All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH 1/2] tracing: Fix possible NULL pointer dereferences
@ 2013-04-11  6:55 Namhyung Kim
  2013-04-11  6:55 ` [PATCH 2/2] tracing: Reset ftrace_graph_filter_enabled if count is zero Namhyung Kim
  0 siblings, 1 reply; 5+ messages in thread
From: Namhyung Kim @ 2013-04-11  6:55 UTC (permalink / raw)
  To: Steven Rostedt; +Cc: Frederic Weisbecker, Ingo Molnar, LKML, Namhyung Kim

From: Namhyung Kim <namhyung.kim@lge.com>

Currently set_ftrace_pid and set_graph_function files use seq_lseek
for their fops.  However seq_open() is called only for FMODE_READ in
the fops->open() so that if an user tries to seek one of those file
when she open it for writing, it sees NULL seq_file and then panic.

It can be easily reproduced with following command:

  $ cd /sys/kernel/debug/tracing
  $ echo 1234 | sudo tee -a set_ftrace_pid

In this example, GNU coreutils' tee opens the file with fopen(, "a")
and then the fopen() internally calls lseek().

Signed-off-by: Namhyung Kim <namhyung@kernel.org>
---
 include/linux/ftrace.h     |  2 +-
 kernel/trace/ftrace.c      | 10 +++++-----
 kernel/trace/trace_stack.c |  2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/include/linux/ftrace.h b/include/linux/ftrace.h
index 832422d706f4..c7687d8c0b30 100644
--- a/include/linux/ftrace.h
+++ b/include/linux/ftrace.h
@@ -396,7 +396,7 @@ ssize_t ftrace_filter_write(struct file *file, const char __user *ubuf,
 			    size_t cnt, loff_t *ppos);
 ssize_t ftrace_notrace_write(struct file *file, const char __user *ubuf,
 			     size_t cnt, loff_t *ppos);
-loff_t ftrace_regex_lseek(struct file *file, loff_t offset, int whence);
+loff_t ftrace_filter_lseek(struct file *file, loff_t offset, int whence);
 int ftrace_regex_release(struct inode *inode, struct file *file);
 
 void __init
diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
index 03953fbd1b2a..be2bcb7ab2f7 100644
--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
@@ -2688,7 +2688,7 @@ ftrace_notrace_open(struct inode *inode, struct file *file)
 }
 
 loff_t
-ftrace_regex_lseek(struct file *file, loff_t offset, int whence)
+ftrace_filter_lseek(struct file *file, loff_t offset, int whence)
 {
 	loff_t ret;
 
@@ -3613,7 +3613,7 @@ static const struct file_operations ftrace_filter_fops = {
 	.open = ftrace_filter_open,
 	.read = seq_read,
 	.write = ftrace_filter_write,
-	.llseek = ftrace_regex_lseek,
+	.llseek = ftrace_filter_lseek,
 	.release = ftrace_regex_release,
 };
 
@@ -3621,7 +3621,7 @@ static const struct file_operations ftrace_notrace_fops = {
 	.open = ftrace_notrace_open,
 	.read = seq_read,
 	.write = ftrace_notrace_write,
-	.llseek = ftrace_regex_lseek,
+	.llseek = ftrace_filter_lseek,
 	.release = ftrace_regex_release,
 };
 
@@ -3826,8 +3826,8 @@ static const struct file_operations ftrace_graph_fops = {
 	.open		= ftrace_graph_open,
 	.read		= seq_read,
 	.write		= ftrace_graph_write,
+	.llseek		= ftrace_filter_lseek,
 	.release	= ftrace_graph_release,
-	.llseek		= seq_lseek,
 };
 #endif /* CONFIG_FUNCTION_GRAPH_TRACER */
 
@@ -4481,7 +4481,7 @@ static const struct file_operations ftrace_pid_fops = {
 	.open		= ftrace_pid_open,
 	.write		= ftrace_pid_write,
 	.read		= seq_read,
-	.llseek		= seq_lseek,
+	.llseek		= ftrace_filter_lseek,
 	.release	= ftrace_pid_release,
 };
 
diff --git a/kernel/trace/trace_stack.c b/kernel/trace/trace_stack.c
index 8c3f37e2dc43..b20428c5efe2 100644
--- a/kernel/trace/trace_stack.c
+++ b/kernel/trace/trace_stack.c
@@ -382,7 +382,7 @@ static const struct file_operations stack_trace_filter_fops = {
 	.open = stack_trace_filter_open,
 	.read = seq_read,
 	.write = ftrace_filter_write,
-	.llseek = ftrace_regex_lseek,
+	.llseek = ftrace_filter_lseek,
 	.release = ftrace_regex_release,
 };
 
-- 
1.7.11.7


^ permalink raw reply related	[flat|nested] 5+ messages in thread
* [PATCH 0/2] [GIT PULL][v3.9-rc7] tracing: Another fix by Namhyung
@ 2013-04-13  1:01 Steven Rostedt
  2013-04-13  1:01 ` [PATCH 1/2] tracing: Fix possible NULL pointer dereferences Steven Rostedt
  0 siblings, 1 reply; 5+ messages in thread
From: Steven Rostedt @ 2013-04-13  1:01 UTC (permalink / raw)
  To: linux-kernel; +Cc: Linus Torvalds, Ingo Molnar, Andrew Morton

[-- Attachment #1: Type: text/plain, Size: 1139 bytes --]


Linus,

Namhyung found and fixed another nasty bug, where you can crash the
kernel with: echo 1234 | tee -a /sys/kernel/debug/tracing/set_ftrace_pid

Luckily, only root has permissions to write to that file.

I also added a fix on top of Namhyung's as his patch added a reference
outside of the DYNAMIC_FTRACE to a function that is only defined
in DYNAMIC_FTRACE. This fixes compiling with FUNCTION_TRACING and
without DYNAMIC_FTRACE (although I don't know who does that anymore).

-- Steve

Please pull the latest trace-fixes-v3.9-rc-v3 tree, which can be found at:

  git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace.git
trace-fixes-v3.9-rc-v3

Head SHA1: 0e1bb617b40659414778baf3203c2ea0dcda1ca7


Namhyung Kim (1):
      tracing: Fix possible NULL pointer dereferences

Steven Rostedt (Red Hat) (1):
      ftrace: Move ftrace_filter_lseek out of CONFIG_DYNAMIC_FTRACE section

----
 include/linux/ftrace.h     |    3 ++-
 kernel/trace/ftrace.c      |   36 ++++++++++++++++++------------------
 kernel/trace/trace_stack.c |    2 +-
 3 files changed, 21 insertions(+), 20 deletions(-)

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 490 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2013-04-13  1:05 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-04-11  6:55 [PATCH 1/2] tracing: Fix possible NULL pointer dereferences Namhyung Kim
2013-04-11  6:55 ` [PATCH 2/2] tracing: Reset ftrace_graph_filter_enabled if count is zero Namhyung Kim
2013-04-11  7:01   ` [PATCH v2 " Namhyung Kim
2013-04-12 18:13     ` Steven Rostedt
2013-04-13  1:01 [PATCH 0/2] [GIT PULL][v3.9-rc7] tracing: Another fix by Namhyung Steven Rostedt
2013-04-13  1:01 ` [PATCH 1/2] tracing: Fix possible NULL pointer dereferences Steven Rostedt

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.