On Tue, 12 Dec 2023 09:23:54 -0500 Mathieu Desnoyers <mathieu.desnoy...@efficios.com> wrote:
> On 2023-12-12 08:44, Steven Rostedt wrote: > > From: "Steven Rostedt (Google)" <rost...@goodmis.org> > > > > If for some reason the trace_marker write does not have a nul byte for the > > string, it will overflow the print: > > Does this result in leaking kernel memory to userspace ? If so, it > should state "Fixes..." and CC stable. No, it was triggered because of a bug elsewhere ;-) https://lore.kernel.org/linux-trace-kernel/20231212072558.61f76...@gandalf.local.home/ Which does have a Cc stable and Fixes tag. The event truncated the trace_marker output and caused the buffer overflow here. The trace_marker always adds a '\0', but that got dropped due to the other bug. This is just hardening the kernel. Note, this can only happen with the new code that allows trace_marker to use the max size of the buffer, which is for the next kernel release. -- Steve