>From 52652f42abee7eadcdf52fd38ee6cfb0b025448d Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Fri, 16 Jul 2021 16:47:17 +0300 Subject: [PATCH] profiling: fix shift-out-of bounds /** ... **/ Signed-off-by: Pavel Skripkin --- kernel/ksysfs.c | 4 +++- kernel/profile.c | 18 +++++++++++++++--- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/kernel/ksysfs.c b/kernel/ksysfs.c index 35859da8bd4f..ca075d9f671a 100644 --- a/kernel/ksysfs.c +++ b/kernel/ksysfs.c @@ -76,7 +76,9 @@ static ssize_t profiling_store(struct kobject *kobj, * has a ton of callers and is not const. It is * easiest to cast it away here. */ - profile_setup((char *)buf); + ret = profile_setup((char *)buf); + if (!ret) + return -EINVAL; ret = profile_init(); if (ret) return ret; diff --git a/kernel/profile.c b/kernel/profile.c index c2ebddb5e974..5c61677030f4 100644 --- a/kernel/profile.c +++ b/kernel/profile.c @@ -42,6 +42,7 @@ struct profile_hit { static atomic_t *prof_buffer; static unsigned long prof_len, prof_shift; +#define MAX_PROF_SHIFT sizeof(prof_shift) * 8 int prof_on __read_mostly; EXPORT_SYMBOL_GPL(prof_on); @@ -66,8 +67,11 @@ int profile_setup(char *str) prof_on = SLEEP_PROFILING; if (str[strlen(sleepstr)] == ',') str += strlen(sleepstr) + 1; - if (get_option(&str, &par)) + if (get_option(&str, &par)) { + if (par >= MAX_PROF_SHIFT) + return 0; prof_shift = par; + } pr_info("kernel sleep profiling enabled (shift: %ld)\n", prof_shift); #else @@ -77,19 +81,27 @@ int profile_setup(char *str) prof_on = SCHED_PROFILING; if (str[strlen(schedstr)] == ',') str += strlen(schedstr) + 1; - if (get_option(&str, &par)) + if (get_option(&str, &par)) { + if (par >= MAX_PROF_SHIFT) + return 0; prof_shift = par; + } pr_info("kernel schedule profiling enabled (shift: %ld)\n", prof_shift); } else if (!strncmp(str, kvmstr, strlen(kvmstr))) { prof_on = KVM_PROFILING; if (str[strlen(kvmstr)] == ',') str += strlen(kvmstr) + 1; - if (get_option(&str, &par)) + if (get_option(&str, &par)) { + if (par >= MAX_PROF_SHIFT) + return 0; prof_shift = par; + } pr_info("kernel KVM profiling enabled (shift: %ld)\n", prof_shift); } else if (get_option(&str, &par)) { + if (par >= MAX_PROF_SHIFT) + return 0; prof_shift = par; prof_on = CPU_PROFILING; pr_info("kernel profiling enabled (shift: %ld)\n", -- 2.32.0