Merge tag '9p-for-6.7-rc7' of https://github.com/martinetd/linux

Pull 9p fixes from Dominique Martinet: "Two small fixes scheduled for stable trees: A tracepoint fix that's been reading past the end of messages forever, but semi-recently also went over the end of the buffer. And a potential incorrectly freeing garbage in pdu parsing error path" * tag '9p-for-6.7-rc7' of https://github.com/martinetd/linux: net: 9p: avoid freeing uninit memory in p9pdu_vreadf 9p: prevent read overrun in protocol dump tracepoint
2026-05-07 20:58:14 -04:00 · 2023-12-22 07:50:34 -08:00
parent 24e0d2e527 ff49bf1867
commit 93a165cb9a
2 changed files with 20 additions and 8 deletions
--- a/include/trace/events/9p.h
+++ b/include/trace/events/9p.h
@@ -178,18 +178,21 @@ TRACE_EVENT(9p_protocol_dump,
 		    __field(	void *,		clnt				)
 		    __field(	__u8,		type				)
 		    __field(	__u16,		tag				)
-		    __array(	unsigned char,	line,	P9_PROTO_DUMP_SZ	)
+		    __dynamic_array(unsigned char, line,
+				min_t(size_t, pdu->capacity, P9_PROTO_DUMP_SZ))
 		    ),

 	    TP_fast_assign(
 		    __entry->clnt   =  clnt;
 		    __entry->type   =  pdu->id;
 		    __entry->tag    =  pdu->tag;
-		    memcpy(__entry->line, pdu->sdata, P9_PROTO_DUMP_SZ);
+		    memcpy(__get_dynamic_array(line), pdu->sdata,
+				__get_dynamic_array_len(line));
 		    ),
-	    TP_printk("clnt %lu %s(tag = %d)\n%.3x: %16ph\n%.3x: %16ph\n",
+	    TP_printk("clnt %lu %s(tag = %d)\n%*ph\n",
 		      (unsigned long)__entry->clnt, show_9p_op(__entry->type),
-		      __entry->tag, 0, __entry->line, 16, __entry->line + 16)
+		      __entry->tag, __get_dynamic_array_len(line),
+		      __get_dynamic_array(line))
 );