 9 +++++++-- - 2 files changed, 8 insertions(+), 3 deletions(-) - -diff --git a/include/linux/trace_events.h b/include/linux/trace_events.h -index 30a8cdcfd4a4f..41cf69b4516bd 100644 ---- a/include/linux/trace_events.h -+++ b/include/linux/trace_events.h -@@ -425,7 +425,7 @@ struct trace_event_file { - - #define PERF_MAX_TRACE_SIZE 2048 - --#define MAX_FILTER_STR_VAL 256 /* Should handle KSYM_SYMBOL_LEN */ -+#define MAX_FILTER_STR_VAL 256U /* Should handle KSYM_SYMBOL_LEN */ - - enum event_trigger_type { - ETT_NONE = (0), -diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c -index 8b33a3c872750..37aa8e33f5635 100644 ---- a/kernel/trace/trace_events_hist.c -+++ b/kernel/trace/trace_events_hist.c -@@ -3530,8 +3530,10 @@ static inline void __update_field_vars(struct tracing_map_elt *elt, - if (val->flags & HIST_FIELD_FL_STRING) { - char *str = elt_data->field_var_str[j++]; - char *val_str = (char *)(uintptr_t)var_val; -+ unsigned int size; - -- strscpy(str, val_str, val->size); -+ size = min(val->size, STR_VAR_LEN_MAX); -+ strscpy(str, val_str, size); - var_val = (u64)(uintptr_t)str; - } - tracing_map_set_var(elt, var_idx, var_val); -@@ -5352,6 +5354,7 @@ static void hist_trigger_elt_update(struct hist_trigger_data *hist_data, - if (hist_field->flags & HIST_FIELD_FL_STRING) { - unsigned int str_start, var_str_idx, idx; - char *str, *val_str; -+ unsigned int size; - - str_start = hist_data->n_field_var_str + - hist_data->n_save_var_str; -@@ -5360,7 +5363,9 @@ static void hist_trigger_elt_update(struct hist_trigger_data *hist_data, - - str = elt_data->field_var_str[idx]; - val_str = (char *)(uintptr_t)hist_val; -- strscpy(str, val_str, hist_field->size); -+ -+ size = min(hist_field->size, STR_VAR_LEN_MAX); -+ strscpy(str, val_str, size); - - hist_val = (u64)(uintptr_t)str; - } --- -2.33.0 -