From: Steven Rostedt <rostedt@goodmis.org>
To: Vince Weaver <vincent.weaver@maine.edu>
Cc: linux-kernel@vger.kernel.org,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
Ingo Molnar <mingo@redhat.com>,
Arnaldo Carvalho de Melo <acme@kernel.org>
Subject: Re: perf,ftrace: fuzzer triggers warning in trace_events_filter code
Date: Mon, 15 Jun 2015 17:50:25 -0400 [thread overview]
Message-ID: <20150615175025.7e809215@gandalf.local.home> (raw)
In-Reply-To: <alpine.DEB.2.20.1506122113580.5662@vincent-weaver-1.umelst.maine.edu>
On Fri, 12 Jun 2015 21:15:10 -0400 (EDT)
Vince Weaver <vincent.weaver@maine.edu> wrote:
> On Fri, 12 Jun 2015, Steven Rostedt wrote:
>
> > On Fri, 12 Jun 2015 17:18:22 -0400 (EDT)
> > Vince Weaver <vincent.weaver@maine.edu> wrote:
> >
> > >
> > > So I've modified my fuzzer to try to exercise the
> > > PERF_EVENT_IOC_SET_FILTER ioctl() and it is starting to turn up some
> > > warnings.
> >
> > Is there any way to know what the filter string you used that generated
> > this?
>
> Various seem to trigger it. One example is
>
> ext4:ext4_truncate_exit
> (((dev<=913)blocks==916)common_type&756)
>
Does this patch fix your issue?
-- Steve
diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c
index 71511ebc70db..dae84db83d97 100644
--- a/kernel/trace/trace_events_filter.c
+++ b/kernel/trace/trace_events_filter.c
@@ -1369,19 +1369,26 @@ static int check_preds(struct filter_parse_state *ps)
{
int n_normal_preds = 0, n_logical_preds = 0;
struct postfix_elt *elt;
+ int cnt = 0;
list_for_each_entry(elt, &ps->postfix, list) {
- if (elt->op == OP_NONE)
+ if (elt->op == OP_NONE) {
+ cnt++;
continue;
+ }
if (elt->op == OP_AND || elt->op == OP_OR) {
n_logical_preds++;
+ cnt--;
continue;
}
+ if (elt->op != OP_NOT)
+ cnt--;
n_normal_preds++;
+ WARN_ON_ONCE(cnt < 0);
}
- if (!n_normal_preds || n_logical_preds >= n_normal_preds) {
+ if (cnt != 1 || !n_normal_preds || n_logical_preds >= n_normal_preds) {
parse_error(ps, FILT_ERR_INVALID_FILTER, 0);
return -EINVAL;
}
next prev parent reply other threads:[~2015-06-15 21:50 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-12 21:18 Vince Weaver
2015-06-12 21:40 ` Steven Rostedt
2015-06-13 1:15 ` Vince Weaver
2015-06-13 1:29 ` Steven Rostedt
2015-06-15 21:50 ` Steven Rostedt [this message]
2015-06-16 16:17 ` Steven Rostedt
2015-06-17 5:09 ` Vince Weaver
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150615175025.7e809215@gandalf.local.home \
--to=rostedt@goodmis.org \
--cc=a.p.zijlstra@chello.nl \
--cc=acme@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=vincent.weaver@maine.edu \
--subject='Re: perf,ftrace: fuzzer triggers warning in trace_events_filter code' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.