Re: [PATCH v2] locking/lockdep: Fix buffer overrun problem in stack_trace[]

From: Bart Van Assche
Date: Fri Dec 20 2019 - 10:23:36 EST


On 2019-12-20 05:51, Waiman Long wrote:
> If the lockdep code is really running out of the stack_trace entries,
> it is likely that buffer overrun can happen and the data immediately
> after stack_trace[] will be corrupted.
>
> If there is less than LOCK_TRACE_SIZE_IN_LONGS entries left before
> the call to save_trace(), the max_entries computation will leave it
> with a very large positive number because of its unsigned nature. The
> subsequent call to stack_trace_save() will then corrupt the data after
> stack_trace[]. Fix that by changing max_entries to a signed integer
> and check for negative value before calling stack_trace_save().

Reviewed-by: Bart Van Assche <bvanassche@xxxxxxx>