From: Sung-hun Kim <sfoon.kim@samsung.com>
Date: Thu, 2 Feb 2023 03:05:37 +0000 (+0900)
Subject: tracing: Apply upper limit of pid to prevent buffer overflow
X-Git-Tag: accepted/tizen/7.0/unified/20230203.164135^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=5f8b7fabcfbf3d7554c934f36af4a7ca3bb13e0b;p=platform%2Fkernel%2Flinux-amlogic.git

tracing: Apply upper limit of pid to prevent buffer overflow

A member array `map_pid_to_cmdline` is allocated as much as
PID_MAX_DEFAULT. There is no consideration when a given pid
exceeds PID_MAX_DEFAULT which can make buffer overflow.

This patch handles such cases by just returning -1 for a case
that the given pid exceeds PID_MAX_DEFAULT. For such cases,
the user of trace loses tgid information for a given pid.

Change-Id: I589eda187490eddbd26fa5300a288097842d9af0
Signed-off-by: Sung-hun Kim <sfoon.kim@samsung.com>
---

diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index ba2fa7c..aeed57f 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -1894,6 +1894,15 @@ int trace_find_tgid(int pid)
 	unsigned map;
 	int tgid;
 
+	/*
+	 * The size of map_pid_to_cmdline is
+	 * PID_MAX_DEFAULT + 1. So, to prevent
+	 * buffer overflow, return -1 if a given
+	 * pid is larger than PID_MAX_DEFAULT.
+	 */
+	if (unlikely(!pid || pid > PID_MAX_DEFAULT))
+		return -1;
+
 	preempt_disable();
 	arch_spin_lock(&trace_cmdline_lock);
 	map = savedcmd->map_pid_to_cmdline[pid];