From patchwork Wed May 3 10:11:14 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 98484 Delivered-To: patch@linaro.org Received: by 10.140.89.200 with SMTP id v66csp224296qgd; Wed, 3 May 2017 03:11:41 -0700 (PDT) X-Received: by 10.98.63.85 with SMTP id m82mr3936290pfa.143.1493806301827; Wed, 03 May 2017 03:11:41 -0700 (PDT) Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e1si12564065plk.185.2017.05.03.03.11.41; Wed, 03 May 2017 03:11:41 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753214AbdECKLf (ORCPT + 6 others); Wed, 3 May 2017 06:11:35 -0400 Received: from mail-pg0-f53.google.com ([74.125.83.53]:35781 "EHLO mail-pg0-f53.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752985AbdECKLX (ORCPT ); Wed, 3 May 2017 06:11:23 -0400 Received: by mail-pg0-f53.google.com with SMTP id o3so70697144pgn.2 for ; Wed, 03 May 2017 03:11:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=79+Plmxu40Utv86f+fAFM4rXYS6y4INhoc76+5ntuF8=; b=gtKP9JKLi7NNEhNMdCqUj+lCXqUmEAJtoX2Xg3QLewp0s1isE6AzfdLhnk6WUhA6Yf Iz9WT7Ale0lSOtHwQI2L0m4CZV7plnyJnOWfzo62Z7vRju9lrd0uc1fs0nhEZmaMunwF iJZmNOZO6H8Zv5BDmokETFLZE90EuFaLOMFYQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=79+Plmxu40Utv86f+fAFM4rXYS6y4INhoc76+5ntuF8=; b=cgpanFO5CJxDpsuZc9RKPJ4JvtOhIlU85ccQik0gcu5pVIAFkJ+Kyq4XL4s4vdt4Vk HuM4epJcDpcqmfIUxFRrgNP7AKhkKO+jBxY/ZdP9bCl72xEjWS+sSvi08Ta21AWUMKE8 POfuN96PGPVUsjJDyibqzwxEHSE1+tWNVdex/lG7ji1oum/vWchnMYLPCJ+h5vtSf+CW VenRjzh23PIrlJwgcaYmOh9MsNyBtsrLrNNI+jpJgDhucY3oY3admdbvNACNDtxnWXBf 9iSYTLjKUE29nE/GTVhOdhqoLszLkGGCrCKjVe7qr0+18vNp9eLBowcLoNB4r4ZhUCS4 4vnQ== X-Gm-Message-State: AN3rC/4EJ5Iaxldga7qMR56FfhNfWtIZtCrAVvcyysMP0bjKuQcA0SwK xCxe8XI3esa893Sf X-Received: by 10.84.151.69 with SMTP id i63mr1688510pli.23.1493806282188; Wed, 03 May 2017 03:11:22 -0700 (PDT) Received: from localhost.localdomain ([106.51.135.126]) by smtp.gmail.com with ESMTPSA id p3sm29888523pgd.36.2017.05.03.03.11.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 03 May 2017 03:11:21 -0700 (PDT) From: Amit Pundir To: Steven Rostedt , Ingo Molnar Cc: Greg KH , lkml , Amey Telawane , stable@vger.kernel.org Subject: [PATCH] tracing: Resolve stack corruption due to string copy Date: Wed, 3 May 2017 15:41:14 +0530 Message-Id: <1493806274-13936-1-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Amey Telawane Strcpy has no limit on string being copied which causes stack corruption leading to kernel panic. Use strlcpy to resolve the issue by providing length of string to be copied. Cc: stable@vger.kernel.org Signed-off-by: Amey Telawane [AmitP: Cherry-picked this commit from CodeAurora kernel/msm-3.10 https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=2161ae9a70b12cf18ac8e5952a20161ffbccb477] Signed-off-by: Amit Pundir --- This patch featured in Android Security Bulletin for May 2017, https://source.android.com/security/bulletin/2017-05-01#eop-in-kernel-trace-subsystem, but it is not upstreamed yet and I couldn't find any previous upstream submission as well. kernel/trace/trace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.7.4 diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index bd8fb5cfda4d..b227e141e1f1 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -1976,7 +1976,7 @@ static void __trace_find_cmdline(int pid, char comm[]) map = savedcmd->map_pid_to_cmdline[pid]; if (map != NO_CMDLINE_MAP) - strcpy(comm, get_saved_cmdlines(map)); + strlcpy(comm, get_saved_cmdlines(map), TASK_COMM_LEN - 1); else strcpy(comm, "<...>"); }