[lttng-dev] [PATCH lttng-modules] Fix: copy_from_user size when limited allocation
Julien Desfossez
jdesfossez at efficios.com
Mon May 2 20:48:08 UTC 2016
We restrict the memory allocation to one page, but in two syscalls we were
using the wrong size in the copy_from_user.
Signed-off-by: Julien Desfossez <jdesfossez at efficios.com>
---
instrumentation/syscalls/headers/syscalls_pointers_override.h | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/instrumentation/syscalls/headers/syscalls_pointers_override.h b/instrumentation/syscalls/headers/syscalls_pointers_override.h
index dd6f954..4a69fc3 100644
--- a/instrumentation/syscalls/headers/syscalls_pointers_override.h
+++ b/instrumentation/syscalls/headers/syscalls_pointers_override.h
@@ -418,8 +418,7 @@ static struct lttng_type lttng_pollfd_elem = {
if (!tp_locvar->fds) \
goto error; \
err = lib_ring_buffer_copy_from_user_check_nofault( \
- tp_locvar->fds, ufds, \
- nfds * sizeof(struct pollfd)); \
+ tp_locvar->fds, ufds, tp_locvar->alloc_fds); \
if (err != 0) \
goto error; \
} \
@@ -772,7 +771,7 @@ static struct lttng_type lttng_epoll_wait_elem = {
\
err = lib_ring_buffer_copy_from_user_check_nofault( \
tp_locvar->events, uevents, \
- maxevents * sizeof(struct epoll_event)); \
+ maxalloc * sizeof(struct epoll_event)); \
if (err != 0) \
tp_locvar->fds_length = 0; \
} \
--
1.9.1
More information about the lttng-dev
mailing list