From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Date: Fri, 7 May 2021 19:03:04 +0000 (-0400)
Subject: Fix: increment buffer offset when failing to copy from user-space
X-Git-Url: https://git.lttng.org/?p=lttng-modules.git;a=commitdiff_plain;h=26d46aebe30e144269e0db41bd4e2b5d96093414

Fix: increment buffer offset when failing to copy from user-space

Upon failure to copy from user-space due to failing access ok check, the
ring buffer offset is not incremented, which could generate unreadable
traces because we don't account for the padding we write into the ring
buffer.

Note that this typically won't affect a common use-case of copying
strings from user-space, because unless mprotect is invoked within a
narrow race window (between user strlen and user strcpy), the strlen
will fail on access ok when calculating the space to reserve, which will
match what happens on strcpy.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Change-Id: Ic4d9487dd8870a526bae3023bb80f5e6301cec50
---

diff --git a/include/ringbuffer/backend.h b/include/ringbuffer/backend.h
index 327b199b..1ede713c 100644
--- a/include/ringbuffer/backend.h
+++ b/include/ringbuffer/backend.h
@@ -313,6 +313,7 @@ fill_buffer:
 	 * the pollution of static inline code.
 	 */
 	_lib_ring_buffer_memset(bufb, offset, 0, len, 0);
+	ctx->priv.buf_offset += len;
 }
 
 /**
@@ -395,6 +396,7 @@ fill_buffer:
 	_lib_ring_buffer_memset(bufb, offset, pad, len - 1, 0);
 	offset += len - 1;
 	_lib_ring_buffer_memset(bufb, offset, '\0', 1, 0);
+	ctx->priv.buf_offset += len;
 }
 
 /*