tracing: Apply upper limit of pid to prevent buffer overflow

A member array `map_pid_to_cmdline` is allocated as much as
PID_MAX_DEFAULT. There is no consideration when a given pid
exceeds PID_MAX_DEFAULT which can make buffer overflow.

This patch handles such cases by just returning -1 for a case
that the given pid exceeds PID_MAX_DEFAULT. For such cases,
the user of trace loses tgid information for a given pid.

Change-Id: I589eda187490eddbd26fa5300a288097842d9af0
Signed-off-by: Sung-hun Kim <sfoon.kim@samsung.com>

diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index ba2fa7c..aeed57f 100644 (file)
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -1894,6 +1894,15 @@ int trace_find_tgid(int pid)
        unsigned map;
        int tgid;
 
+       /*
+        * The size of map_pid_to_cmdline is
+        * PID_MAX_DEFAULT + 1. So, to prevent
+        * buffer overflow, return -1 if a given
+        * pid is larger than PID_MAX_DEFAULT.
+        */
+       if (unlikely(!pid || pid > PID_MAX_DEFAULT))
+               return -1;
+
        preempt_disable();
        arch_spin_lock(&trace_cmdline_lock);
        map = savedcmd->map_pid_to_cmdline[pid];