* [GIT PULL] tracing: Handle %.*s in trace_check_vprintf()
@ 2021-05-14 20:37 Steven Rostedt
2021-05-14 21:12 ` pr-tracker-bot
0 siblings, 1 reply; 2+ messages in thread
From: Steven Rostedt @ 2021-05-14 20:37 UTC (permalink / raw)
To: Linus Torvalds; +Cc: LKML, Ingo Molnar, Andrew Morton, Chuck Lever III
Linus,
tracing: Fix trace_check_vprintf() for %.*s
The sanity check of all strings being read from the ring buffer
to make sure they are in safe memory space did not account for
the %.*s notation having another parameter to process (the length).
Add that to the check.
Please pull the latest trace-v5.13-rc1 tree, which can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace.git
trace-v5.13-rc1
Tag SHA1: 71e3560ee5a8afa5639455dd4f0ae214e47d300b
Head SHA1: eb01f5353bdaa59600b29d864819056a0e3de24d
Steven Rostedt (VMware) (1):
tracing: Handle %.*s in trace_check_vprintf()
----
kernel/trace/trace.c | 31 +++++++++++++++++++++++++++----
1 file changed, 27 insertions(+), 4 deletions(-)
---------------------------
commit eb01f5353bdaa59600b29d864819056a0e3de24d
Author: Steven Rostedt (VMware) <rostedt@goodmis.org>
Date: Thu May 13 12:23:24 2021 -0400
tracing: Handle %.*s in trace_check_vprintf()
If a trace event uses the %*.s notation, the trace_check_vprintf() will
fail and will warn about a bad processing of strings, because it does not
take into account the length field when processing the star (*) part.
Have it handle this case as well.
Link: https://lore.kernel.org/linux-nfs/238C0E2D-C2A4-4578-ADD2-C565B3B99842@oracle.com/
Reported-by: Chuck Lever III <chuck.lever@oracle.com>
Fixes: 9a6944fee68e2 ("tracing: Add a verifier to check string pointers for trace events")
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 560e4c8d3825..a21ef9cd2aae 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -3704,6 +3704,9 @@ void trace_check_vprintf(struct trace_iterator *iter, const char *fmt,
goto print;
while (*p) {
+ bool star = false;
+ int len = 0;
+
j = 0;
/* We only care about %s and variants */
@@ -3725,13 +3728,17 @@ void trace_check_vprintf(struct trace_iterator *iter, const char *fmt,
/* Need to test cases like %08.*s */
for (j = 1; p[i+j]; j++) {
if (isdigit(p[i+j]) ||
- p[i+j] == '*' ||
p[i+j] == '.')
continue;
+ if (p[i+j] == '*') {
+ star = true;
+ continue;
+ }
break;
}
if (p[i+j] == 's')
break;
+ star = false;
}
j = 0;
}
@@ -3744,6 +3751,9 @@ void trace_check_vprintf(struct trace_iterator *iter, const char *fmt,
iter->fmt[i] = '\0';
trace_seq_vprintf(&iter->seq, iter->fmt, ap);
+ if (star)
+ len = va_arg(ap, int);
+
/* The ap now points to the string data of the %s */
str = va_arg(ap, const char *);
@@ -3762,8 +3772,18 @@ void trace_check_vprintf(struct trace_iterator *iter, const char *fmt,
int ret;
/* Try to safely read the string */
- ret = strncpy_from_kernel_nofault(iter->fmt, str,
- iter->fmt_size);
+ if (star) {
+ if (len + 1 > iter->fmt_size)
+ len = iter->fmt_size - 1;
+ if (len < 0)
+ len = 0;
+ ret = copy_from_kernel_nofault(iter->fmt, str, len);
+ iter->fmt[len] = 0;
+ star = false;
+ } else {
+ ret = strncpy_from_kernel_nofault(iter->fmt, str,
+ iter->fmt_size);
+ }
if (ret < 0)
trace_seq_printf(&iter->seq, "(0x%px)", str);
else
@@ -3775,7 +3795,10 @@ void trace_check_vprintf(struct trace_iterator *iter, const char *fmt,
strncpy(iter->fmt, p + i, j + 1);
iter->fmt[j+1] = '\0';
}
- trace_seq_printf(&iter->seq, iter->fmt, str);
+ if (star)
+ trace_seq_printf(&iter->seq, iter->fmt, len, str);
+ else
+ trace_seq_printf(&iter->seq, iter->fmt, str);
p += i + j + 1;
}
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [GIT PULL] tracing: Handle %.*s in trace_check_vprintf()
2021-05-14 20:37 [GIT PULL] tracing: Handle %.*s in trace_check_vprintf() Steven Rostedt
@ 2021-05-14 21:12 ` pr-tracker-bot
0 siblings, 0 replies; 2+ messages in thread
From: pr-tracker-bot @ 2021-05-14 21:12 UTC (permalink / raw)
To: Steven Rostedt
Cc: Linus Torvalds, LKML, Ingo Molnar, Andrew Morton, Chuck Lever III
The pull request you sent on Fri, 14 May 2021 16:37:01 -0400:
> git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace.git trace-v5.13-rc1
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/25a1298726e97b9d25379986f5d54d9e62ad6e93
Thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/prtracker.html
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-05-14 21:12 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-14 20:37 [GIT PULL] tracing: Handle %.*s in trace_check_vprintf() Steven Rostedt
2021-05-14 21:12 ` pr-tracker-bot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).