lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.DEB.2.20.1506191452280.29893@vincent-weaver-1.umelst.maine.edu>
Date:	Fri, 19 Jun 2015 14:55:51 -0400 (EDT)
From:	Vince Weaver <vincent.weaver@...ne.edu>
To:	Steven Rostedt <rostedt@...dmis.org>
cc:	Vince Weaver <vincent.weaver@...ne.edu>,
	linux-kernel@...r.kernel.org,
	Peter Zijlstra <a.p.zijlstra@...llo.nl>,
	Ingo Molnar <mingo@...hat.com>,
	Arnaldo Carvalho de Melo <acme@...nel.org>
Subject: Re: perf/ftrace: fuzzer triggers another warning with
 PERF_EVENT_IOC_SET_FILTER

On Thu, 18 Jun 2015, Steven Rostedt wrote:

> On Wed, 17 Jun 2015 19:32:26 -0400 (EDT)
> Vince Weaver <vincent.weaver@...ne.edu> wrote:
> 
> > 
> > The fuzzer triggered another warning in the PERF_EVENT_IOC_SET_FILTER 
> > code.  This is with the previous filter patch applied.
> > 
> > >From what I can tell the filter was:
> > nfs4:nfs4_fsinfo 
> > (((fhandle~601)&&valid&809)&&common_type>=860) 
> 
> Hmm, I can't trigger this with the filter file, can you?
> 
>  echo '(((fhandle~601)&&valid&809)&&common_type>=860)' > \
>   /sys/kernel/debug/tracing/events/nfs4/nfs4_fsinfo/filter
> 
> I'll write a user app to use the perf syscall and see if that is
> different, but in the mean time, can you try the above.

OK, fuzzing found another test case, this one I can reproduce using perf:

power:cpu_frequency
filter is (without the quotes)
"                           (                   (                                        ==                                              )                                                                                                      )                                   "

yes I know that filter is a bit rediculous.  Some of those spaces might be 
tabs.  Anyway it leads to:

[13626.276459] WARNING: CPU: 3 PID: 17880 at kernel/trace/trace_events_filter.c:1388 replace_preds+0x2e4/0xa50()
[13626.360782] CPU: 3 PID: 17880 Comm: perf_fuzzer Not tainted 4.1.0-rc8+ #158
[13626.368264] Hardware name: LENOVO 10AM000AUS/SHARKBAY, BIOS FBKT72AUS 01/26/2014
[13626.376238]  ffffffff81a1ac10 ffff8800bf30fcb8 ffffffff816d7439 0000000000000000
[13626.384294]  0000000000000000 ffff8800bf30fcf8 ffffffff81072eba ffff8800c56c0200
[13626.392329]  0000000000000001 ffff880036e4e418 ffff880036e4e400 ffff8800c56c01a0
[13626.400377] Call Trace:
[13626.403023]  [<ffffffff816d7439>] dump_stack+0x45/0x57
[13626.408539]  [<ffffffff81072eba>] warn_slowpath_common+0x8a/0xc0
[13626.415002]  [<ffffffff81072faa>] warn_slowpath_null+0x1a/0x20
[13626.421289]  [<ffffffff8114b1c4>] replace_preds+0x2e4/0xa50
[13626.427262]  [<ffffffff8114c2c3>] ? ftrace_profile_set_filter+0x23/0x100
[13626.434456]  [<ffffffff8114b9b2>] create_filter+0x82/0xb0
[13626.440680]  [<ffffffff8114c2f4>] ftrace_profile_set_filter+0x54/0x100
[13626.448135]  [<ffffffff81190a0b>] ? strndup_user+0x4b/0xc0
[13626.454464]  [<ffffffff81166260>] perf_ioctl+0x170/0x4d0
[13626.460638]  [<ffffffff810bb653>] ? up_write+0x23/0x50
[13626.466579]  [<ffffffff812023f0>] do_vfs_ioctl+0x2e0/0x4e0
[13626.472920]  [<ffffffff8120d0a5>] ? __fget+0x5/0xe0
[13626.478581]  [<ffffffff811a8f68>] ? SyS_mmap_pgoff+0xe8/0x290
[13626.485140]  [<ffffffff81202671>] SyS_ioctl+0x81/0xa0
[13626.490963]  [<ffffffff816df372>] system_call_fastpath+0x16/0x7a
[13626.497824] ---[ end trace 1beaa0aa99bf553f ]---

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ