tracing: Add paranoid size check in trace_printk_seq()

To be really paranoid about writing out of bound data in trace_printk_seq(), add another check of len compared to size. Link: http://lkml.kernel.org/r/20141119144004.GB2332@dhcp128.suse.cz Suggested-by: Petr Mladek <pmladek@suse.cz> Reviewed-by: Petr Mladek <pmladek@suse.cz> Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
author: Steven Rostedt (Red Hat) <rostedt@goodmis.org> 2014-11-19 10:56:41 -0500
committer: Steven Rostedt <rostedt@goodmis.org> 2014-11-19 22:01:16 -0500
commit: 820b75f63d0152dbb9ff4accf274408592d613f2 (patch)
tree: ffe2dd4764a94f0d84877b45b9a14f59d5e63c93 /kernel
parent: 5ac48378414dccca735897c4d7f4e19987c8977c (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 9023446b2c2..26facec4625 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -6656,6 +6656,14 @@ trace_printk_seq(struct trace_seq *s)
 	if (s->seq.len >= TRACE_MAX_PRINT)
 		s->seq.len = TRACE_MAX_PRINT;
 
+	/*
+	 * More paranoid code. Although the buffer size is set to
+	 * PAGE_SIZE, and TRACE_MAX_PRINT is 1000, this is just
+	 * an extra layer of protection.
+	 */
+	if (WARN_ON_ONCE(s->seq.len >= s->seq.size))
+		s->seq.len = s->seq.size - 1;
+
 	/* should be zero ended, but we are paranoid. */
 	s->buffer[s->seq.len] = 0;
author	Steven Rostedt (Red Hat) <rostedt@goodmis.org>	2014-11-19 10:56:41 -0500
committer	Steven Rostedt <rostedt@goodmis.org>	2014-11-19 22:01:16 -0500
commit	820b75f63d0152dbb9ff4accf274408592d613f2 (patch)
tree	ffe2dd4764a94f0d84877b45b9a14f59d5e63c93 /kernel
parent	5ac48378414dccca735897c4d7f4e19987c8977c (diff)