From 5f8b7fabcfbf3d7554c934f36af4a7ca3bb13e0b Mon Sep 17 00:00:00 2001
From: Sung-hun Kim <sfoon.kim@samsung.com>
Date: Thu, 2 Feb 2023 12:05:37 +0900
Subject: [PATCH] tracing: Apply upper limit of pid to prevent buffer overflow

A member array `map_pid_to_cmdline` is allocated as much as
PID_MAX_DEFAULT. There is no consideration when a given pid
exceeds PID_MAX_DEFAULT which can make buffer overflow.

This patch handles such cases by just returning -1 for a case
that the given pid exceeds PID_MAX_DEFAULT. For such cases,
the user of trace loses tgid information for a given pid.

Change-Id: I589eda187490eddbd26fa5300a288097842d9af0
Signed-off-by: Sung-hun Kim <sfoon.kim@samsung.com>
---
 kernel/trace/trace.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index ba2fa7c3eaac..aeed57ff8dee 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -1894,6 +1894,15 @@ int trace_find_tgid(int pid)
 	unsigned map;
 	int tgid;
 
+	/*
+	 * The size of map_pid_to_cmdline is
+	 * PID_MAX_DEFAULT + 1. So, to prevent
+	 * buffer overflow, return -1 if a given
+	 * pid is larger than PID_MAX_DEFAULT.
+	 */
+	if (unlikely(!pid || pid > PID_MAX_DEFAULT))
+		return -1;
+
 	preempt_disable();
 	arch_spin_lock(&trace_cmdline_lock);
 	map = savedcmd->map_pid_to_cmdline[pid];
-- 
2.34.1