| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4A7A336B.4040708@cn.fujitsu.com> Date: Thu, 06 Aug 2009 09:35:39 +0800 From: Li Zefan <lizf@...fujitsu.com> To: Frederic Weisbecker <fweisbec@...il.com> CC: Ingo Molnar <mingo@...e.hu>, LKML <linux-kernel@...r.kernel.org>, Steven Rostedt <rostedt@...dmis.org>, Lai Jiangshan <laijs@...fujitsu.com>, Tom Zanussi <tzanussi@...il.com>, Thomas Gleixner <tglx@...utronix.de>, Peter Zijlstra <peterz@...radead.org> Subject: Re: [RFC][PATCH 5/5] tracing/filters: Provide support for char * pointers Frederic Weisbecker wrote: > On Mon, Aug 03, 2009 at 02:58:15PM +0800, Li Zefan wrote: >> Frederic Weisbecker wrote: >>> Provide support for char * pointers in the filtering framework. >>> Usually, char * entries are dangerous in traces because the string >>> can be released whereas a pointer to it can still wait to be read from >>> the ring buffer. But sometimes we can assume it's safe, like in case >>> of RO data (eg: __file__ or __line__, used in bkl trace event). If >>> these RO data are in a module and so is the call to the trace event, >>> then it's safe, because the ring buffer will be flushed once this >>> module get unloaded. >>> >> The problem is we don't distinguish dangerous char * from >> safe char *... They are both defined as: >> __field(char *, str) >> >> So for those dangerous ones, a string filter still can be applied, >> which will dereference those pointers. > > Yeah, but only reviewing can distinguish them. It depends on the > context. > IMO, a __builtin_constant check would be wrong. I don't remember who > posted recently tracepoints with char * types that were safe although he > didn't use string constants. > IMO it's really bad to rely on review to prevent wrong use of an API.. Other developers won't know this restriction, and not all tracepoint patches go through -tip tree, and not all trace_event source files are in include/trace/events/. How about add __field_type()? So we can define: __field_type(char *, str, FILTER_PTR_STR) the advantage is he who wrote the code really knows this field is safe to be used in filtering as a string. I had some patches that does similar job. I can rewrite and post them. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists