* [PATCH 0/2] tracing: hist trigger KASAN fixes @ 2016-06-30 0:55 Tom Zanussi 2016-06-30 0:55 ` [PATCH 1/2] tracing: Fix use-after-free in hist_unreg_all/hist_enable_unreg_all Tom Zanussi ` (2 more replies) 0 siblings, 3 replies; 5+ messages in thread From: Tom Zanussi @ 2016-06-30 0:55 UTC (permalink / raw) To: rostedt; +Cc: dvyukov, linux-kernel, Tom Zanussi Dmitry Vyukov found and reported an issue with hist triggers when running the hist trigger selftests, which Steve Rostedt sent a patch for and which fixed part of the problem; I copied his patch to fix another similar problem in the same code. The result is the first patch in this series. After that fix was applied, another problem appeared, again triggered by the selftests. The second patch here fixes that. I then ran my exhaustive testsuite with KASAN enabled and didn't find anything else beyond those. The following changes since commit 02184c60eba8491ea574cd17b8ba766c86d468f2: Merge tag 'for-v4.7-rc' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply (2016-06-27 20:43:00 -0700) are available in the git repository at: git://git.yoctoproject.org/linux-yocto-contrib.git tzanussi/hist-trigger-kasan-fixes http://git.yoctoproject.org/cgit/cgit.cgi/linux-yocto-contrib/log/?h=tzanussi/hist-trigger-kasan-fixes Steven Rostedt (1): tracing: Fix use-after-free in hist_unreg_all/hist_enable_unreg_all Tom Zanussi (1): tracing: Fix use-after-free in hist_register_trigger() kernel/trace/trace_events_hist.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) -- 1.9.3 ^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 1/2] tracing: Fix use-after-free in hist_unreg_all/hist_enable_unreg_all 2016-06-30 0:55 [PATCH 0/2] tracing: hist trigger KASAN fixes Tom Zanussi @ 2016-06-30 0:55 ` Tom Zanussi 2016-06-30 0:56 ` [PATCH 2/2] tracing: Fix use-after-free in hist_register_trigger() Tom Zanussi 2016-08-02 18:57 ` [PATCH 0/2] tracing: hist trigger KASAN fixes Tom Zanussi 2 siblings, 0 replies; 5+ messages in thread From: Tom Zanussi @ 2016-06-30 0:55 UTC (permalink / raw) To: rostedt; +Cc: dvyukov, linux-kernel, Tom Zanussi From: Steven Rostedt <rostedt@goodmis.org> While running tools/testing/selftests test suite with KASAN, Dmitry Vyukov hit the following use-after-free report: ================================================================== BUG: KASAN: use-after-free in hist_unreg_all+0x1a1/0x1d0 at addr ffff880031632cc0 Read of size 8 by task ftracetest/7413 ================================================================== BUG kmalloc-128 (Not tainted): kasan: bad access detected ------------------------------------------------------------------ This fixes the problem, along with the same problem in hist_enable_unreg_all(). Signed-off-by: Steven Rostedt <rostedt@goodmis.org> [Copied Steve's hist_enable_unreg_all() fix to hist_unreg_all()] Signed-off-by: Tom Zanussi <tom.zanussi@linux.intel.com> Cc: Dmitry Vyukov <dvyukov@google.com> --- kernel/trace/trace_events_hist.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c index 0c05b8a..19ae135 100644 --- a/kernel/trace/trace_events_hist.c +++ b/kernel/trace/trace_events_hist.c @@ -1500,9 +1500,9 @@ static void hist_unregister_trigger(char *glob, struct event_trigger_ops *ops, static void hist_unreg_all(struct trace_event_file *file) { - struct event_trigger_data *test; + struct event_trigger_data *test, *n; - list_for_each_entry_rcu(test, &file->triggers, list) { + list_for_each_entry_safe(test, n, &file->triggers, list) { if (test->cmd_ops->trigger_type == ETT_EVENT_HIST) { list_del_rcu(&test->list); trace_event_trigger_enable_disable(file, 0); @@ -1699,9 +1699,9 @@ hist_enable_get_trigger_ops(char *cmd, char *param) static void hist_enable_unreg_all(struct trace_event_file *file) { - struct event_trigger_data *test; + struct event_trigger_data *test, *n; - list_for_each_entry_rcu(test, &file->triggers, list) { + list_for_each_entry_safe(test, n, &file->triggers, list) { if (test->cmd_ops->trigger_type == ETT_HIST_ENABLE) { list_del_rcu(&test->list); update_cond_flag(file); -- 1.9.3 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 2/2] tracing: Fix use-after-free in hist_register_trigger() 2016-06-30 0:55 [PATCH 0/2] tracing: hist trigger KASAN fixes Tom Zanussi 2016-06-30 0:55 ` [PATCH 1/2] tracing: Fix use-after-free in hist_unreg_all/hist_enable_unreg_all Tom Zanussi @ 2016-06-30 0:56 ` Tom Zanussi 2016-08-02 18:57 ` [PATCH 0/2] tracing: hist trigger KASAN fixes Tom Zanussi 2 siblings, 0 replies; 5+ messages in thread From: Tom Zanussi @ 2016-06-30 0:56 UTC (permalink / raw) To: rostedt; +Cc: dvyukov, linux-kernel, Tom Zanussi This fixes a use-after-free case flagged by KASAN; make sure the test happens before the potential free in this case. Signed-off-by: Tom Zanussi <tom.zanussi@linux.intel.com> --- kernel/trace/trace_events_hist.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c index 19ae135..f3a960e 100644 --- a/kernel/trace/trace_events_hist.c +++ b/kernel/trace/trace_events_hist.c @@ -1441,6 +1441,9 @@ static int hist_register_trigger(char *glob, struct event_trigger_ops *ops, goto out; } + if (hist_data->attrs->pause) + data->paused = true; + if (named_data) { destroy_hist_data(data->private_data); data->private_data = named_data->private_data; @@ -1448,9 +1451,6 @@ static int hist_register_trigger(char *glob, struct event_trigger_ops *ops, data->ops = &event_hist_trigger_named_ops; } - if (hist_data->attrs->pause) - data->paused = true; - if (data->ops->init) { ret = data->ops->init(data->ops, data); if (ret < 0) -- 1.9.3 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 0/2] tracing: hist trigger KASAN fixes 2016-06-30 0:55 [PATCH 0/2] tracing: hist trigger KASAN fixes Tom Zanussi 2016-06-30 0:55 ` [PATCH 1/2] tracing: Fix use-after-free in hist_unreg_all/hist_enable_unreg_all Tom Zanussi 2016-06-30 0:56 ` [PATCH 2/2] tracing: Fix use-after-free in hist_register_trigger() Tom Zanussi @ 2016-08-02 18:57 ` Tom Zanussi 2016-08-02 19:11 ` Steven Rostedt 2 siblings, 1 reply; 5+ messages in thread From: Tom Zanussi @ 2016-08-02 18:57 UTC (permalink / raw) To: rostedt; +Cc: dvyukov, linux-kernel Hi Steve, It looks like these two patches were never merged.. Thanks, Tom On 06/29/2016 07:55 PM, Tom Zanussi wrote: > Dmitry Vyukov found and reported an issue with hist triggers when > running the hist trigger selftests, which Steve Rostedt sent a patch > for and which fixed part of the problem; I copied his patch to fix > another similar problem in the same code. The result is the first > patch in this series. > > After that fix was applied, another problem appeared, again triggered > by the selftests. The second patch here fixes that. > > I then ran my exhaustive testsuite with KASAN enabled and didn't find > anything else beyond those. > > The following changes since commit 02184c60eba8491ea574cd17b8ba766c86d468f2: > > Merge tag 'for-v4.7-rc' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply (2016-06-27 20:43:00 -0700) > > are available in the git repository at: > > > git://git.yoctoproject.org/linux-yocto-contrib.git tzanussi/hist-trigger-kasan-fixes > http://git.yoctoproject.org/cgit/cgit.cgi/linux-yocto-contrib/log/?h=tzanussi/hist-trigger-kasan-fixes > > Steven Rostedt (1): > tracing: Fix use-after-free in hist_unreg_all/hist_enable_unreg_all > > Tom Zanussi (1): > tracing: Fix use-after-free in hist_register_trigger() > > kernel/trace/trace_events_hist.c | 14 +++++++------- > 1 file changed, 7 insertions(+), 7 deletions(-) > ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 0/2] tracing: hist trigger KASAN fixes 2016-08-02 18:57 ` [PATCH 0/2] tracing: hist trigger KASAN fixes Tom Zanussi @ 2016-08-02 19:11 ` Steven Rostedt 0 siblings, 0 replies; 5+ messages in thread From: Steven Rostedt @ 2016-08-02 19:11 UTC (permalink / raw) To: Tom Zanussi; +Cc: dvyukov, linux-kernel On Tue, 02 Aug 2016 13:57:13 -0500 Tom Zanussi <tom.zanussi@linux.intel.com> wrote: > Hi Steve, > > It looks like these two patches were never merged.. > Because they got buried in my INBOX. :-( -- Steve ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2016-08-02 19:12 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2016-06-30 0:55 [PATCH 0/2] tracing: hist trigger KASAN fixes Tom Zanussi 2016-06-30 0:55 ` [PATCH 1/2] tracing: Fix use-after-free in hist_unreg_all/hist_enable_unreg_all Tom Zanussi 2016-06-30 0:56 ` [PATCH 2/2] tracing: Fix use-after-free in hist_register_trigger() Tom Zanussi 2016-08-02 18:57 ` [PATCH 0/2] tracing: hist trigger KASAN fixes Tom Zanussi 2016-08-02 19:11 ` Steven Rostedt
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.