summaryrefslogtreecommitdiff
path: root/kernel
diff options
context:
space:
mode:
authorBeau Belgrave <beaub@linux.microsoft.com>2023-04-26 01:51:04 +0300
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2023-05-11 17:03:32 +0300
commit0489c2b2c3104b89f078dbcec8c744dfc157d3e9 (patch)
tree1ea6ff33590f5022f19bba3fda1cce1eddc0f933 /kernel
parent6472a6d0c79826256bfa3a6b45710dd499a984bf (diff)
downloadlinux-0489c2b2c3104b89f078dbcec8c744dfc157d3e9.tar.xz
tracing/user_events: Ensure write index cannot be negative
[ Upstream commit cd98c93286a30cc4588dfd02453bec63c2f4acf4 ] The write index indicates which event the data is for and accesses a per-file array. The index is passed by user processes during write() calls as the first 4 bytes. Ensure that it cannot be negative by returning -EINVAL to prevent out of bounds accesses. Update ftrace self-test to ensure this occurs properly. Link: https://lkml.kernel.org/r/20230425225107.8525-2-beaub@linux.microsoft.com Fixes: 7f5a08c79df3 ("user_events: Add minimal support for trace_event into ftrace") Reported-by: Doug Cook <dcook@linux.microsoft.com> Signed-off-by: Beau Belgrave <beaub@linux.microsoft.com> Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/trace/trace_events_user.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c
index 908e8a13c675..625cab4b9d94 100644
--- a/kernel/trace/trace_events_user.c
+++ b/kernel/trace/trace_events_user.c
@@ -1398,6 +1398,9 @@ static ssize_t user_events_write_core(struct file *file, struct iov_iter *i)
if (unlikely(copy_from_iter(&idx, sizeof(idx), i) != sizeof(idx)))
return -EFAULT;
+ if (idx < 0)
+ return -EINVAL;
+
rcu_read_lock_sched();
refs = rcu_dereference_sched(info->refs);