diff options
author | Carl Henrik Lunde <chlunde@ping.uio.no> | 2009-04-03 08:27:15 -0400 |
---|---|---|
committer | Ingo Molnar <mingo@elte.hu> | 2009-04-03 08:46:22 -0400 |
commit | a4b3ada83d06554d307dd54abdc62b2e5648264a (patch) | |
tree | 70413a3343c8a40a8d3b22ec6d020ef806ca7a9b | |
parent | 18cea4591a98817697017bcb056a848bae1205df (diff) |
blktrace: NUL-terminate user space messages
Impact: fix corrupted blkparse output
Make sure messages from user space are NUL-terminated strings,
otherwise we could dump random memory to the block trace file.
Additionally, I've limited the message to BLK_TN_MAX_MSG-1
characters, because the last character would be stripped by
vscnprintf anyway.
Signed-off-by: Carl Henrik Lunde <chlunde@ping.uio.no>
Cc: Li Zefan <lizf@cn.fujitsu.com>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: "Alan D. Brunelle" <alan.brunelle@hp.com>
Cc: Steven Rostedt <rostedt@goodmis.org>
LKML-Reference: <20090403122714.GT5178@kernel.dk>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
-rw-r--r-- | kernel/trace/blktrace.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c index 947c5b3f90c4..a400b861fad3 100644 --- a/kernel/trace/blktrace.c +++ b/kernel/trace/blktrace.c | |||
@@ -327,10 +327,10 @@ static ssize_t blk_msg_write(struct file *filp, const char __user *buffer, | |||
327 | char *msg; | 327 | char *msg; |
328 | struct blk_trace *bt; | 328 | struct blk_trace *bt; |
329 | 329 | ||
330 | if (count > BLK_TN_MAX_MSG) | 330 | if (count > BLK_TN_MAX_MSG - 1) |
331 | return -EINVAL; | 331 | return -EINVAL; |
332 | 332 | ||
333 | msg = kmalloc(count, GFP_KERNEL); | 333 | msg = kmalloc(count + 1, GFP_KERNEL); |
334 | if (msg == NULL) | 334 | if (msg == NULL) |
335 | return -ENOMEM; | 335 | return -ENOMEM; |
336 | 336 | ||
@@ -339,6 +339,7 @@ static ssize_t blk_msg_write(struct file *filp, const char __user *buffer, | |||
339 | return -EFAULT; | 339 | return -EFAULT; |
340 | } | 340 | } |
341 | 341 | ||
342 | msg[count] = '\0'; | ||
342 | bt = filp->private_data; | 343 | bt = filp->private_data; |
343 | __trace_note_message(bt, "%s", msg); | 344 | __trace_note_message(bt, "%s", msg); |
344 | kfree(msg); | 345 | kfree(msg); |