Re: [PATCH v3] coresight: ETR: Fix ETR buffer use-after-free issue

Next message: Michael Dege: "RE: [PATCH net-next 09/10] net: renesas: rswitch: add simple l3 routing"
Previous message: Marco Crivellari: "[PATCH] mshv_eventfd: add WQ_PERCPU to alloc_workqueue users"
In reply to: Mike Leach: "Re: [PATCH v3] coresight: ETR: Fix ETR buffer use-after-free issue"
Next in thread: Mike Leach: "Re: [PATCH v3] coresight: ETR: Fix ETR buffer use-after-free issue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Suzuki K Poulose

Date: Fri Nov 07 2025 - 08:28:50 EST

Hi Mike

On 06/11/2025 14:14, Mike Leach wrote:

Hi,

Is this fixing the correct problem? If we prevent the buffer size from
being changed while the sink is active - which is probably what we
should do anyway as no real good can come from allowing this - then
the problem disappears.

Good point. But this is completely fine for a running "sysfs" session,
as the values are not updated (unlike perf, where the session is
scheduled out and put back in ). So, I don't see why we can't change
the values while the sink is active ?

Changing the buffer size while the sink is active should return -EBUSY;

Mike

On Wed, 5 Nov 2025 at 16:13, Suzuki K Poulose <suzuki.poulose@xxxxxxx> wrote:

On Tue, 21 Oct 2025 16:45:25 +0800, Xiaoqi Zhuang wrote:

When ETR is enabled as CS_MODE_SYSFS, if the buffer size is changed
and enabled again, currently sysfs_buf will point to the newly
allocated memory(buf_new) and free the old memory(buf_old). But the
etr_buf that is being used by the ETR remains pointed to buf_old, not
updated to buf_new. In this case, it will result in a memory
use-after-free issue.

[...]

Applied, thanks!

[1/1] coresight: ETR: Fix ETR buffer use-after-free issue
https://git.kernel.org/coresight/c/35501ac3c7d4

Best regards,
--
Suzuki K Poulose <suzuki.poulose@xxxxxxx>