tracing: Use trace_seq_used() and seq_buf_used() instead of len

As the seq_buf->len will soon be +1 size when there's an overflow, we must use trace_seq_used() or seq_buf_used() methods to get the real length. This will prevent buffer overflow issues if just the len of the seq_buf descriptor is used to copy memory. Link: http://lkml.kernel.org/r/20141114121911.09ba3d38@gandalf.local.home Reported-by: Petr Mladek <pmladek@suse.cz> Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
author: Steven Rostedt (Red Hat) <rostedt@goodmis.org> 2014-11-14 15:49:41 -0500
committer: Steven Rostedt <rostedt@goodmis.org> 2014-11-19 22:01:15 -0500
commit: 5ac48378414dccca735897c4d7f4e19987c8977c (patch)
tree: 9cf5c11dddd8081327d7e7f8a68a9e47613adcfa /kernel/trace/seq_buf.c
parent: 74f06bb72347302a19aac087314388ebd0e4fee9 (diff)
download: lwn-5ac48378414dccca735897c4d7f4e19987c8977c.tar.gz
lwn-5ac48378414dccca735897c4d7f4e19987c8977c.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/trace/seq_buf.c b/kernel/trace/seq_buf.c
index 9ec5305d9da7..ce17f65268ed 100644
--- a/kernel/trace/seq_buf.c
+++ b/kernel/trace/seq_buf.c
@@ -328,7 +328,7 @@ int seq_buf_to_user(struct seq_buf *s, char __user *ubuf, int cnt)
 	if (s->len <= s->readpos)
 		return -EBUSY;
 
-	len = s->len - s->readpos;
+	len = seq_buf_used(s) - s->readpos;
 	if (cnt > len)
 		cnt = len;
 	ret = copy_to_user(ubuf, s->buffer + s->readpos, cnt);
author	Steven Rostedt (Red Hat) <rostedt@goodmis.org>	2014-11-14 15:49:41 -0500
committer	Steven Rostedt <rostedt@goodmis.org>	2014-11-19 22:01:15 -0500
commit	5ac48378414dccca735897c4d7f4e19987c8977c (patch)
tree	9cf5c11dddd8081327d7e7f8a68a9e47613adcfa /kernel/trace/seq_buf.c
parent	74f06bb72347302a19aac087314388ebd0e4fee9 (diff)
download	lwn-5ac48378414dccca735897c4d7f4e19987c8977c.tar.gz lwn-5ac48378414dccca735897c4d7f4e19987c8977c.zip