projects / deliverable / lttng-modules.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f22697c)
Fix: copy_from_user size when limited allocation
authorJulien Desfossez <jdesfossez@efficios.com>
Mon, 2 May 2016 20:48:08 +0000 (16:48 -0400)
committerMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Mon, 2 May 2016 20:53:53 +0000 (16:53 -0400)
We restrict the memory allocation to one page, but in two syscalls we were
using the wrong size in the copy_from_user.

Signed-off-by: Julien Desfossez <jdesfossez@efficios.com>
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
instrumentation/syscalls/headers/syscalls_pointers_override.h patch | blob | blame | history

diff --git a/instrumentation/syscalls/headers/syscalls_pointers_override.h b/instrumentation/syscalls/headers/syscalls_pointers_override.h
index dd6f95448eef0fd8a77f3650a12fd5ed0824b112..4a69fc3e90c4a491da3bf2ee8afb9731e5d0de90 100644 (file)
--- a/instrumentation/syscalls/headers/syscalls_pointers_override.h
+++ b/instrumentation/syscalls/headers/syscalls_pointers_override.h
@@ -418,8 +418,7 @@ static struct lttng_type lttng_pollfd_elem = {
                if (!tp_locvar->fds)                                                    \
                        goto error;                                                     \
                err = lib_ring_buffer_copy_from_user_check_nofault(                     \
-                       tp_locvar->fds, ufds,                                           \
-                       nfds * sizeof(struct pollfd));                                  \
+                       tp_locvar->fds, ufds, tp_locvar->alloc_fds);                    \
                if (err != 0)                                                           \
                        goto error;                                                     \
        }                                                                               \
@@ -772,7 +771,7 @@ static struct lttng_type lttng_epoll_wait_elem = {
                                                                                \
                err = lib_ring_buffer_copy_from_user_check_nofault(             \
                        tp_locvar->events, uevents,                             \
-                       maxevents * sizeof(struct epoll_event));                \
+                       maxalloc * sizeof(struct epoll_event));                 \
                if (err != 0)                                                   \
                        tp_locvar->fds_length = 0;                              \
        }                                                                       \
LTTng modules - Deliverables
This page took 0.027311 seconds and 5 git commands to generate.