lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250928110832.098564441@kernel.org>
Date: Sun, 28 Sep 2025 07:08:32 -0400
From: Steven Rostedt <rostedt@...nel.org>
To: linux-kernel@...r.kernel.org
Cc: Masami Hiramatsu <mhiramat@...nel.org>,
 Mark Rutland <mark.rutland@....com>,
 Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
 Andrew Morton <akpm@...ux-foundation.org>,
 Wang Liang <wangliang74@...wei.com>
Subject: [for-linus][PATCH 0/3] tracing: Fixes for v6.17


tracing fixes for v6.17

- Fix buffer overflow in osnoise_cpu_write()

  The allocated buffer to read user space did not add a nul terminating byte
  after copying from user the string. It then reads the string, and if user
  space did not add a nul byte, the read will continue beyond the string.
  Add a nul terminating byte after reading the string.

- Fix missing check for lockdown on tracing

  There's a path from kprobe events or uprobe events that can update the
  tracing system even if lockdown on tracing is activate. Add a check in the
  dynamic event path.

- Add a recursion check for the function graph return path

  Now that fprobes can hook to the function graph tracer and call different
  code between the entry and the exit, the exit code may now call functions
  that are not called in entry. This means that the exit handler can possibly
  trigger recursion that is not caught and cause the system to crash.
  Add the same recursion checks in the function exit handler as exists in the
  entry handler path.

  git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace.git
trace/fixes

Head SHA1: 0db0934e7f9bb624ed98a665890dbe249f65b8fd


Masami Hiramatsu (Google) (2):
      tracing: dynevent: Add a missing lockdown check on dynevent
      tracing: fgraph: Protect return handler from recursion loop

Wang Liang (1):
      tracing/osnoise: Fix slab-out-of-bounds in _parse_integer_limit()

----
 kernel/trace/fgraph.c         | 12 ++++++++++++
 kernel/trace/trace_dynevent.c |  4 ++++
 kernel/trace/trace_osnoise.c  |  3 ++-
 3 files changed, 18 insertions(+), 1 deletion(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ