On Tue, 22 Jan 2019 13:48:48 +0100 Andreas Ziegler <andreas.zieg...@fau.de> wrote:
> Commit 9178412ddf5a ("tracing: probeevent: Return consumed > bytes of dynamic area") improved the string fetching > mechanism by returning the number of required bytes after > copying the argument to the dynamic area. However, this > return value is now only used to increment the pointer > inside the dynamic area but misses updating the 'maxlen' > variable which indicates the remaining space in the dynamic > area. Oops! Good catch! :) > > This means that fetch_store_string() always reads the *total* > size of the dynamic area from the data_loc pointer instead of > the *remaining* size (and passes it along to > strncpy_from_{user,unsafe}) even if we're already about to > copy data into the middle of the dynamic area. > This looks good to me. Acked-by: Masami Hiramatsu <mhira...@kernel.org> Thank you!! > Fixes: 9178412ddf5a ("tracing: probeevent: Return consumed bytes of dynamic > area") > Signed-off-by: Andreas Ziegler <andreas.zieg...@fau.de> > --- > kernel/trace/trace_probe_tmpl.h | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/kernel/trace/trace_probe_tmpl.h b/kernel/trace/trace_probe_tmpl.h > index 5c56afc17cf8..0cf953e47584 100644 > --- a/kernel/trace/trace_probe_tmpl.h > +++ b/kernel/trace/trace_probe_tmpl.h > @@ -182,8 +182,10 @@ store_trace_args(void *data, struct trace_probe *tp, > struct pt_regs *regs, > ret = process_fetch_insn(arg->code, regs, dl, base); > if (unlikely(ret < 0 && arg->dynamic)) > *dl = make_data_loc(0, dyndata - base); > - else > + else { > dyndata += ret; > + maxlen -= ret; > + } > } > } > > -- > 2.17.1 > -- Masami Hiramatsu <mhira...@kernel.org>