All of lore.kernel.org
 help / color / mirror / Atom feed
From: Steven Rostedt <rostedt@goodmis.org>
To: Vince Weaver <vincent.weaver@maine.edu>
Cc: linux-kernel@vger.kernel.org,
	Peter Zijlstra <a.p.zijlstra@chello.nl>,
	Ingo Molnar <mingo@redhat.com>,
	Arnaldo Carvalho de Melo <acme@kernel.org>
Subject: Re: perf,ftrace: fuzzer triggers warning in trace_events_filter code
Date: Mon, 15 Jun 2015 17:50:25 -0400	[thread overview]
Message-ID: <20150615175025.7e809215@gandalf.local.home> (raw)
In-Reply-To: <alpine.DEB.2.20.1506122113580.5662@vincent-weaver-1.umelst.maine.edu>

On Fri, 12 Jun 2015 21:15:10 -0400 (EDT)
Vince Weaver <vincent.weaver@maine.edu> wrote:

> On Fri, 12 Jun 2015, Steven Rostedt wrote:
> 
> > On Fri, 12 Jun 2015 17:18:22 -0400 (EDT)
> > Vince Weaver <vincent.weaver@maine.edu> wrote:
> > 
> > > 
> > > So I've modified my fuzzer to try to exercise the 
> > > PERF_EVENT_IOC_SET_FILTER ioctl() and it is starting to turn up some 
> > > warnings.
> > 
> > Is there any way to know what the filter string you used that generated
> > this?
> 
> Various seem to trigger it.  One example is
> 
> 	ext4:ext4_truncate_exit
> 	(((dev<=913)blocks==916)common_type&756)
> 

Does this patch fix your issue?

-- Steve

diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c
index 71511ebc70db..dae84db83d97 100644
--- a/kernel/trace/trace_events_filter.c
+++ b/kernel/trace/trace_events_filter.c
@@ -1369,19 +1369,26 @@ static int check_preds(struct filter_parse_state *ps)
 {
 	int n_normal_preds = 0, n_logical_preds = 0;
 	struct postfix_elt *elt;
+	int cnt = 0;
 
 	list_for_each_entry(elt, &ps->postfix, list) {
-		if (elt->op == OP_NONE)
+		if (elt->op == OP_NONE) {
+			cnt++;
 			continue;
+		}
 
 		if (elt->op == OP_AND || elt->op == OP_OR) {
 			n_logical_preds++;
+			cnt--;
 			continue;
 		}
+		if (elt->op != OP_NOT)
+			cnt--;
 		n_normal_preds++;
+		WARN_ON_ONCE(cnt < 0);
 	}
 
-	if (!n_normal_preds || n_logical_preds >= n_normal_preds) {
+	if (cnt != 1 || !n_normal_preds || n_logical_preds >= n_normal_preds) {
 		parse_error(ps, FILT_ERR_INVALID_FILTER, 0);
 		return -EINVAL;
 	}

  parent reply	other threads:[~2015-06-15 21:50 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-06-12 21:18 Vince Weaver
2015-06-12 21:40 ` Steven Rostedt
2015-06-13  1:15   ` Vince Weaver
2015-06-13  1:29     ` Steven Rostedt
2015-06-15 21:50     ` Steven Rostedt [this message]
2015-06-16 16:17       ` Steven Rostedt
2015-06-17  5:09         ` Vince Weaver

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150615175025.7e809215@gandalf.local.home \
    --to=rostedt@goodmis.org \
    --cc=a.p.zijlstra@chello.nl \
    --cc=acme@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=vincent.weaver@maine.edu \
    --subject='Re: perf,ftrace: fuzzer triggers warning in trace_events_filter code' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.