]> git.baikalelectronics.ru Git - kernel.git/commitdiff
tracing/ring-buffer: Only do full wait when cpu != RING_BUFFER_ALL_CPUS
authorPratyush Yadav <ptyadav@amazon.de>
Fri, 16 Dec 2022 13:42:41 +0000 (14:42 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 18 Jan 2023 10:40:46 +0000 (11:40 +0100)
full_hit() directly uses cpu as an array index. Since
RING_BUFFER_ALL_CPUS == -1, calling full_hit() with cpu ==
RING_BUFFER_ALL_CPUS will cause an invalid memory access.

The upstream commit bf7966d96b74 ("tracing/ring-buffer: Have polling
block on watermark") already does this. This was missed when backporting
to v5.4.y.

This bug was discovered and resolved using Coverity Static Analysis
Security Testing (SAST) by Synopsys, Inc.

Fixes: 9b7faceb5367 ("tracing/ring-buffer: Have polling block on watermark")
Signed-off-by: Pratyush Yadav <ptyadav@amazon.de>
Acked-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
kernel/trace/ring_buffer.c

index 176d858903bdba444d36a36d628bd50fea7ff691..11e8189dd8ae9fd498a8152beb910cd097ad6b1f 100644 (file)
@@ -727,6 +727,7 @@ __poll_t ring_buffer_poll_wait(struct ring_buffer *buffer, int cpu,
 
        if (cpu == RING_BUFFER_ALL_CPUS) {
                work = &buffer->irq_work;
+               full = 0;
        } else {
                if (!cpumask_test_cpu(cpu, buffer->cpumask))
                        return -EINVAL;