From nobody Tue Apr 7 06:22:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B6E09C4332F for ; Wed, 12 Oct 2022 22:03:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229721AbiJLWD4 (ORCPT ); Wed, 12 Oct 2022 18:03:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42742 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229907AbiJLWCa (ORCPT ); Wed, 12 Oct 2022 18:02:30 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 42F7D12571F for ; Wed, 12 Oct 2022 15:00:48 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 81DF8B81C21 for ; Wed, 12 Oct 2022 22:00:36 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1800DC433D6; Wed, 12 Oct 2022 22:00:35 +0000 (UTC) Received: from rostedt by gandalf.local.home with local (Exim 4.96) (envelope-from ) id 1oijmV-0049Ax-1l; Wed, 12 Oct 2022 18:00:51 -0400 Message-ID: <20221012220051.382750692@goodmis.org> User-Agent: quilt/0.66 Date: Wed, 12 Oct 2022 17:59:12 -0400 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Masami Hiramatsu , Andrew Morton , Joe Perches , Zheng Yejian Subject: [for-linus][PATCH 1/5] ftrace: Fix char print issue in print_ip_ins() References: <20221012215911.735621065@goodmis.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Zheng Yejian When ftrace bug happened, following log shows every hex data in problematic ip address: actual: ffffffe8:6b:ffffffd9:01:21 But so many 'f's seem a little confusing, and that is because format '%x' being used to print signed chars in array 'ins'. As suggested by Joe, change to use format "%*phC" to print array 'ins'. After this patch, the log is like: actual: e8:6b:d9:01:21 Link: https://lkml.kernel.org/r/20221011120352.1878494-1-zhengyejian1@huawe= i.com Fixes: 6c14133d2d3f ("ftrace: Do not blindly read the ip address in ftrace_= bug()") Suggested-by: Joe Perches Signed-off-by: Zheng Yejian Signed-off-by: Steven Rostedt (Google) --- kernel/trace/ftrace.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index 83362a155791..75c16215d065 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -2028,7 +2028,6 @@ static int ftrace_hash_ipmodify_update(struct ftrace_= ops *ops, static void print_ip_ins(const char *fmt, const unsigned char *p) { char ins[MCOUNT_INSN_SIZE]; - int i; =20 if (copy_from_kernel_nofault(ins, p, MCOUNT_INSN_SIZE)) { printk(KERN_CONT "%s[FAULT] %px\n", fmt, p); @@ -2036,9 +2035,7 @@ static void print_ip_ins(const char *fmt, const unsig= ned char *p) } =20 printk(KERN_CONT "%s", fmt); - - for (i =3D 0; i < MCOUNT_INSN_SIZE; i++) - printk(KERN_CONT "%s%02x", i ? ":" : "", ins[i]); + pr_cont("%*phC", MCOUNT_INSN_SIZE, ins); } =20 enum ftrace_bug_type ftrace_bug_type; --=20 2.35.1 From nobody Tue Apr 7 06:22:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5BB4CC4332F for ; Wed, 12 Oct 2022 22:04:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229977AbiJLWEB (ORCPT ); Wed, 12 Oct 2022 18:04:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43162 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229886AbiJLWDU (ORCPT ); Wed, 12 Oct 2022 18:03:20 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1EAE910B743 for ; Wed, 12 Oct 2022 15:00:58 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id C0AF56149B for ; Wed, 12 Oct 2022 22:00:35 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2EDEBC43140; Wed, 12 Oct 2022 22:00:35 +0000 (UTC) Received: from rostedt by gandalf.local.home with local (Exim 4.96) (envelope-from ) id 1oijmV-0049BW-2M; Wed, 12 Oct 2022 18:00:51 -0400 Message-ID: <20221012220051.576066367@goodmis.org> User-Agent: quilt/0.66 Date: Wed, 12 Oct 2022 17:59:13 -0400 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Masami Hiramatsu , Andrew Morton , Abaci Robot , Jiapeng Chong Subject: [for-linus][PATCH 2/5] ring-buffer: Fix kernel-doc References: <20221012215911.735621065@goodmis.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Jiapeng Chong kernel/trace/ring_buffer.c:895: warning: expecting prototype for ring_buffe= r_nr_pages_dirty(). Prototype was for ring_buffer_nr_dirty_pages() instead. kernel/trace/ring_buffer.c:5313: warning: expecting prototype for ring_buff= er_reset_cpu(). Prototype was for ring_buffer_reset_online_cpus() instead. kernel/trace/ring_buffer.c:5382: warning: expecting prototype for rind_buff= er_empty(). Prototype was for ring_buffer_empty() instead. Link: https://bugzilla.openanolis.cn/show_bug.cgi?id=3D2340 Link: https://lkml.kernel.org/r/20221009020642.12506-1-jiapeng.chong@linux.= alibaba.com Reported-by: Abaci Robot Signed-off-by: Jiapeng Chong Signed-off-by: Steven Rostedt (Google) --- kernel/trace/ring_buffer.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index c3f354cfc5ba..199759c73519 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -885,7 +885,7 @@ size_t ring_buffer_nr_pages(struct trace_buffer *buffer= , int cpu) } =20 /** - * ring_buffer_nr_pages_dirty - get the number of used pages in the ring b= uffer + * ring_buffer_nr_dirty_pages - get the number of used pages in the ring b= uffer * @buffer: The ring_buffer to get the number of pages from * @cpu: The cpu of the ring_buffer to get the number of pages from * @@ -5305,7 +5305,7 @@ void ring_buffer_reset_cpu(struct trace_buffer *buffe= r, int cpu) EXPORT_SYMBOL_GPL(ring_buffer_reset_cpu); =20 /** - * ring_buffer_reset_cpu - reset a ring buffer per CPU buffer + * ring_buffer_reset_online_cpus - reset a ring buffer per CPU buffer * @buffer: The ring buffer to reset a per cpu buffer of * @cpu: The CPU buffer to be reset */ @@ -5375,7 +5375,7 @@ void ring_buffer_reset(struct trace_buffer *buffer) EXPORT_SYMBOL_GPL(ring_buffer_reset); =20 /** - * rind_buffer_empty - is the ring buffer empty? + * ring_buffer_empty - is the ring buffer empty? * @buffer: The ring buffer to test */ bool ring_buffer_empty(struct trace_buffer *buffer) --=20 2.35.1 From nobody Tue Apr 7 06:22:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id F317BC4332F for ; Wed, 12 Oct 2022 22:03:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229867AbiJLWDp (ORCPT ); Wed, 12 Oct 2022 18:03:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42732 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229526AbiJLWC0 (ORCPT ); Wed, 12 Oct 2022 18:02:26 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7203F125714; Wed, 12 Oct 2022 15:00:46 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 02D2E61631; Wed, 12 Oct 2022 22:00:36 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 59CBAC43141; Wed, 12 Oct 2022 22:00:35 +0000 (UTC) Received: from rostedt by gandalf.local.home with local (Exim 4.96) (envelope-from ) id 1oijmV-0049C4-2w; Wed, 12 Oct 2022 18:00:51 -0400 Message-ID: <20221012220051.746780844@goodmis.org> User-Agent: quilt/0.66 Date: Wed, 12 Oct 2022 17:59:14 -0400 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Masami Hiramatsu , Andrew Morton , stable@vger.kernel.org, Tom Zanussi Subject: [for-linus][PATCH 3/5] tracing: Move duplicate code of trace_kprobe/eprobe.c into header References: <20221012215911.735621065@goodmis.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: "Steven Rostedt (Google)" The functions: fetch_store_strlen_user() fetch_store_strlen() fetch_store_string_user() fetch_store_string() are identical in both trace_kprobe.c and trace_eprobe.c. Move them into a new header file trace_probe_kernel.h to share it. This code will later be used by the synthetic events as well. Marked for stable as a fix for a crash in synthetic events requires it. Link: https://lkml.kernel.org/r/20221012104534.467668078@goodmis.org Cc: stable@vger.kernel.org Cc: Andrew Morton Cc: Tom Zanussi Acked-by: Masami Hiramatsu (Google) Reviewed-by: Tom Zanussi Fixes: bd82631d7ccdc ("tracing: Add support for dynamic strings to syntheti= c events") Signed-off-by: Steven Rostedt (Google) --- kernel/trace/trace_eprobe.c | 60 ++----------------- kernel/trace/trace_kprobe.c | 60 ++----------------- kernel/trace/trace_probe_kernel.h | 96 +++++++++++++++++++++++++++++++ 3 files changed, 106 insertions(+), 110 deletions(-) create mode 100644 kernel/trace/trace_probe_kernel.h diff --git a/kernel/trace/trace_eprobe.c b/kernel/trace/trace_eprobe.c index c08bde9871ec..5dd0617e5df6 100644 --- a/kernel/trace/trace_eprobe.c +++ b/kernel/trace/trace_eprobe.c @@ -16,6 +16,7 @@ #include "trace_dynevent.h" #include "trace_probe.h" #include "trace_probe_tmpl.h" +#include "trace_probe_kernel.h" =20 #define EPROBE_EVENT_SYSTEM "eprobes" =20 @@ -456,29 +457,14 @@ NOKPROBE_SYMBOL(process_fetch_insn) static nokprobe_inline int fetch_store_strlen_user(unsigned long addr) { - const void __user *uaddr =3D (__force const void __user *)addr; - - return strnlen_user_nofault(uaddr, MAX_STRING_SIZE); + return kern_fetch_store_strlen_user(addr); } =20 /* Return the length of string -- including null terminal byte */ static nokprobe_inline int fetch_store_strlen(unsigned long addr) { - int ret, len =3D 0; - u8 c; - -#ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE - if (addr < TASK_SIZE) - return fetch_store_strlen_user(addr); -#endif - - do { - ret =3D copy_from_kernel_nofault(&c, (u8 *)addr + len, 1); - len++; - } while (c && ret =3D=3D 0 && len < MAX_STRING_SIZE); - - return (ret < 0) ? ret : len; + return kern_fetch_store_strlen(addr); } =20 /* @@ -488,21 +474,7 @@ fetch_store_strlen(unsigned long addr) static nokprobe_inline int fetch_store_string_user(unsigned long addr, void *dest, void *base) { - const void __user *uaddr =3D (__force const void __user *)addr; - int maxlen =3D get_loc_len(*(u32 *)dest); - void *__dest; - long ret; - - if (unlikely(!maxlen)) - return -ENOMEM; - - __dest =3D get_loc_data(dest, base); - - ret =3D strncpy_from_user_nofault(__dest, uaddr, maxlen); - if (ret >=3D 0) - *(u32 *)dest =3D make_data_loc(ret, __dest - base); - - return ret; + return kern_fetch_store_string_user(addr, dest, base); } =20 /* @@ -512,29 +484,7 @@ fetch_store_string_user(unsigned long addr, void *dest= , void *base) static nokprobe_inline int fetch_store_string(unsigned long addr, void *dest, void *base) { - int maxlen =3D get_loc_len(*(u32 *)dest); - void *__dest; - long ret; - -#ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE - if ((unsigned long)addr < TASK_SIZE) - return fetch_store_string_user(addr, dest, base); -#endif - - if (unlikely(!maxlen)) - return -ENOMEM; - - __dest =3D get_loc_data(dest, base); - - /* - * Try to get string again, since the string can be changed while - * probing. - */ - ret =3D strncpy_from_kernel_nofault(__dest, (void *)addr, maxlen); - if (ret >=3D 0) - *(u32 *)dest =3D make_data_loc(ret, __dest - base); - - return ret; + return kern_fetch_store_string(addr, dest, base); } =20 static nokprobe_inline int diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c index 23f7f0ec4f4c..5a75b039e586 100644 --- a/kernel/trace/trace_kprobe.c +++ b/kernel/trace/trace_kprobe.c @@ -20,6 +20,7 @@ #include "trace_kprobe_selftest.h" #include "trace_probe.h" #include "trace_probe_tmpl.h" +#include "trace_probe_kernel.h" =20 #define KPROBE_EVENT_SYSTEM "kprobes" #define KRETPROBE_MAXACTIVE_MAX 4096 @@ -1223,29 +1224,14 @@ static const struct file_operations kprobe_profile_= ops =3D { static nokprobe_inline int fetch_store_strlen_user(unsigned long addr) { - const void __user *uaddr =3D (__force const void __user *)addr; - - return strnlen_user_nofault(uaddr, MAX_STRING_SIZE); + return kern_fetch_store_strlen_user(addr); } =20 /* Return the length of string -- including null terminal byte */ static nokprobe_inline int fetch_store_strlen(unsigned long addr) { - int ret, len =3D 0; - u8 c; - -#ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE - if (addr < TASK_SIZE) - return fetch_store_strlen_user(addr); -#endif - - do { - ret =3D copy_from_kernel_nofault(&c, (u8 *)addr + len, 1); - len++; - } while (c && ret =3D=3D 0 && len < MAX_STRING_SIZE); - - return (ret < 0) ? ret : len; + return kern_fetch_store_strlen(addr); } =20 /* @@ -1255,21 +1241,7 @@ fetch_store_strlen(unsigned long addr) static nokprobe_inline int fetch_store_string_user(unsigned long addr, void *dest, void *base) { - const void __user *uaddr =3D (__force const void __user *)addr; - int maxlen =3D get_loc_len(*(u32 *)dest); - void *__dest; - long ret; - - if (unlikely(!maxlen)) - return -ENOMEM; - - __dest =3D get_loc_data(dest, base); - - ret =3D strncpy_from_user_nofault(__dest, uaddr, maxlen); - if (ret >=3D 0) - *(u32 *)dest =3D make_data_loc(ret, __dest - base); - - return ret; + return kern_fetch_store_string_user(addr, dest, base); } =20 /* @@ -1279,29 +1251,7 @@ fetch_store_string_user(unsigned long addr, void *de= st, void *base) static nokprobe_inline int fetch_store_string(unsigned long addr, void *dest, void *base) { - int maxlen =3D get_loc_len(*(u32 *)dest); - void *__dest; - long ret; - -#ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE - if ((unsigned long)addr < TASK_SIZE) - return fetch_store_string_user(addr, dest, base); -#endif - - if (unlikely(!maxlen)) - return -ENOMEM; - - __dest =3D get_loc_data(dest, base); - - /* - * Try to get string again, since the string can be changed while - * probing. - */ - ret =3D strncpy_from_kernel_nofault(__dest, (void *)addr, maxlen); - if (ret >=3D 0) - *(u32 *)dest =3D make_data_loc(ret, __dest - base); - - return ret; + return kern_fetch_store_string(addr, dest, base); } =20 static nokprobe_inline int diff --git a/kernel/trace/trace_probe_kernel.h b/kernel/trace/trace_probe_k= ernel.h new file mode 100644 index 000000000000..1d43df29a1f8 --- /dev/null +++ b/kernel/trace/trace_probe_kernel.h @@ -0,0 +1,96 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef __TRACE_PROBE_KERNEL_H_ +#define __TRACE_PROBE_KERNEL_H_ + +/* + * This depends on trace_probe.h, but can not include it due to + * the way trace_probe_tmpl.h is used by trace_kprobe.c and trace_eprobe.c. + * Which means that any other user must include trace_probe.h before inclu= ding + * this file. + */ +/* Return the length of string -- including null terminal byte */ +static nokprobe_inline int +kern_fetch_store_strlen_user(unsigned long addr) +{ + const void __user *uaddr =3D (__force const void __user *)addr; + + return strnlen_user_nofault(uaddr, MAX_STRING_SIZE); +} + +/* Return the length of string -- including null terminal byte */ +static nokprobe_inline int +kern_fetch_store_strlen(unsigned long addr) +{ + int ret, len =3D 0; + u8 c; + +#ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE + if (addr < TASK_SIZE) + return kern_fetch_store_strlen_user(addr); +#endif + + do { + ret =3D copy_from_kernel_nofault(&c, (u8 *)addr + len, 1); + len++; + } while (c && ret =3D=3D 0 && len < MAX_STRING_SIZE); + + return (ret < 0) ? ret : len; +} + +/* + * Fetch a null-terminated string from user. Caller MUST set *(u32 *)buf + * with max length and relative data location. + */ +static nokprobe_inline int +kern_fetch_store_string_user(unsigned long addr, void *dest, void *base) +{ + const void __user *uaddr =3D (__force const void __user *)addr; + int maxlen =3D get_loc_len(*(u32 *)dest); + void *__dest; + long ret; + + if (unlikely(!maxlen)) + return -ENOMEM; + + __dest =3D get_loc_data(dest, base); + + ret =3D strncpy_from_user_nofault(__dest, uaddr, maxlen); + if (ret >=3D 0) + *(u32 *)dest =3D make_data_loc(ret, __dest - base); + + return ret; +} + +/* + * Fetch a null-terminated string. Caller MUST set *(u32 *)buf with max + * length and relative data location. + */ +static nokprobe_inline int +kern_fetch_store_string(unsigned long addr, void *dest, void *base) +{ + int maxlen =3D get_loc_len(*(u32 *)dest); + void *__dest; + long ret; + +#ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE + if ((unsigned long)addr < TASK_SIZE) + return kern_fetch_store_string_user(addr, dest, base); +#endif + + if (unlikely(!maxlen)) + return -ENOMEM; + + __dest =3D get_loc_data(dest, base); + + /* + * Try to get string again, since the string can be changed while + * probing. + */ + ret =3D strncpy_from_kernel_nofault(__dest, (void *)addr, maxlen); + if (ret >=3D 0) + *(u32 *)dest =3D make_data_loc(ret, __dest - base); + + return ret; +} + +#endif /* __TRACE_PROBE_KERNEL_H_ */ --=20 2.35.1 From nobody Tue Apr 7 06:22:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id ADC8AC43219 for ; Wed, 12 Oct 2022 22:03:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230094AbiJLWDb (ORCPT ); Wed, 12 Oct 2022 18:03:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42516 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229947AbiJLWCZ (ORCPT ); Wed, 12 Oct 2022 18:02:25 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3F141125719; Wed, 12 Oct 2022 15:00:47 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 1E56A61632; Wed, 12 Oct 2022 22:00:36 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 81D97C433B5; Wed, 12 Oct 2022 22:00:35 +0000 (UTC) Received: from rostedt by gandalf.local.home with local (Exim 4.96) (envelope-from ) id 1oijmW-0049Cc-0G; Wed, 12 Oct 2022 18:00:52 -0400 Message-ID: <20221012220051.926552531@goodmis.org> User-Agent: quilt/0.66 Date: Wed, 12 Oct 2022 17:59:15 -0400 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Masami Hiramatsu , Andrew Morton , stable@vger.kernel.org, Tom Zanussi Subject: [for-linus][PATCH 4/5] tracing: Add "(fault)" name injection to kernel probes References: <20221012215911.735621065@goodmis.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: "Steven Rostedt (Google)" Have the specific functions for kernel probes that read strings to inject the "(fault)" name directly. trace_probes.c does this too (for uprobes) but as the code to read strings are going to be used by synthetic events (and perhaps other utilities), it simplifies the code by making sure those other uses do not need to implement the "(fault)" name injection as well. Link: https://lkml.kernel.org/r/20221012104534.644803645@goodmis.org Cc: stable@vger.kernel.org Cc: Andrew Morton Cc: Tom Zanussi Acked-by: Masami Hiramatsu (Google) Reviewed-by: Tom Zanussi Fixes: bd82631d7ccdc ("tracing: Add support for dynamic strings to syntheti= c events") Signed-off-by: Steven Rostedt (Google) --- kernel/trace/trace_probe_kernel.h | 31 +++++++++++++++++++++++++------ 1 file changed, 25 insertions(+), 6 deletions(-) diff --git a/kernel/trace/trace_probe_kernel.h b/kernel/trace/trace_probe_k= ernel.h index 1d43df29a1f8..77dbd9ff9782 100644 --- a/kernel/trace/trace_probe_kernel.h +++ b/kernel/trace/trace_probe_kernel.h @@ -2,6 +2,8 @@ #ifndef __TRACE_PROBE_KERNEL_H_ #define __TRACE_PROBE_KERNEL_H_ =20 +#define FAULT_STRING "(fault)" + /* * This depends on trace_probe.h, but can not include it due to * the way trace_probe_tmpl.h is used by trace_kprobe.c and trace_eprobe.c. @@ -13,8 +15,16 @@ static nokprobe_inline int kern_fetch_store_strlen_user(unsigned long addr) { const void __user *uaddr =3D (__force const void __user *)addr; + int ret; =20 - return strnlen_user_nofault(uaddr, MAX_STRING_SIZE); + ret =3D strnlen_user_nofault(uaddr, MAX_STRING_SIZE); + /* + * strnlen_user_nofault returns zero on fault, insert the + * FAULT_STRING when that occurs. + */ + if (ret <=3D 0) + return strlen(FAULT_STRING) + 1; + return ret; } =20 /* Return the length of string -- including null terminal byte */ @@ -34,7 +44,18 @@ kern_fetch_store_strlen(unsigned long addr) len++; } while (c && ret =3D=3D 0 && len < MAX_STRING_SIZE); =20 - return (ret < 0) ? ret : len; + /* For faults, return enough to hold the FAULT_STRING */ + return (ret < 0) ? strlen(FAULT_STRING) + 1 : len; +} + +static nokprobe_inline void set_data_loc(int ret, void *dest, void *__dest= , void *base, int len) +{ + if (ret >=3D 0) { + *(u32 *)dest =3D make_data_loc(ret, __dest - base); + } else { + strscpy(__dest, FAULT_STRING, len); + ret =3D strlen(__dest) + 1; + } } =20 /* @@ -55,8 +76,7 @@ kern_fetch_store_string_user(unsigned long addr, void *de= st, void *base) __dest =3D get_loc_data(dest, base); =20 ret =3D strncpy_from_user_nofault(__dest, uaddr, maxlen); - if (ret >=3D 0) - *(u32 *)dest =3D make_data_loc(ret, __dest - base); + set_data_loc(ret, dest, __dest, base, maxlen); =20 return ret; } @@ -87,8 +107,7 @@ kern_fetch_store_string(unsigned long addr, void *dest, = void *base) * probing. */ ret =3D strncpy_from_kernel_nofault(__dest, (void *)addr, maxlen); - if (ret >=3D 0) - *(u32 *)dest =3D make_data_loc(ret, __dest - base); + set_data_loc(ret, dest, __dest, base, maxlen); =20 return ret; } --=20 2.35.1 From nobody Tue Apr 7 06:22:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id BDAF8C4332F for ; Wed, 12 Oct 2022 22:04:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229776AbiJLWEH (ORCPT ); Wed, 12 Oct 2022 18:04:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41198 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229999AbiJLWDU (ORCPT ); Wed, 12 Oct 2022 18:03:20 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 61FED12792C; Wed, 12 Oct 2022 15:00:58 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 5C5466162A; Wed, 12 Oct 2022 22:00:36 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C184CC43470; Wed, 12 Oct 2022 22:00:35 +0000 (UTC) Received: from rostedt by gandalf.local.home with local (Exim 4.96) (envelope-from ) id 1oijmW-0049DA-0r; Wed, 12 Oct 2022 18:00:52 -0400 Message-ID: <20221012220052.099921906@goodmis.org> User-Agent: quilt/0.66 Date: Wed, 12 Oct 2022 17:59:16 -0400 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Masami Hiramatsu , Andrew Morton , stable@vger.kernel.org, Tom Zanussi Subject: [for-linus][PATCH 5/5] tracing: Fix reading strings from synthetic events References: <20221012215911.735621065@goodmis.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: "Steven Rostedt (Google)" The follow commands caused a crash: # cd /sys/kernel/tracing # echo 's:open char file[]' > dynamic_events # echo 'hist:keys=3Dcommon_pid:file=3Dfilename:onchange($file).trace(open= ,$file)' > events/syscalls/sys_enter_openat/trigger' # echo 1 > events/synthetic/open/enable BOOM! The problem is that the synthetic event field "char file[]" will read the value given to it as a string without any memory checks to make sure the address is valid. The above example will pass in the user space address and the sythetic event code will happily call strlen() on it and then strscpy() where either one will cause an oops when accessing user space addresses. Use the helper functions from trace_kprobe and trace_eprobe that can read strings safely (and actually succeed when the address is from user space and the memory is mapped in). Now the above can show: packagekitd-1721 [000] ...2. 104.597170: open: file=3D/usr/lib/rp= m/fileattrs/cmake.attr in:imjournal-978 [006] ...2. 104.599642: open: file=3D/var/lib/rs= yslog/imjournal.state.tmp packagekitd-1721 [000] ...2. 104.626308: open: file=3D/usr/lib/rp= m/fileattrs/debuginfo.attr Link: https://lkml.kernel.org/r/20221012104534.826549315@goodmis.org Cc: stable@vger.kernel.org Cc: Andrew Morton Cc: Tom Zanussi Acked-by: Masami Hiramatsu (Google) Reviewed-by: Tom Zanussi Fixes: bd82631d7ccdc ("tracing: Add support for dynamic strings to syntheti= c events") Signed-off-by: Steven Rostedt (Google) --- kernel/trace/trace_events_synth.c | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/kernel/trace/trace_events_synth.c b/kernel/trace/trace_events_= synth.c index 5e8c07aef071..e310052dc83c 100644 --- a/kernel/trace/trace_events_synth.c +++ b/kernel/trace/trace_events_synth.c @@ -17,6 +17,8 @@ /* for gfp flag names */ #include #include +#include "trace_probe.h" +#include "trace_probe_kernel.h" =20 #include "trace_synth.h" =20 @@ -409,6 +411,7 @@ static unsigned int trace_string(struct synth_trace_eve= nt *entry, { unsigned int len =3D 0; char *str_field; + int ret; =20 if (is_dynamic) { u32 data_offset; @@ -417,19 +420,27 @@ static unsigned int trace_string(struct synth_trace_e= vent *entry, data_offset +=3D event->n_u64 * sizeof(u64); data_offset +=3D data_size; =20 - str_field =3D (char *)entry + data_offset; - - len =3D strlen(str_val) + 1; - strscpy(str_field, str_val, len); + len =3D kern_fetch_store_strlen((unsigned long)str_val); =20 data_offset |=3D len << 16; *(u32 *)&entry->fields[*n_u64] =3D data_offset; =20 + ret =3D kern_fetch_store_string((unsigned long)str_val, &entry->fields[*= n_u64], entry); + (*n_u64)++; } else { str_field =3D (char *)&entry->fields[*n_u64]; =20 - strscpy(str_field, str_val, STR_VAR_LEN_MAX); +#ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE + if ((unsigned long)str_val < TASK_SIZE) + ret =3D strncpy_from_user_nofault(str_field, str_val, STR_VAR_LEN_MAX); + else +#endif + ret =3D strncpy_from_kernel_nofault(str_field, str_val, STR_VAR_LEN_MAX= ); + + if (ret < 0) + strcpy(str_field, FAULT_STRING); + (*n_u64) +=3D STR_VAR_LEN_MAX / sizeof(u64); } =20 @@ -462,7 +473,7 @@ static notrace void trace_event_raw_event_synth(void *_= _data, val_idx =3D var_ref_idx[field_pos]; str_val =3D (char *)(long)var_ref_vals[val_idx]; =20 - len =3D strlen(str_val) + 1; + len =3D kern_fetch_store_strlen((unsigned long)str_val); =20 fields_size +=3D len; } --=20 2.35.1