summaryrefslogtreecommitdiff
path: root/arch
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2012-09-21 11:48:05 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2012-09-21 11:48:05 -0700
commite05e279e6fc940a2adb9d4d4bf2b814dfc286176 (patch)
tree2dfeef2f02576933e752d1fb40e21d810e224a58 /arch
parent36048853c5257a7b6df346b83758ffa776a59e9f (diff)
downloadlinux-3.10-e05e279e6fc940a2adb9d4d4bf2b814dfc286176.tar.gz
linux-3.10-e05e279e6fc940a2adb9d4d4bf2b814dfc286176.tar.bz2
linux-3.10-e05e279e6fc940a2adb9d4d4bf2b814dfc286176.zip
debugfs: fix u32_array race in format_array_alloc
The format_array_alloc() function is fundamentally racy, in that it prints the array twice: once to figure out how much space to allocate for the buffer, and the second time to actually print out the data. If any of the array contents changes in between, the allocation size may be wrong, and the end result may be truncated in odd ways. Just don't do it. Allocate a maximum-sized array up-front, and just format the array contents once. The only user of the u32_array interfaces is the Xen spinlock statistics code, and it has 31 entries in the arrays, so the maximum size really isn't that big, and the end result is much simpler code without the bug. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'arch')
0 files changed, 0 insertions, 0 deletions