[lttng-dev] [PATCH lttng-modules] Fix: copy_from_user size when limited allocation
Mathieu Desnoyers
mathieu.desnoyers at efficios.com
Mon May 2 20:54:46 UTC 2016
merged into master, thanks!
Mathieu
----- On May 2, 2016, at 4:48 PM, Julien Desfossez jdesfossez at efficios.com wrote:
> We restrict the memory allocation to one page, but in two syscalls we were
> using the wrong size in the copy_from_user.
>
> Signed-off-by: Julien Desfossez <jdesfossez at efficios.com>
> ---
> instrumentation/syscalls/headers/syscalls_pointers_override.h | 5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/instrumentation/syscalls/headers/syscalls_pointers_override.h
> b/instrumentation/syscalls/headers/syscalls_pointers_override.h
> index dd6f954..4a69fc3 100644
> --- a/instrumentation/syscalls/headers/syscalls_pointers_override.h
> +++ b/instrumentation/syscalls/headers/syscalls_pointers_override.h
> @@ -418,8 +418,7 @@ static struct lttng_type lttng_pollfd_elem = {
> if (!tp_locvar->fds) \
> goto error; \
> err = lib_ring_buffer_copy_from_user_check_nofault( \
> - tp_locvar->fds, ufds, \
> - nfds * sizeof(struct pollfd)); \
> + tp_locvar->fds, ufds, tp_locvar->alloc_fds); \
> if (err != 0) \
> goto error; \
> } \
> @@ -772,7 +771,7 @@ static struct lttng_type lttng_epoll_wait_elem = {
> \
> err = lib_ring_buffer_copy_from_user_check_nofault( \
> tp_locvar->events, uevents, \
> - maxevents * sizeof(struct epoll_event)); \
> + maxalloc * sizeof(struct epoll_event)); \
> if (err != 0) \
> tp_locvar->fds_length = 0; \
> } \
> --
> 1.9.1
--
Mathieu Desnoyers
EfficiOS Inc.
http://www.efficios.com
More information about the lttng-dev
mailing list