--- /dev/null
+From ptyadav@amazon.de Mon Dec 19 13:19:42 2022
+From: Pratyush Yadav <ptyadav@amazon.de>
+Date: Fri, 16 Dec 2022 14:42:41 +0100
+Subject: tracing/ring-buffer: Only do full wait when cpu != RING_BUFFER_ALL_CPUS
+To: <stable@vger.kernel.org>
+Cc: Pratyush Yadav <ptyadav@amazon.de>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, <patches@lists.linux.dev>, Linux Trace Kernel <linux-trace-kernel@vger.kernel.org>, Masami Hiramatsu <mhiramat@kernel.org>, Mathieu Desnoyers <mathieu.desnoyers@efficios.com>, Primiano Tucci <primiano@google.com>, "Steven Rostedt (Google)" <rostedt@goodmis.org>
+Message-ID: <20221216134241.81381-1-ptyadav@amazon.de>
+
+From: Pratyush Yadav <ptyadav@amazon.de>
+
+full_hit() directly uses cpu as an array index. Since
+RING_BUFFER_ALL_CPUS == -1, calling full_hit() with cpu ==
+RING_BUFFER_ALL_CPUS will cause an invalid memory access.
+
+The upstream commit 42fb0a1e84ff ("tracing/ring-buffer: Have polling
+block on watermark") already does this. This was missed when backporting
+to v5.4.y.
+
+This bug was discovered and resolved using Coverity Static Analysis
+Security Testing (SAST) by Synopsys, Inc.
+
+Fixes: e65ac2bdda54 ("tracing/ring-buffer: Have polling block on watermark")
+Signed-off-by: Pratyush Yadav <ptyadav@amazon.de>
+Acked-by: Steven Rostedt (Google) <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/trace/ring_buffer.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/kernel/trace/ring_buffer.c
++++ b/kernel/trace/ring_buffer.c
+@@ -727,6 +727,7 @@ __poll_t ring_buffer_poll_wait(struct ri
+
+ if (cpu == RING_BUFFER_ALL_CPUS) {
+ work = &buffer->irq_work;
++ full = 0;
+ } else {
+ if (!cpumask_test_cpu(cpu, buffer->cpumask))
+ return -EINVAL;
projects / thirdparty / kernel / stable-queue.git / commitdiff
