| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <yt9dy1koey7h.fsf@linux.ibm.com> Date: Tue, 13 Jun 2023 07:19:14 +0200 From: Sven Schnelle <svens@...ux.ibm.com> To: Steven Rostedt <rostedt@...dmis.org> Cc: linux-kernel@...r.kernel.org Subject: Re: [PATCH] tracing: fix memcpy size when copying stack entries Steven Rostedt <rostedt@...dmis.org> writes: > On Mon, 12 Jun 2023 18:07:48 +0200 > Sven Schnelle <svens@...ux.ibm.com> wrote: > >> Noticed the following warning during boot: >> >> [ 2.316341] Testing tracer wakeup: >> [ 2.383512] ------------[ cut here ]------------ >> [ 2.383517] memcpy: detected field-spanning write (size 104) of single field "&entry->caller" at kernel/trace/trace.c:3167 (size 64) >> >> The reason seems to be that the maximum number of entries is calculated >> from the size of the fstack->calls array which is 128. But later the same >> size is used to memcpy() the entries to entry->callers, which has only >> room for eight elements. Therefore use the minimum of both arrays as limit. >> >> Signed-off-by: Sven Schnelle <svens@...ux.ibm.com> >> --- >> kernel/trace/trace.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c >> index 64a4dde073ef..988d664c13ec 100644 >> --- a/kernel/trace/trace.c >> +++ b/kernel/trace/trace.c >> @@ -3146,7 +3146,7 @@ static void __ftrace_trace_stack(struct trace_buffer *buffer, >> barrier(); >> >> fstack = this_cpu_ptr(ftrace_stacks.stacks) + stackidx; >> - size = ARRAY_SIZE(fstack->calls); >> + size = min(ARRAY_SIZE(entry->caller), ARRAY_SIZE(fstack->calls)); > > No, this is not how it works, and this breaks the stack tracing code. > [..] > The old way use to just record the 8 entries, but that was not very useful > in real world analysis. Your patch takes that away. Might as well just > record directly into the ring buffer again like it use to. > > Yes the above may be special, but your patch breaks it. Indeed, i'm feeling a bit stupid for sending that patch, should have used my brain during reading the source. Thanks for the explanation.
Powered by blists - more mailing lists