Home Home > GIT Browse > SLE11-SP4
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMiroslav Benes <mbenes@suse.cz>2018-12-27 14:29:27 +0100
committerMiroslav Benes <mbenes@suse.cz>2018-12-27 15:13:19 +0100
commit52606beae91aa2be7558e35580f7c2b78372cd7c (patch)
treef4110b6b0479a4ed6ee6b6107774af3ea45cf8ae
parent7e50f6eadd24c3afd3d85cd42f6f5a88640b5eb8 (diff)
ring-buffer: Mask out the info bits when returning buffer page
length (bsc#1120094).
-rw-r--r--patches.fixes/ring-buffer-mask-out-the-info-bits-when-returning-buffer-page-length.patch54
-rw-r--r--series.conf1
2 files changed, 55 insertions, 0 deletions
diff --git a/patches.fixes/ring-buffer-mask-out-the-info-bits-when-returning-buffer-page-length.patch b/patches.fixes/ring-buffer-mask-out-the-info-bits-when-returning-buffer-page-length.patch
new file mode 100644
index 0000000000..77c35d2a82
--- /dev/null
+++ b/patches.fixes/ring-buffer-mask-out-the-info-bits-when-returning-buffer-page-length.patch
@@ -0,0 +1,54 @@
+From: "Steven Rostedt (VMware)" <rostedt@goodmis.org>
+Date: Fri, 22 Dec 2017 20:32:35 -0500
+Subject: ring-buffer: Mask out the info bits when returning buffer page length
+Git-commit: 45d8b80c2ac5d21cd1e2954431fb676bc2b1e099
+Patch-mainline: v4.15-rc6
+References: bsc#1120094
+
+Two info bits were added to the "commit" part of the ring buffer data page
+when returned to be consumed. This was to inform the user space readers that
+events have been missed, and that the count may be stored at the end of the
+page.
+
+What wasn't handled, was the splice code that actually called a function to
+return the length of the data in order to zero out the rest of the page
+before sending it up to user space. These data bits were returned with the
+length making the value negative, and that negative value was not checked.
+It was compared to PAGE_SIZE, and only used if the size was less than
+PAGE_SIZE. Luckily PAGE_SIZE is unsigned long which made the compare an
+unsigned compare, meaning the negative size value did not end up causing a
+large portion of memory to be randomly zeroed out.
+
+Cc: stable@vger.kernel.org
+Fixes: 66a8cb95ed040 ("ring-buffer: Add place holder recording of dropped events")
+Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Acked-by: Miroslav Benes <mbenes@suse.cz>
+---
+ kernel/trace/ring_buffer.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
+index c87766c1c204..e06cde093f76 100644
+--- a/kernel/trace/ring_buffer.c
++++ b/kernel/trace/ring_buffer.c
+@@ -280,6 +280,8 @@ EXPORT_SYMBOL_GPL(ring_buffer_event_data);
+ /* Missed count stored at end */
+ #define RB_MISSED_STORED (1 << 30)
+
++#define RB_MISSED_FLAGS (RB_MISSED_EVENTS|RB_MISSED_STORED)
++
+ struct buffer_data_page {
+ u64 time_stamp; /* page time stamp */
+ local_t commit; /* write committed index */
+@@ -331,7 +333,9 @@ static void rb_init_page(struct buffer_data_page *bpage)
+ */
+ size_t ring_buffer_page_len(void *page)
+ {
+- return local_read(&((struct buffer_data_page *)page)->commit)
++ struct buffer_data_page *bpage = page;
++
++ return (local_read(&bpage->commit) & ~RB_MISSED_FLAGS)
+ + BUF_PAGE_HDR_SIZE;
+ }
+
+
diff --git a/series.conf b/series.conf
index 1d8df6719d..e107db7d9e 100644
--- a/series.conf
+++ b/series.conf
@@ -23190,6 +23190,7 @@
patches.fixes/tracing-move-mutex-to-protect-against-resetting-of-seq-data.patch
patches.fixes/tracing-add-undef-to-fix-compile-error.patch
patches.fixes/tracing-kprobes-allow-to-create-probe-with-a-module-name-starting-with-a-digit.patch
+ patches.fixes/ring-buffer-mask-out-the-info-bits-when-returning-buffer-page-length.patch
########################################################
# KVM patches