From nobody Fri Jun 19 08:10:02 2026
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 10BCE3A16AC
	for <linux-kernel@vger.kernel.org>; Wed, 15 Apr 2026 08:19:41 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1776241182; cv=none;
 b=Ng8GUL9ZyyXzbzgz7nJi/XsQnSQUhntEIXhELwZAgwrHO6vnO79IBquh+n75YuDJbTlS07kAPGgL9YDxRHMILR4FYngdv+Ej4vZCxLGeh8r5GobAU/fEK1TkOe8IcTr6i3FiFQ7dRGba6BKjgJUQImSwU6cWv/l8PeoqmLL6EoE=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1776241182; c=relaxed/simple;
	bh=u9v6f66HQnuxTyR4L5IDspF6vbdIptC0RPWqc+nDfRI=;
	h=Message-ID:Date:From:To:Cc:Subject:References:MIME-Version:
	 Content-Type;
 b=kL34uH0ML2ENoXxdJ9IAYX9an/S2UKgCgJ7pn4TAEcpARRxfelnIyskHXET8DyCwfzpgl7Oyf/XC1AbaRC2ygL5GSljB0SZ7aYLGn5NXk5bcuehoD/rKTqF7zWsJfIO9lshY2hwIJN2JPS912qLQs5cd5j3q7yCb1OFBO9Aj6TY=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=hj+RAAbu; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="hj+RAAbu"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id BC6DAC19424;
	Wed, 15 Apr 2026 08:19:41 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1776241181;
	bh=u9v6f66HQnuxTyR4L5IDspF6vbdIptC0RPWqc+nDfRI=;
	h=Date:From:To:Cc:Subject:References:From;
	b=hj+RAAbuKlUJhrZUYfNJpNw3ShWjGixkWVNTlXFK5swO+olMZk3X82laEAhGPgmhm
	 Ny/CX1QTcOoCpWkYnPMY22Zjueb6UbyaLSbaEFCyr5vCNNFnaV0My6kqVDFxiTWd6X
	 bAZb6raF7nh5YnY5o2QNleyZI+UdfIqW2gXsfQY2glu6oUJTqhIvGB57RZAbWukxa6
	 5//9xX7fuW632lKnFWMz09SNnJOAOyFI/okkle5HaJ+SBIrHGus7TTqqP4dZ2klQM+
	 gvsas5VdKR+6LOtCW7B69cjfQ8vNUtILxceGLBtQi+pwVYegGhhpnZExxC6uYr/nvB
	 G/7WAJghe5tHg==
Received: from rostedt by gandalf with local (Exim 4.99.1)
	(envelope-from <rostedt@kernel.org>)
	id 1wCvUn-00000005OkN-3sCl;
	Wed, 15 Apr 2026 04:21:13 -0400
Message-ID: <20260415082113.785275672@kernel.org>
User-Agent: quilt/0.69
Date: Wed, 15 Apr 2026 04:20:51 -0400
From: Steven Rostedt <rostedt@kernel.org>
To: linux-kernel@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>,
 Mark Rutland <mark.rutland@arm.com>,
 Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
 Andrew Morton <akpm@linux-foundation.org>,
 Cao Ruichuang <create0818@163.com>
Subject: [for-next][PATCH 1/2] ring-buffer: Report header_page overwrite as
 char
References: <20260415082050.628885498@kernel.org>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Cao Ruichuang <create0818@163.com>

The header_page tracefs metadata currently reports overwrite as an
int field with size 1. That makes parsers warn about a type and
size mismatch even though the field is only used as a one-byte flag
within commit.

Keep the shared offset with commit as-is, but report overwrite as
char so the declared type matches the hardcoded size. The signedness
is already carried separately by the emitted signed field.

Link: https://patch.msgid.link/20260406165333.46052-1-create0818@163.com
Link: https://bugzilla.kernel.org/show_bug.cgi?id=3D216999
Signed-off-by: Cao Ruichuang <create0818@163.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
---
 kernel/trace/ring_buffer.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
index 2caa5d3d0ae9..839a6424d0ed 100644
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -597,11 +597,11 @@ int ring_buffer_print_page_header(struct trace_buffer=
 *buffer, struct trace_seq
 			 (unsigned int)sizeof(field.commit),
 			 (unsigned int)is_signed_type(long));
=20
-	trace_seq_printf(s, "\tfield: int overwrite;\t"
+	trace_seq_printf(s, "\tfield: char overwrite;\t"
 			 "offset:%u;\tsize:%u;\tsigned:%u;\n",
 			 (unsigned int)offsetof(typeof(field), commit),
 			 1,
-			 (unsigned int)is_signed_type(long));
+			 (unsigned int)is_signed_type(char));
=20
 	trace_seq_printf(s, "\tfield: char data;\t"
 			 "offset:%u;\tsize:%u;\tsigned:%u;\n",
--=20
2.51.0
From nobody Fri Jun 19 08:10:02 2026
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 10C563A5435
	for <linux-kernel@vger.kernel.org>; Wed, 15 Apr 2026 08:19:41 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1776241182; cv=none;
 b=Ha9J1qpXouSkOGvGJhFmzHo8E5VHSk9vKFv9nFsVAUdzPX5XZJtI2Aie/sE8z6+176hjiOWqKr6Yfzh2ckytz3ZzCxpOJa96Ypkxa+tqhiuLbf4wBAOB9ZF5IsfejFk1yMFpU24JGwfq38N/NuCfy834CgG0lrdz2I69wlqqxUQ=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1776241182; c=relaxed/simple;
	bh=hsgae2eu54M2DwEDft2CA3AOA7o6FiUPWeOHBBrlER0=;
	h=Message-ID:Date:From:To:Cc:Subject:References:MIME-Version:
	 Content-Type;
 b=MkrLhCUwRDJ9LReU+iWA02RPz0K9XDo5nLVVUOe+xsJWPXLOwf8k9CF0+JtlBhO9uDYwnF4UczzEihzH2mwZ34csLlELO7IXHb3VRyGG9dHq/dwTPEoZwLi7GimA5v1kS9q66KGwR2E0ubGQIuokz5vNBck7NXol1tHJLAsNnW8=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=GfqvYaIy; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="GfqvYaIy"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id D0703C2BCB5;
	Wed, 15 Apr 2026 08:19:41 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1776241181;
	bh=hsgae2eu54M2DwEDft2CA3AOA7o6FiUPWeOHBBrlER0=;
	h=Date:From:To:Cc:Subject:References:From;
	b=GfqvYaIymeayVsZg5ZITPvb6HcZff/jqh/X/yiG538txWBoVU+VZPK5pdu3i69GB9
	 p+de6MZjHaDUOoaO6mgUuYuNSZOLcdvXzV2gLZfN6+tqiyiMYtfrWGpOQpTzJHRdRX
	 OlbmIySUHUMKwRXhlemaTJt68Fi78qIg8i3i05yYZHtndtNfr1CPRvGiIVJxWNBi7F
	 gOP5fSBKISgsBn277oYSqcn3htQgn3X3jWM7xvd6qbYppIcQlmyH+oa5D4uvy4rnL3
	 t8aKUjGTzM6cGpnMYx8o2w525qyM08KFerVOPsatV8hu5cfE5puj957CsRRDUJvZ3X
	 H8G5ImoW+lX+w==
Received: from rostedt by gandalf with local (Exim 4.99.1)
	(envelope-from <rostedt@kernel.org>)
	id 1wCvUo-00000005Okt-0JZE;
	Wed, 15 Apr 2026 04:21:14 -0400
Message-ID: <20260415082113.945363426@kernel.org>
User-Agent: quilt/0.69
Date: Wed, 15 Apr 2026 04:20:52 -0400
From: Steven Rostedt <rostedt@kernel.org>
To: linux-kernel@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>,
 Mark Rutland <mark.rutland@arm.com>,
 Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
 Andrew Morton <akpm@linux-foundation.org>,
 Dan Carpenter <error27@gmail.com>,
 Vincent Donnefort <vdonnefort@google.com>
Subject: [for-next][PATCH 2/2] ring-buffer: Prevent off-by-one array access in
 ring_buffer_desc_page()
References: <20260415082050.628885498@kernel.org>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Vincent Donnefort <vdonnefort@google.com>

As pointed out by Smatch, the ring-buffer descriptor array page_va is
counted by nr_page_va, but the accessor ring_buffer_desc_page() allows
access off by one.

Currently, this does not cause problems, as the page ID always comes
from a trusted source. Nonetheless, ensure robustness and fix the
accessor. While at it, make the page_id unsigned.

Link: https://patch.msgid.link/20260410124527.3563970-1-vdonnefort@google.c=
om
Reported-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
---
 kernel/trace/ring_buffer.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
index 839a6424d0ed..cef49f8871d2 100644
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -2238,9 +2238,9 @@ static struct ring_buffer_desc *ring_buffer_desc(stru=
ct trace_buffer_desc *trace
 	return NULL;
 }
=20
-static void *ring_buffer_desc_page(struct ring_buffer_desc *desc, int page=
_id)
+static void *ring_buffer_desc_page(struct ring_buffer_desc *desc, unsigned=
 int page_id)
 {
-	return page_id > desc->nr_page_va ? NULL : (void *)desc->page_va[page_id];
+	return page_id >=3D desc->nr_page_va ? NULL : (void *)desc->page_va[page_=
id];
 }
=20
 static int __rb_allocate_pages(struct ring_buffer_per_cpu *cpu_buffer,
--=20
2.51.0