lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 06 Aug 2009 09:35:39 +0800
From:	Li Zefan <lizf@...fujitsu.com>
To:	Frederic Weisbecker <fweisbec@...il.com>
CC:	Ingo Molnar <mingo@...e.hu>, LKML <linux-kernel@...r.kernel.org>,
	Steven Rostedt <rostedt@...dmis.org>,
	Lai Jiangshan <laijs@...fujitsu.com>,
	Tom Zanussi <tzanussi@...il.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Peter Zijlstra <peterz@...radead.org>
Subject: Re: [RFC][PATCH 5/5] tracing/filters: Provide support for char *
 pointers

Frederic Weisbecker wrote:
> On Mon, Aug 03, 2009 at 02:58:15PM +0800, Li Zefan wrote:
>> Frederic Weisbecker wrote:
>>> Provide support for char * pointers in the filtering framework.
>>> Usually, char * entries are dangerous in traces because the string
>>> can be released whereas a pointer to it can still wait to be read from
>>> the ring buffer. But sometimes we can assume it's safe, like in case
>>> of RO data (eg: __file__ or __line__, used in bkl trace event). If
>>> these RO data are in a module and so is the call to the trace event,
>>> then it's safe, because the ring buffer will be flushed once this
>>> module get unloaded.
>>>
>> The problem is we don't distinguish dangerous char * from
>> safe char *... They are both defined as:
>> 	__field(char *, str)
>>
>> So for those dangerous ones, a string filter still can be applied,
>> which will dereference those pointers.
> 
> Yeah, but only reviewing can distinguish them. It depends on the
> context.
> IMO, a __builtin_constant check would be wrong. I don't remember who
> posted recently tracepoints with char * types that were safe although he
> didn't use string constants.
> 

IMO it's really bad to rely on review to prevent wrong use of
an API..

Other developers won't know this restriction, and not all tracepoint
patches go through -tip tree, and not all trace_event source files
are in include/trace/events/.

How about add __field_type()? So we can define:

	__field_type(char *, str, FILTER_PTR_STR)

the advantage is he who wrote the code really knows this field is safe
to be used in filtering as a string.

I had some patches that does similar job. I can rewrite and post them.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ