From: Mathieu Desnoyers Date: Fri, 7 May 2021 19:03:04 +0000 (-0400) Subject: Fix: increment buffer offset when failing to copy from user-space X-Git-Tag: v2.11.9~5 X-Git-Url: https://git.lttng.org./?a=commitdiff_plain;h=72b13183e01b58acb1069396d518dd8ecb586af4;p=lttng-modules.git Fix: increment buffer offset when failing to copy from user-space Upon failure to copy from user-space due to failing access ok check, the ring buffer offset is not incremented, which could generate unreadable traces because we don't account for the padding we write into the ring buffer. Note that this typically won't affect a common use-case of copying strings from user-space, because unless mprotect is invoked within a narrow race window (between user strlen and user strcpy), the strlen will fail on access ok when calculating the space to reserve, which will match what happens on strcpy. Signed-off-by: Mathieu Desnoyers Change-Id: Ic4d9487dd8870a526bae3023bb80f5e6301cec50 --- diff --git a/lib/ringbuffer/backend.h b/lib/ringbuffer/backend.h index 855f1e01..d8119110 100644 --- a/lib/ringbuffer/backend.h +++ b/lib/ringbuffer/backend.h @@ -313,6 +313,7 @@ fill_buffer: * the pollution of static inline code. */ _lib_ring_buffer_memset(bufb, offset, 0, len, 0); + ctx->priv.buf_offset += len; } /** @@ -395,6 +396,7 @@ fill_buffer: _lib_ring_buffer_memset(bufb, offset, pad, len - 1, 0); offset += len - 1; _lib_ring_buffer_memset(bufb, offset, '\0', 1, 0); + ctx->priv.buf_offset += len; } /*