On Wed, 28 Mar 2018 11:35:22 -0400 Steven Rostedt <[email protected]> wrote:
> On Wed, 28 Mar 2018 20:32:27 +0800 > Wang Yu <[email protected]> wrote: > > > when pid is bigger than PID_MAX_DEFAULT, the comm of task > > is <...>, it is better use pid_max to compare > > > > Signed-off-by: Wang Yu <[email protected]> > > --- > > kernel/trace/trace.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > mode change 100644 => 100755 kernel/trace/trace.c > > > > diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c > > old mode 100644 > > new mode 100755 > > index 20a2300..0d4bc7a > > --- a/kernel/trace/trace.c > > +++ b/kernel/trace/trace.c > > @@ -1976,7 +1976,7 @@ static void __trace_find_cmdline(int pid, char comm[]) > > return; > > } > > > > - if (pid > PID_MAX_DEFAULT) { > > + if (pid > pid_max) { > > Thanks! this probably should go to stable. I take that back. This patch can cause a buffer overflow access. If you looked at the line after this check, you would see: if (pid > PID_MAX_DEFAULT) { strcpy(comm, "<...>"); return; } map = savedcmd->map_pid_to_cmdline[pid]; And if you looked to see what map_pid_to_cmdline is: struct saved_cmdlines_buffer { unsigned map_pid_to_cmdline[PID_MAX_DEFAULT+1]; Your patch will access memory past the end of that array, and cause a bug. If you want to support more than PID_MAX_DEFAULT, a lot more needs to change than this. And a change like this isn't going to go to stable. What you can do is make that map_pid_to_cmdline array bigger. -- Steve > > -- Steve > > > strcpy(comm, "<...>"); > > return; > > } >
