| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 6 Aug 2009 10:21:45 -0400 (EDT)
From: Steven Rostedt <rostedt@...dmis.org>
To: Li Zefan <lizf@...fujitsu.com>
cc: Frédéric Weisbecker <f.weisbecker@...il.com>,
Ingo Molnar <mingo@...e.hu>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 3/3] tracing/filters: Support filtering for char *
strings
On Thu, 6 Aug 2009, Li Zefan wrote:
> Usually, char * entries are dangerous in traces because the string
> can be released whereas a pointer to it can still wait to be read from
> the ring buffer.
>
> But sometimes we can assume it's safe, like in case of RO data
> (eg: __file__ or __line__, used in bkl trace event). If these RO data
> are in a module and so is the call to the trace event, then it's safe,
> because the ring buffer will be flushed once this module get unloaded.
>
> To allow char * to be treated as a string:
>
> TRACE_EVENT(...,
>
> TP_STRUCT__entry(
> __field_ext(const char *, name, FILTER_PTR_STRING)
> ...
> )
>
> ...
> );
>
> Signed-off-by: Li Zefan <lizf@...fujitsu.com>
> ---
> include/linux/ftrace_event.h | 1 +
> kernel/trace/trace_events_filter.c | 26 +++++++++++++++++++++++---
> 2 files changed, 24 insertions(+), 3 deletions(-)
>
> diff --git a/include/linux/ftrace_event.h b/include/linux/ftrace_event.h
> index 14c388e..1a98a61 100644
> --- a/include/linux/ftrace_event.h
> +++ b/include/linux/ftrace_event.h
> @@ -141,6 +141,7 @@ extern int filter_current_check_discard(struct ftrace_event_call *call,
> enum {
> FILTER_STATIC_STRING = 1,
> FILTER_DYN_STRING,
> + FILTER_PTR_STRING,
> FILTER_OTHER,
> };
>
> diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c
> index 5e7f031..b16923e 100644
> --- a/kernel/trace/trace_events_filter.c
> +++ b/kernel/trace/trace_events_filter.c
> @@ -163,6 +163,20 @@ static int filter_pred_string(struct filter_pred *pred, void *event,
> return match;
> }
>
> +/* Filter predicate for char * pointers */
> +static int filter_pred_pchar(struct filter_pred *pred, void *event,
> + int val1, int val2)
> +{
> + char **addr = (char **)(event + pred->offset);
> + int cmp, match;
> +
> + cmp = strncmp(*addr, pred->str_val, pred->str_len);
> +
> + match = (!cmp) ^ pred->not;
> +
> + return match;
> +}
> +
> /*
> * Filter predicate for dynamic sized arrays of characters.
> * These are implemented through a list of strings at the end
> @@ -489,7 +503,8 @@ int filter_assign_type(const char *type)
> static bool is_string_field(struct ftrace_event_field *field)
> {
> return field->filter_type == FILTER_DYN_STRING ||
> - field->filter_type == FILTER_STATIC_STRING;
> + field->filter_type == FILTER_STATIC_STRING ||
> + field->filter_type == FILTER_PTR_STRING;
> }
>
> static int is_legal_op(struct ftrace_event_field *field, int op)
> @@ -579,11 +594,16 @@ static int filter_add_pred(struct filter_parse_state *ps,
> }
>
> if (is_string_field(field)) {
> + pred->str_len = field->size;
> +
> if (field->filter_type == FILTER_STATIC_STRING)
> fn = filter_pred_string;
> - else
> + else if (field->filter_type == FILTER_DYN_STRING)
> fn = filter_pred_strloc;
> - pred->str_len = field->size;
> + else {
> + fn = filter_pred_pchar;
> + pred->str_len = strlen(pred->str_val);
> + }
I'm a little dense here, where do we protect against someone making a
tracepoint that points to unsafe data?
-- Steve
> } else {
> if (field->is_signed)
> ret = strict_strtoll(pred->str_val, 0, &val);
> --
> 1.6.3
>
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists