forked from Minki/linux
Tracing fixes for 6.1:
- Found that the synthetic events were using strlen/strscpy() on values that could have come from userspace, and that is bad. Consolidate the string logic of kprobe and eprobe and extend it to the synthetic events to safely process string addresses. - Clean up content of text dump in ftrace_bug() where the output does not make char reads into signed and sign extending the byte output. - Fix some kernel docs in the ring buffer code. -----BEGIN PGP SIGNATURE----- iIoEABYIADIWIQRRSw7ePDh/lE+zeZMp5XQQmuv6qgUCY0c6GBQccm9zdGVkdEBn b29kbWlzLm9yZwAKCRAp5XQQmuv6qpDNAQCuw9YTeNMU4zxFqBg4/JCbfpnWQGj4 Qdl2u3WtEvTzrgEA85Q01swCYRKdrGPCrFemZ3lm6PGzpGruh+BfD4qRMwk= =F5kK -----END PGP SIGNATURE----- Merge tag 'trace-v6.1-1' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace Pull tracing fixes from Steven Rostedt: - Found that the synthetic events were using strlen/strscpy() on values that could have come from userspace, and that is bad. Consolidate the string logic of kprobe and eprobe and extend it to the synthetic events to safely process string addresses. - Clean up content of text dump in ftrace_bug() where the output does not make char reads into signed and sign extending the byte output. - Fix some kernel docs in the ring buffer code. * tag 'trace-v6.1-1' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace: tracing: Fix reading strings from synthetic events tracing: Add "(fault)" name injection to kernel probes tracing: Move duplicate code of trace_kprobe/eprobe.c into header ring-buffer: Fix kernel-doc ftrace: Fix char print issue in print_ip_ins()
This commit is contained in:
commit
aa41478a57
@ -2028,7 +2028,6 @@ static int ftrace_hash_ipmodify_update(struct ftrace_ops *ops,
|
||||
static void print_ip_ins(const char *fmt, const unsigned char *p)
|
||||
{
|
||||
char ins[MCOUNT_INSN_SIZE];
|
||||
int i;
|
||||
|
||||
if (copy_from_kernel_nofault(ins, p, MCOUNT_INSN_SIZE)) {
|
||||
printk(KERN_CONT "%s[FAULT] %px\n", fmt, p);
|
||||
@ -2036,9 +2035,7 @@ static void print_ip_ins(const char *fmt, const unsigned char *p)
|
||||
}
|
||||
|
||||
printk(KERN_CONT "%s", fmt);
|
||||
|
||||
for (i = 0; i < MCOUNT_INSN_SIZE; i++)
|
||||
printk(KERN_CONT "%s%02x", i ? ":" : "", ins[i]);
|
||||
pr_cont("%*phC", MCOUNT_INSN_SIZE, ins);
|
||||
}
|
||||
|
||||
enum ftrace_bug_type ftrace_bug_type;
|
||||
|
@ -885,7 +885,7 @@ size_t ring_buffer_nr_pages(struct trace_buffer *buffer, int cpu)
|
||||
}
|
||||
|
||||
/**
|
||||
* ring_buffer_nr_pages_dirty - get the number of used pages in the ring buffer
|
||||
* ring_buffer_nr_dirty_pages - get the number of used pages in the ring buffer
|
||||
* @buffer: The ring_buffer to get the number of pages from
|
||||
* @cpu: The cpu of the ring_buffer to get the number of pages from
|
||||
*
|
||||
@ -5305,7 +5305,7 @@ void ring_buffer_reset_cpu(struct trace_buffer *buffer, int cpu)
|
||||
EXPORT_SYMBOL_GPL(ring_buffer_reset_cpu);
|
||||
|
||||
/**
|
||||
* ring_buffer_reset_cpu - reset a ring buffer per CPU buffer
|
||||
* ring_buffer_reset_online_cpus - reset a ring buffer per CPU buffer
|
||||
* @buffer: The ring buffer to reset a per cpu buffer of
|
||||
* @cpu: The CPU buffer to be reset
|
||||
*/
|
||||
@ -5375,7 +5375,7 @@ void ring_buffer_reset(struct trace_buffer *buffer)
|
||||
EXPORT_SYMBOL_GPL(ring_buffer_reset);
|
||||
|
||||
/**
|
||||
* rind_buffer_empty - is the ring buffer empty?
|
||||
* ring_buffer_empty - is the ring buffer empty?
|
||||
* @buffer: The ring buffer to test
|
||||
*/
|
||||
bool ring_buffer_empty(struct trace_buffer *buffer)
|
||||
|
@ -16,6 +16,7 @@
|
||||
#include "trace_dynevent.h"
|
||||
#include "trace_probe.h"
|
||||
#include "trace_probe_tmpl.h"
|
||||
#include "trace_probe_kernel.h"
|
||||
|
||||
#define EPROBE_EVENT_SYSTEM "eprobes"
|
||||
|
||||
@ -456,29 +457,14 @@ NOKPROBE_SYMBOL(process_fetch_insn)
|
||||
static nokprobe_inline int
|
||||
fetch_store_strlen_user(unsigned long addr)
|
||||
{
|
||||
const void __user *uaddr = (__force const void __user *)addr;
|
||||
|
||||
return strnlen_user_nofault(uaddr, MAX_STRING_SIZE);
|
||||
return kern_fetch_store_strlen_user(addr);
|
||||
}
|
||||
|
||||
/* Return the length of string -- including null terminal byte */
|
||||
static nokprobe_inline int
|
||||
fetch_store_strlen(unsigned long addr)
|
||||
{
|
||||
int ret, len = 0;
|
||||
u8 c;
|
||||
|
||||
#ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
|
||||
if (addr < TASK_SIZE)
|
||||
return fetch_store_strlen_user(addr);
|
||||
#endif
|
||||
|
||||
do {
|
||||
ret = copy_from_kernel_nofault(&c, (u8 *)addr + len, 1);
|
||||
len++;
|
||||
} while (c && ret == 0 && len < MAX_STRING_SIZE);
|
||||
|
||||
return (ret < 0) ? ret : len;
|
||||
return kern_fetch_store_strlen(addr);
|
||||
}
|
||||
|
||||
/*
|
||||
@ -488,21 +474,7 @@ fetch_store_strlen(unsigned long addr)
|
||||
static nokprobe_inline int
|
||||
fetch_store_string_user(unsigned long addr, void *dest, void *base)
|
||||
{
|
||||
const void __user *uaddr = (__force const void __user *)addr;
|
||||
int maxlen = get_loc_len(*(u32 *)dest);
|
||||
void *__dest;
|
||||
long ret;
|
||||
|
||||
if (unlikely(!maxlen))
|
||||
return -ENOMEM;
|
||||
|
||||
__dest = get_loc_data(dest, base);
|
||||
|
||||
ret = strncpy_from_user_nofault(__dest, uaddr, maxlen);
|
||||
if (ret >= 0)
|
||||
*(u32 *)dest = make_data_loc(ret, __dest - base);
|
||||
|
||||
return ret;
|
||||
return kern_fetch_store_string_user(addr, dest, base);
|
||||
}
|
||||
|
||||
/*
|
||||
@ -512,29 +484,7 @@ fetch_store_string_user(unsigned long addr, void *dest, void *base)
|
||||
static nokprobe_inline int
|
||||
fetch_store_string(unsigned long addr, void *dest, void *base)
|
||||
{
|
||||
int maxlen = get_loc_len(*(u32 *)dest);
|
||||
void *__dest;
|
||||
long ret;
|
||||
|
||||
#ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
|
||||
if ((unsigned long)addr < TASK_SIZE)
|
||||
return fetch_store_string_user(addr, dest, base);
|
||||
#endif
|
||||
|
||||
if (unlikely(!maxlen))
|
||||
return -ENOMEM;
|
||||
|
||||
__dest = get_loc_data(dest, base);
|
||||
|
||||
/*
|
||||
* Try to get string again, since the string can be changed while
|
||||
* probing.
|
||||
*/
|
||||
ret = strncpy_from_kernel_nofault(__dest, (void *)addr, maxlen);
|
||||
if (ret >= 0)
|
||||
*(u32 *)dest = make_data_loc(ret, __dest - base);
|
||||
|
||||
return ret;
|
||||
return kern_fetch_store_string(addr, dest, base);
|
||||
}
|
||||
|
||||
static nokprobe_inline int
|
||||
|
@ -17,6 +17,8 @@
|
||||
/* for gfp flag names */
|
||||
#include <linux/trace_events.h>
|
||||
#include <trace/events/mmflags.h>
|
||||
#include "trace_probe.h"
|
||||
#include "trace_probe_kernel.h"
|
||||
|
||||
#include "trace_synth.h"
|
||||
|
||||
@ -409,6 +411,7 @@ static unsigned int trace_string(struct synth_trace_event *entry,
|
||||
{
|
||||
unsigned int len = 0;
|
||||
char *str_field;
|
||||
int ret;
|
||||
|
||||
if (is_dynamic) {
|
||||
u32 data_offset;
|
||||
@ -417,19 +420,27 @@ static unsigned int trace_string(struct synth_trace_event *entry,
|
||||
data_offset += event->n_u64 * sizeof(u64);
|
||||
data_offset += data_size;
|
||||
|
||||
str_field = (char *)entry + data_offset;
|
||||
|
||||
len = strlen(str_val) + 1;
|
||||
strscpy(str_field, str_val, len);
|
||||
len = kern_fetch_store_strlen((unsigned long)str_val);
|
||||
|
||||
data_offset |= len << 16;
|
||||
*(u32 *)&entry->fields[*n_u64] = data_offset;
|
||||
|
||||
ret = kern_fetch_store_string((unsigned long)str_val, &entry->fields[*n_u64], entry);
|
||||
|
||||
(*n_u64)++;
|
||||
} else {
|
||||
str_field = (char *)&entry->fields[*n_u64];
|
||||
|
||||
strscpy(str_field, str_val, STR_VAR_LEN_MAX);
|
||||
#ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
|
||||
if ((unsigned long)str_val < TASK_SIZE)
|
||||
ret = strncpy_from_user_nofault(str_field, str_val, STR_VAR_LEN_MAX);
|
||||
else
|
||||
#endif
|
||||
ret = strncpy_from_kernel_nofault(str_field, str_val, STR_VAR_LEN_MAX);
|
||||
|
||||
if (ret < 0)
|
||||
strcpy(str_field, FAULT_STRING);
|
||||
|
||||
(*n_u64) += STR_VAR_LEN_MAX / sizeof(u64);
|
||||
}
|
||||
|
||||
@ -462,7 +473,7 @@ static notrace void trace_event_raw_event_synth(void *__data,
|
||||
val_idx = var_ref_idx[field_pos];
|
||||
str_val = (char *)(long)var_ref_vals[val_idx];
|
||||
|
||||
len = strlen(str_val) + 1;
|
||||
len = kern_fetch_store_strlen((unsigned long)str_val);
|
||||
|
||||
fields_size += len;
|
||||
}
|
||||
|
@ -20,6 +20,7 @@
|
||||
#include "trace_kprobe_selftest.h"
|
||||
#include "trace_probe.h"
|
||||
#include "trace_probe_tmpl.h"
|
||||
#include "trace_probe_kernel.h"
|
||||
|
||||
#define KPROBE_EVENT_SYSTEM "kprobes"
|
||||
#define KRETPROBE_MAXACTIVE_MAX 4096
|
||||
@ -1223,29 +1224,14 @@ static const struct file_operations kprobe_profile_ops = {
|
||||
static nokprobe_inline int
|
||||
fetch_store_strlen_user(unsigned long addr)
|
||||
{
|
||||
const void __user *uaddr = (__force const void __user *)addr;
|
||||
|
||||
return strnlen_user_nofault(uaddr, MAX_STRING_SIZE);
|
||||
return kern_fetch_store_strlen_user(addr);
|
||||
}
|
||||
|
||||
/* Return the length of string -- including null terminal byte */
|
||||
static nokprobe_inline int
|
||||
fetch_store_strlen(unsigned long addr)
|
||||
{
|
||||
int ret, len = 0;
|
||||
u8 c;
|
||||
|
||||
#ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
|
||||
if (addr < TASK_SIZE)
|
||||
return fetch_store_strlen_user(addr);
|
||||
#endif
|
||||
|
||||
do {
|
||||
ret = copy_from_kernel_nofault(&c, (u8 *)addr + len, 1);
|
||||
len++;
|
||||
} while (c && ret == 0 && len < MAX_STRING_SIZE);
|
||||
|
||||
return (ret < 0) ? ret : len;
|
||||
return kern_fetch_store_strlen(addr);
|
||||
}
|
||||
|
||||
/*
|
||||
@ -1255,21 +1241,7 @@ fetch_store_strlen(unsigned long addr)
|
||||
static nokprobe_inline int
|
||||
fetch_store_string_user(unsigned long addr, void *dest, void *base)
|
||||
{
|
||||
const void __user *uaddr = (__force const void __user *)addr;
|
||||
int maxlen = get_loc_len(*(u32 *)dest);
|
||||
void *__dest;
|
||||
long ret;
|
||||
|
||||
if (unlikely(!maxlen))
|
||||
return -ENOMEM;
|
||||
|
||||
__dest = get_loc_data(dest, base);
|
||||
|
||||
ret = strncpy_from_user_nofault(__dest, uaddr, maxlen);
|
||||
if (ret >= 0)
|
||||
*(u32 *)dest = make_data_loc(ret, __dest - base);
|
||||
|
||||
return ret;
|
||||
return kern_fetch_store_string_user(addr, dest, base);
|
||||
}
|
||||
|
||||
/*
|
||||
@ -1279,29 +1251,7 @@ fetch_store_string_user(unsigned long addr, void *dest, void *base)
|
||||
static nokprobe_inline int
|
||||
fetch_store_string(unsigned long addr, void *dest, void *base)
|
||||
{
|
||||
int maxlen = get_loc_len(*(u32 *)dest);
|
||||
void *__dest;
|
||||
long ret;
|
||||
|
||||
#ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
|
||||
if ((unsigned long)addr < TASK_SIZE)
|
||||
return fetch_store_string_user(addr, dest, base);
|
||||
#endif
|
||||
|
||||
if (unlikely(!maxlen))
|
||||
return -ENOMEM;
|
||||
|
||||
__dest = get_loc_data(dest, base);
|
||||
|
||||
/*
|
||||
* Try to get string again, since the string can be changed while
|
||||
* probing.
|
||||
*/
|
||||
ret = strncpy_from_kernel_nofault(__dest, (void *)addr, maxlen);
|
||||
if (ret >= 0)
|
||||
*(u32 *)dest = make_data_loc(ret, __dest - base);
|
||||
|
||||
return ret;
|
||||
return kern_fetch_store_string(addr, dest, base);
|
||||
}
|
||||
|
||||
static nokprobe_inline int
|
||||
|
115
kernel/trace/trace_probe_kernel.h
Normal file
115
kernel/trace/trace_probe_kernel.h
Normal file
@ -0,0 +1,115 @@
|
||||
/* SPDX-License-Identifier: GPL-2.0 */
|
||||
#ifndef __TRACE_PROBE_KERNEL_H_
|
||||
#define __TRACE_PROBE_KERNEL_H_
|
||||
|
||||
#define FAULT_STRING "(fault)"
|
||||
|
||||
/*
|
||||
* This depends on trace_probe.h, but can not include it due to
|
||||
* the way trace_probe_tmpl.h is used by trace_kprobe.c and trace_eprobe.c.
|
||||
* Which means that any other user must include trace_probe.h before including
|
||||
* this file.
|
||||
*/
|
||||
/* Return the length of string -- including null terminal byte */
|
||||
static nokprobe_inline int
|
||||
kern_fetch_store_strlen_user(unsigned long addr)
|
||||
{
|
||||
const void __user *uaddr = (__force const void __user *)addr;
|
||||
int ret;
|
||||
|
||||
ret = strnlen_user_nofault(uaddr, MAX_STRING_SIZE);
|
||||
/*
|
||||
* strnlen_user_nofault returns zero on fault, insert the
|
||||
* FAULT_STRING when that occurs.
|
||||
*/
|
||||
if (ret <= 0)
|
||||
return strlen(FAULT_STRING) + 1;
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Return the length of string -- including null terminal byte */
|
||||
static nokprobe_inline int
|
||||
kern_fetch_store_strlen(unsigned long addr)
|
||||
{
|
||||
int ret, len = 0;
|
||||
u8 c;
|
||||
|
||||
#ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
|
||||
if (addr < TASK_SIZE)
|
||||
return kern_fetch_store_strlen_user(addr);
|
||||
#endif
|
||||
|
||||
do {
|
||||
ret = copy_from_kernel_nofault(&c, (u8 *)addr + len, 1);
|
||||
len++;
|
||||
} while (c && ret == 0 && len < MAX_STRING_SIZE);
|
||||
|
||||
/* For faults, return enough to hold the FAULT_STRING */
|
||||
return (ret < 0) ? strlen(FAULT_STRING) + 1 : len;
|
||||
}
|
||||
|
||||
static nokprobe_inline void set_data_loc(int ret, void *dest, void *__dest, void *base, int len)
|
||||
{
|
||||
if (ret >= 0) {
|
||||
*(u32 *)dest = make_data_loc(ret, __dest - base);
|
||||
} else {
|
||||
strscpy(__dest, FAULT_STRING, len);
|
||||
ret = strlen(__dest) + 1;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Fetch a null-terminated string from user. Caller MUST set *(u32 *)buf
|
||||
* with max length and relative data location.
|
||||
*/
|
||||
static nokprobe_inline int
|
||||
kern_fetch_store_string_user(unsigned long addr, void *dest, void *base)
|
||||
{
|
||||
const void __user *uaddr = (__force const void __user *)addr;
|
||||
int maxlen = get_loc_len(*(u32 *)dest);
|
||||
void *__dest;
|
||||
long ret;
|
||||
|
||||
if (unlikely(!maxlen))
|
||||
return -ENOMEM;
|
||||
|
||||
__dest = get_loc_data(dest, base);
|
||||
|
||||
ret = strncpy_from_user_nofault(__dest, uaddr, maxlen);
|
||||
set_data_loc(ret, dest, __dest, base, maxlen);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
* Fetch a null-terminated string. Caller MUST set *(u32 *)buf with max
|
||||
* length and relative data location.
|
||||
*/
|
||||
static nokprobe_inline int
|
||||
kern_fetch_store_string(unsigned long addr, void *dest, void *base)
|
||||
{
|
||||
int maxlen = get_loc_len(*(u32 *)dest);
|
||||
void *__dest;
|
||||
long ret;
|
||||
|
||||
#ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
|
||||
if ((unsigned long)addr < TASK_SIZE)
|
||||
return kern_fetch_store_string_user(addr, dest, base);
|
||||
#endif
|
||||
|
||||
if (unlikely(!maxlen))
|
||||
return -ENOMEM;
|
||||
|
||||
__dest = get_loc_data(dest, base);
|
||||
|
||||
/*
|
||||
* Try to get string again, since the string can be changed while
|
||||
* probing.
|
||||
*/
|
||||
ret = strncpy_from_kernel_nofault(__dest, (void *)addr, maxlen);
|
||||
set_data_loc(ret, dest, __dest, base, maxlen);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
#endif /* __TRACE_PROBE_KERNEL_H_ */
|
Loading…
Reference in New Issue
Block a user