stuartl/linux-stable
1
0
Fork 0
mirror of https://kernel.googlesource.com/pub/scm/linux/kernel/git/stable/linux-stable.git synced 2025-10-21 11:48:53 +10:00
Code Issues Releases Wiki Activity
1,075,162 Commits 99 Branches 5,439 Tags 9.2 GiB
41b8384204
Go to file
Pu Lehui 41b8384204 tracing: Limit access to parser->buffer when trace_get_user failed 
[ Upstream commit 6a909ea83f ]

When the length of the string written to set_ftrace_filter exceeds
FTRACE_BUFF_MAX, the following KASAN alarm will be triggered:

BUG: KASAN: slab-out-of-bounds in strsep+0x18c/0x1b0
Read of size 1 at addr ffff0000d00bd5ba by task ash/165

CPU: 1 UID: 0 PID: 165 Comm: ash Not tainted 6.16.0-g6bcdbd62bd56-dirty
Hardware name: linux,dummy-virt (DT)
Call trace:
 show_stack+0x34/0x50 (C)
 dump_stack_lvl+0xa0/0x158
 print_address_description.constprop.0+0x88/0x398
 print_report+0xb0/0x280
 kasan_report+0xa4/0xf0
 __asan_report_load1_noabort+0x20/0x30
 strsep+0x18c/0x1b0
 ftrace_process_regex.isra.0+0x100/0x2d8
 ftrace_regex_release+0x484/0x618
 __fput+0x364/0xa58
 ____fput+0x28/0x40
 task_work_run+0x154/0x278
 do_notify_resume+0x1f0/0x220
 el0_svc+0xec/0xf0
 el0t_64_sync_handler+0xa0/0xe8
 el0t_64_sync+0x1ac/0x1b0

The reason is that trace_get_user will fail when processing a string
longer than FTRACE_BUFF_MAX, but not set the end of parser->buffer to 0.
Then an OOB access will be triggered in ftrace_regex_release->
ftrace_process_regex->strsep->strpbrk. We can solve this problem by
limiting access to parser->buffer when trace_get_user failed.

Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/20250813040232.1344527-1-pulehui@huaweicloud.com
Fixes: 8c9af478c0 ("ftrace: Handle commands when closing set_ftrace_filter file")
Signed-off-by: Pu Lehui <pulehui@huawei.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-08-28 16:24:37 +02:00
arch compiler: remove __ADDRESSABLE_ASM{_STR,}() again 2025-08-28 16:24:37 +02:00
block block: avoid possible overflow for chunk_sectors check in blk_stack_limits() 2025-08-28 16:24:25 +02:00
certs
crypto
Documentation asm-generic: Add memory barrier dma_mb() 2025-08-28 16:24:36 +02:00
drivers iio: imu: inv_icm42600: change invalid data error to -EBUSY 2025-08-28 16:24:37 +02:00
fs f2fs: fix to avoid out-of-boundary access in dnode page 2025-08-28 16:24:36 +02:00
include compiler: remove __ADDRESSABLE_ASM{_STR,}() again 2025-08-28 16:24:37 +02:00
init
io_uring
ipc
kernel tracing: Limit access to parser->buffer when trace_get_user failed 2025-08-28 16:24:37 +02:00
lib lib: bitmap: Introduce node-aware alloc API 2025-08-28 16:24:02 +02:00
LICENSES
mm mm/debug_vm_pgtable: clear page table entries at destroy_args() 2025-08-28 16:24:34 +02:00
net mptcp: disable add_addr retransmission when timeout is 0 2025-08-28 16:24:35 +02:00
samples samples: mei: Fix building on musl libc 2025-08-28 16:24:07 +02:00
scripts kconfig: lxdialog: fix 'space' to (de)select options 2025-08-28 16:24:25 +02:00
security securityfs: don't pin dentries twice, once is enough... 2025-08-28 16:24:17 +02:00
sound ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 2025-08-28 16:24:34 +02:00
tools selftests: mptcp: pm: check flush doesn't reset limits 2025-08-28 16:24:37 +02:00
usr
virt
.clang-format
.cocciconfig
.get_maintainer.ignore
.gitattributes
.gitignore
.mailmap
COPYING
CREDITS
Kbuild
Kconfig
MAINTAINERS
Makefile kbuild: userprogs: use correct linker when mixing clang and GNU ld 2025-08-28 16:24:33 +02:00
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.