Re: [PATCH 1/5] tracing: Prevent kernel oops with corrupted buffer
From: Andrew Morton
Date: Tue Jan 26 2010 - 17:32:43 EST
On Tue, 26 Jan 2010 17:09:24 -0500
Steven Rostedt <rostedt@xxxxxxxxxxx> wrote:
> From: Steven Rostedt <srostedt@xxxxxxxxxx>
>
> If the contents of the ftrace ring buffer gets corrupted and the trace
> file is read, it could create a kernel oops (usualy just killing the user
"usually" ;)
> task thread). This is caused by the checking of the pid in the buffer.
> If the pid is negative, it still references the cmdline cache array,
> which could point to an invalid address.
>
> The simple fix is to test for negative PIDs.
>
> Signed-off-by: Steven Rostedt <rostedt@xxxxxxxxxxx>
> ---
> kernel/trace/trace.c | 5 +++++
> 1 files changed, 5 insertions(+), 0 deletions(-)
>
> diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
> index 0df1b0f..eac6875 100644
> --- a/kernel/trace/trace.c
> +++ b/kernel/trace/trace.c
> @@ -951,6 +951,11 @@ void trace_find_cmdline(int pid, char comm[])
> return;
> }
>
> + if (WARN_ON_ONCE(pid < 0)) {
> + strcpy(comm, "<XXX>");
> + return;
> + }
> +
> if (pid > PID_MAX_DEFAULT) {
> strcpy(comm, "<...>");
> return;
But why is it WARN_ON_ONCE()? That will only fix the problem a single
time. On the second occurrence, it will oops again.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/