From: Steven Rostedt <rostedt@goodmis.org>
To: Vince Weaver <vincent.weaver@maine.edu>
Cc: linux-kernel@vger.kernel.org,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
Ingo Molnar <mingo@redhat.com>,
Arnaldo Carvalho de Melo <acme@kernel.org>
Subject: Re: perf,ftrace: fuzzer triggers warning in trace_events_filter code
Date: Tue, 16 Jun 2015 12:17:25 -0400 [thread overview]
Message-ID: <20150616121725.6a6c7e42@gandalf.local.home> (raw)
In-Reply-To: <20150615175025.7e809215@gandalf.local.home>
On Mon, 15 Jun 2015 17:50:25 -0400
Steven Rostedt <rostedt@goodmis.org> wrote:
> On Fri, 12 Jun 2015 21:15:10 -0400 (EDT)
> Vince Weaver <vincent.weaver@maine.edu> wrote:
>
> > On Fri, 12 Jun 2015, Steven Rostedt wrote:
> >
> > > On Fri, 12 Jun 2015 17:18:22 -0400 (EDT)
> > > Vince Weaver <vincent.weaver@maine.edu> wrote:
> > >
> > > >
> > > > So I've modified my fuzzer to try to exercise the
> > > > PERF_EVENT_IOC_SET_FILTER ioctl() and it is starting to turn up some
> > > > warnings.
> > >
> > > Is there any way to know what the filter string you used that generated
> > > this?
> >
> > Various seem to trigger it. One example is
> >
> > ext4:ext4_truncate_exit
> > (((dev<=913)blocks==916)common_type&756)
> >
>
> Does this patch fix your issue?
I got this patch all ready and set to push to Linus. But I was hoping
to add a Tested-by: from you. I already have you as Reported-by.
I would like to get this in before 4.1 is released.
Thanks,
-- Steve
>
> diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c
> index 71511ebc70db..dae84db83d97 100644
> --- a/kernel/trace/trace_events_filter.c
> +++ b/kernel/trace/trace_events_filter.c
> @@ -1369,19 +1369,26 @@ static int check_preds(struct filter_parse_state *ps)
> {
> int n_normal_preds = 0, n_logical_preds = 0;
> struct postfix_elt *elt;
> + int cnt = 0;
>
> list_for_each_entry(elt, &ps->postfix, list) {
> - if (elt->op == OP_NONE)
> + if (elt->op == OP_NONE) {
> + cnt++;
> continue;
> + }
>
> if (elt->op == OP_AND || elt->op == OP_OR) {
> n_logical_preds++;
> + cnt--;
> continue;
> }
> + if (elt->op != OP_NOT)
> + cnt--;
> n_normal_preds++;
> + WARN_ON_ONCE(cnt < 0);
> }
>
> - if (!n_normal_preds || n_logical_preds >= n_normal_preds) {
> + if (cnt != 1 || !n_normal_preds || n_logical_preds >= n_normal_preds) {
> parse_error(ps, FILT_ERR_INVALID_FILTER, 0);
> return -EINVAL;
> }
next prev parent reply other threads:[~2015-06-16 16:17 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-12 21:18 Vince Weaver
2015-06-12 21:40 ` Steven Rostedt
2015-06-13 1:15 ` Vince Weaver
2015-06-13 1:29 ` Steven Rostedt
2015-06-15 21:50 ` Steven Rostedt
2015-06-16 16:17 ` Steven Rostedt [this message]
2015-06-17 5:09 ` Vince Weaver
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150616121725.6a6c7e42@gandalf.local.home \
--to=rostedt@goodmis.org \
--cc=a.p.zijlstra@chello.nl \
--cc=acme@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=vincent.weaver@maine.edu \
--subject='Re: perf,ftrace: fuzzer triggers warning in trace_events_filter code' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.