[PATCH v3] coresight: ETR: Fix ETR buffer use-after-free issue
Suzuki K Poulose
suzuki.poulose at arm.com
Fri Nov 7 05:28:46 PST 2025
Hi Mike
On 06/11/2025 14:14, Mike Leach wrote:
> Hi,
>
> Is this fixing the correct problem? If we prevent the buffer size from
> being changed while the sink is active - which is probably what we
> should do anyway as no real good can come from allowing this - then
> the problem disappears.
Good point. But this is completely fine for a running "sysfs" session,
as the values are not updated (unlike perf, where the session is
scheduled out and put back in ). So, I don't see why we can't change
the values while the sink is active ?
>
> Changing the buffer size while the sink is active should return -EBUSY;
>
> Mike
>
> On Wed, 5 Nov 2025 at 16:13, Suzuki K Poulose <suzuki.poulose at arm.com> wrote:
>>
>>
>> On Tue, 21 Oct 2025 16:45:25 +0800, Xiaoqi Zhuang wrote:
>>> When ETR is enabled as CS_MODE_SYSFS, if the buffer size is changed
>>> and enabled again, currently sysfs_buf will point to the newly
>>> allocated memory(buf_new) and free the old memory(buf_old). But the
>>> etr_buf that is being used by the ETR remains pointed to buf_old, not
>>> updated to buf_new. In this case, it will result in a memory
>>> use-after-free issue.
>>>
>>> [...]
>>
>> Applied, thanks!
>>
>> [1/1] coresight: ETR: Fix ETR buffer use-after-free issue
>> https://git.kernel.org/coresight/c/35501ac3c7d4
>>
>> Best regards,
>> --
>> Suzuki K Poulose <suzuki.poulose at arm.com>
>
>
>
More information about the linux-arm-kernel
mailing list