On Tue, 12 Dec 2023 09:23:54 -0500 Mathieu Desnoyers <[email protected]> wrote:
> On 2023-12-12 08:44, Steven Rostedt wrote: > > From: "Steven Rostedt (Google)" <[email protected]> > > > > If for some reason the trace_marker write does not have a nul byte for the > > string, it will overflow the print: > > Does this result in leaking kernel memory to userspace ? If so, it > should state "Fixes..." and CC stable. No, it was triggered because of a bug elsewhere ;-) https://lore.kernel.org/linux-trace-kernel/[email protected]/ Which does have a Cc stable and Fixes tag. The event truncated the trace_marker output and caused the buffer overflow here. The trace_marker always adds a '\0', but that got dropped due to the other bug. This is just hardening the kernel. Note, this can only happen with the new code that allows trace_marker to use the max size of the buffer, which is for the next kernel release. -- Steve
