From nobody Mon Oct 6 01:21:11 2025 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 54FDC2253A1 for ; Mon, 28 Jul 2025 20:49:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1753735786; cv=none; b=E/vDxRkL88quU3eWMWNwP0O42xRnIQMxVikai7H/M069ub/lc8PZDxXzEfZHGfytoxijQSLQipPgcAW5VvBn3qyn0Fcs0WXmZG7rbBHPYwhWpvdsW95WSimnqVnXb6k5ykgrpF4Z0WQsmhf98lef4EyEuR9C1Rjqz+aUEfXSkTk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1753735786; c=relaxed/simple; bh=+z/vQdXbmjGgcEzFQFAAtCAqyXFrb/QCsWewWeQ+OU0=; h=Message-ID:Date:From:To:Cc:Subject:References:MIME-Version: Content-Type; b=FlsaECyiUKXEpAJDxuYhMRJSy1hRFXnD4z+WVb++Ex428BuaSr9qSgqVjE4MTAbkeCsGpNCW+1S1JhVB0jC/+sQjaeSJkP2MXGUyMytSwYjeDaNEXYUTbsPXe06y8duiiSTkaM+MucPf6Og6gORnZEflhLKbNM3Sl+sDi2X8OzM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Xspgf/hy; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Xspgf/hy" Received: by smtp.kernel.org (Postfix) with ESMTPSA id EC61BC4CEF4; Mon, 28 Jul 2025 20:49:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1753735786; bh=+z/vQdXbmjGgcEzFQFAAtCAqyXFrb/QCsWewWeQ+OU0=; h=Date:From:To:Cc:Subject:References:From; b=Xspgf/hyXUCUZ78mwpyf2QSZ5kJ8o6d1t6o4R3sxYd7XOQ1RdQp0TCQDJkqyLDfzd Xx9cqTz4E9QBB9DmhZforGYnLQ3opz/K9wQL2Z/VhcDC0kvyeJZd8jB6JL2DRJM9pc mieKh38pgMJTyRoL6rBmeKJ5TgPiOmB09QJSmCQJZbW8GKjzrKn61J3MqhckciOG5L FNtfwHE+ddhEnXmq3OlVHHPaLLME5OyUaLywxB11ouTqfiKY5rwBRPDxfOEjxRnAoK Kaf2+QQiAMR3FvfBpKJggqJePFvzW5S/7RPT5sQvDdJm/nSOOMoiHG3WAAADifdVWA cSVhg9uVmf+Mw== Received: from rostedt by gandalf with local (Exim 4.98.2) (envelope-from ) id 1ugUnG-000000042wI-35F7; Mon, 28 Jul 2025 16:49:58 -0400 Message-ID: <20250728204958.587985378@kernel.org> User-Agent: quilt/0.68 Date: Mon, 28 Jul 2025 16:49:39 -0400 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Tomas Glozar , John Kacur , Masami Hiramatsu , Ingo Molnar , Peter Zijlstra , Juri Lelli , Clark Williams , Nam Cao , Gabriele Monaco Subject: [for-next][PATCH 05/11] rv: Use strings in da monitors tracepoints References: <20250728204934.281385756@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Gabriele Monaco Using DA monitors tracepoints with KASAN enabled triggers the following warning: BUG: KASAN: global-out-of-bounds in do_trace_event_raw_event_event_da_moni= tor+0xd6/0x1a0 Read of size 32 at addr ffffffffaada8980 by task ... Call Trace: [...] do_trace_event_raw_event_event_da_monitor+0xd6/0x1a0 ? __pfx_do_trace_event_raw_event_event_da_monitor+0x10/0x10 ? trace_event_sncid+0x83/0x200 trace_event_sncid+0x163/0x200 [...] The buggy address belongs to the variable: automaton_snep+0x4e0/0x5e0 This is caused by the tracepoints reading 32 bytes __array instead of __string from the automata definition. Such strings are literals and reading 32 bytes ends up in out of bound memory accesses (e.g. the next automaton's data in this case). The error is harmless as, while printing the string, we stop at the null terminator, but it should still be fixed. Use the __string facilities while defining the tracepoints to avoid reading out of bound memory. Cc: Masami Hiramatsu Cc: Ingo Molnar Cc: Peter Zijlstra Cc: Tomas Glozar Cc: Juri Lelli Cc: Clark Williams Cc: John Kacur Link: https://lore.kernel.org/20250728135022.255578-4-gmonaco@redhat.com Fixes: 792575348ff7 ("rv/include: Add deterministic automata monitor defini= tion via C macros") Reviewed-by: Nam Cao Signed-off-by: Gabriele Monaco Signed-off-by: Steven Rostedt (Google) --- kernel/trace/rv/rv_trace.h | 76 +++++++++++++++++++------------------- 1 file changed, 38 insertions(+), 38 deletions(-) diff --git a/kernel/trace/rv/rv_trace.h b/kernel/trace/rv/rv_trace.h index 17ba07329b67..d38e0d3abdfd 100644 --- a/kernel/trace/rv/rv_trace.h +++ b/kernel/trace/rv/rv_trace.h @@ -16,23 +16,23 @@ DECLARE_EVENT_CLASS(event_da_monitor, TP_ARGS(state, event, next_state, final_state), =20 TP_STRUCT__entry( - __array( char, state, MAX_DA_NAME_LEN ) - __array( char, event, MAX_DA_NAME_LEN ) - __array( char, next_state, MAX_DA_NAME_LEN ) - __field( bool, final_state ) + __string( state, state ) + __string( event, event ) + __string( next_state, next_state ) + __field( bool, final_state ) ), =20 TP_fast_assign( - memcpy(__entry->state, state, MAX_DA_NAME_LEN); - memcpy(__entry->event, event, MAX_DA_NAME_LEN); - memcpy(__entry->next_state, next_state, MAX_DA_NAME_LEN); - __entry->final_state =3D final_state; + __assign_str(state); + __assign_str(event); + __assign_str(next_state); + __entry->final_state =3D final_state; ), =20 TP_printk("%s x %s -> %s%s", - __entry->state, - __entry->event, - __entry->next_state, + __get_str(state), + __get_str(event), + __get_str(next_state), __entry->final_state ? " (final)" : "") ); =20 @@ -43,18 +43,18 @@ DECLARE_EVENT_CLASS(error_da_monitor, TP_ARGS(state, event), =20 TP_STRUCT__entry( - __array( char, state, MAX_DA_NAME_LEN ) - __array( char, event, MAX_DA_NAME_LEN ) + __string( state, state ) + __string( event, event ) ), =20 TP_fast_assign( - memcpy(__entry->state, state, MAX_DA_NAME_LEN); - memcpy(__entry->event, event, MAX_DA_NAME_LEN); + __assign_str(state); + __assign_str(event); ), =20 TP_printk("event %s not expected in the state %s", - __entry->event, - __entry->state) + __get_str(event), + __get_str(state)) ); =20 #include @@ -75,26 +75,26 @@ DECLARE_EVENT_CLASS(event_da_monitor_id, TP_ARGS(id, state, event, next_state, final_state), =20 TP_STRUCT__entry( - __field( int, id ) - __array( char, state, MAX_DA_NAME_LEN ) - __array( char, event, MAX_DA_NAME_LEN ) - __array( char, next_state, MAX_DA_NAME_LEN ) - __field( bool, final_state ) + __field( int, id ) + __string( state, state ) + __string( event, event ) + __string( next_state, next_state ) + __field( bool, final_state ) ), =20 TP_fast_assign( - memcpy(__entry->state, state, MAX_DA_NAME_LEN); - memcpy(__entry->event, event, MAX_DA_NAME_LEN); - memcpy(__entry->next_state, next_state, MAX_DA_NAME_LEN); - __entry->id =3D id; - __entry->final_state =3D final_state; + __assign_str(state); + __assign_str(event); + __assign_str(next_state); + __entry->id =3D id; + __entry->final_state =3D final_state; ), =20 TP_printk("%d: %s x %s -> %s%s", __entry->id, - __entry->state, - __entry->event, - __entry->next_state, + __get_str(state), + __get_str(event), + __get_str(next_state), __entry->final_state ? " (final)" : "") ); =20 @@ -105,21 +105,21 @@ DECLARE_EVENT_CLASS(error_da_monitor_id, TP_ARGS(id, state, event), =20 TP_STRUCT__entry( - __field( int, id ) - __array( char, state, MAX_DA_NAME_LEN ) - __array( char, event, MAX_DA_NAME_LEN ) + __field( int, id ) + __string( state, state ) + __string( event, event ) ), =20 TP_fast_assign( - memcpy(__entry->state, state, MAX_DA_NAME_LEN); - memcpy(__entry->event, event, MAX_DA_NAME_LEN); - __entry->id =3D id; + __assign_str(state); + __assign_str(event); + __entry->id =3D id; ), =20 TP_printk("%d: event %s not expected in the state %s", __entry->id, - __entry->event, - __entry->state) + __get_str(event), + __get_str(state)) ); =20 #include --=20 2.47.2