From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_SANE_2 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 30CAFC433DB for ; Sun, 28 Feb 2021 00:09:32 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E070F64DBA for ; Sun, 28 Feb 2021 00:09:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230128AbhB1AJQ (ORCPT ); Sat, 27 Feb 2021 19:09:16 -0500 Received: from mail.kernel.org ([198.145.29.99]:41620 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230008AbhB1AJO (ORCPT ); Sat, 27 Feb 2021 19:09:14 -0500 Received: from oasis.local.home (cpe-66-24-58-225.stny.res.rr.com [66.24.58.225]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 2A1E364DBA; Sun, 28 Feb 2021 00:08:33 +0000 (UTC) Date: Sat, 27 Feb 2021 19:08:31 -0500 From: Steven Rostedt To: Linus Torvalds Cc: Linux Kernel Mailing List , Ingo Molnar , Andrew Morton , Masami Hiramatsu , Jacob Wen , Pawel Laszczak , Felipe Balbi , Greg KH Subject: Re: [PATCH 0/2] tracing: Detect unsafe dereferencing of pointers from trace events Message-ID: <20210227190831.56956c80@oasis.local.home> In-Reply-To: <20210227141802.5c9aca91@oasis.local.home> References: <20210226185909.100032746@goodmis.org> <20210227141802.5c9aca91@oasis.local.home> X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.33; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org [ Resending with an address that should work for Felipe ] On Sat, 27 Feb 2021 14:18:02 -0500 Steven Rostedt wrote: > On Fri, 26 Feb 2021 14:21:00 -0800 > Linus Torvalds wrote: > > > On Fri, Feb 26, 2021 at 11:07 AM Steven Rostedt wrote: > > > > > > The first patch scans the print fmts of the trace events looking for > > > dereferencing pointers from %p*, and making sure that they refer back > > > to the trace event itself. > > > > > > The second patch handles strings "%s" [..] > > > > Doing this at runtime really feels like the wrong thing to do. > > > > It won't even protect us from what happened - people like me and > > Andrew won't even run those tracepoints in the first place, so we > > won't notice. > > > > It really would be much better in every respect to have this done by > > checkpatch, I think. > > And after fixing the parsing to not trigger false positives, an > allyesconfig boot found this: > > event cdns3_gadget_giveback has unsafe dereference of argument 11 > print_fmt: "%s: req: %p, req buff %p, length: %u/%u %s%s%s, status: %d, trb: [start:%d, end:%d: virt addr %pa], flags:%x SID: %u", __get_str(name), REC->req, REC->buf, > REC->actual, REC->length, REC->zero ? "Z" : "z", REC->short_not_ok ? "S" : "s", REC->no_interrupt ? "I" : "i", REC->status, REC->start_trb, REC->end_trb, REC->start_trb_addr, REC->flags, RE > C->stream_id > > (as the above is from a trace event class, it triggered for every event > in that class). > > As it looks like it uses %pa which IIUC from the printk code, it > dereferences the pointer to find it's virtual address. The event has > this as the field: > > __field(struct cdns3_trb *, start_trb_addr) > > Assigns it with: > > __entry->start_trb_addr = req->trb; > > And prints that with %pa, which will dereference pointer at the time of > reading, where the address in question may no longer be around. That > looks to me as a potential bug. > > [ Cc'd the people responsible for that code. ] > > -- Steve