lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160324111303.03bf14be@gandalf.local.home>
Date:	Thu, 24 Mar 2016 11:13:03 -0400
From:	Steven Rostedt <rostedt@...dmis.org>
To:	Baolin Wang <baolin.wang@...aro.org>
Cc:	ulf.hansson@...aro.org, mingo@...hat.com, adrian.hunter@...el.com,
	yangbo.lu@...escale.com, akpm@...ux-foundation.org,
	JBottomley@...n.com, lporzio@...ron.com, jonathanh@...dia.com,
	grundler@...omium.org, axboe@...com, fabf@...net.be,
	yunpeng.gao@...el.com, dan.j.williams@...el.com,
	rabin.vincent@...s.com, chuanxiao.dong@...el.com,
	shawn.lin@...k-chips.com, heiko@...ech.de, dianders@...omium.org,
	david@...tonic.nl, broonie@...nel.org, linus.walleij@...aro.org,
	takahiro.akashi@...aro.org, linux-kernel@...r.kernel.org,
	linux-mmc@...r.kernel.org
Subject: Re: [PATCH] mmc: Provide tracepoints for request processing

On Thu, 24 Mar 2016 19:54:08 +0800
Baolin Wang <baolin.wang@...aro.org> wrote:


> +++ b/include/trace/events/mmc.h
> @@ -0,0 +1,188 @@
> +#undef TRACE_SYSTEM
> +#define TRACE_SYSTEM mmc
> +
> +#if !defined(_TRACE_MMC_H) || defined(TRACE_HEADER_MULTI_READ)
> +#define _TRACE_MMC_H
> +
> +#include <linux/blkdev.h>
> +#include <linux/mmc/core.h>
> +#include <linux/mmc/host.h>
> +#include <linux/tracepoint.h>
> +
> +DECLARE_EVENT_CLASS(mmc_request,
> +
> +	TP_PROTO(struct request *rq),
> +
> +	TP_ARGS(rq),
> +
> +	TP_STRUCT__entry(
> +		__field(sector_t,		sector)
> +		__field(unsigned int,		data_len)
> +		__field(int,			cmd_dir)
> +		__field(struct request *,	rq)
> +	),
> +
> +	TP_fast_assign(
> +		__entry->sector = blk_rq_pos(rq);
> +		__entry->data_len = blk_rq_bytes(rq);
> +		__entry->cmd_dir = rq_data_dir(rq);
> +		__entry->rq = rq;
> +	),
> +
> +	TP_printk("struct request[%p]:sector=%lu rw=%d len=%u",
> +		  (struct request *)__entry->rq,
> +		  (unsigned long)__entry->sector,
> +		  (int)__entry->cmd_dir,
> +		  (unsigned int)__entry->data_len)

Why the typecasts? __entry->rq is already of the type "struct request *"
as you declared it in the TP_STRUCT__entry(). Same for the other fields.


> +);
> +
> +DEFINE_EVENT(mmc_request, mmc_queue_fetch,
> +
> +	TP_PROTO(struct request *rq),
> +
> +	TP_ARGS(rq)
> +
> +);
> +
> +DEFINE_EVENT(mmc_request, mmc_block_packed_req,
> +
> +	TP_PROTO(struct request *rq),
> +
> +	TP_ARGS(rq)
> +
> +);
> +
> +DEFINE_EVENT(mmc_request, mmc_block_req_done,
> +
> +	TP_PROTO(struct request *rq),
> +
> +	TP_ARGS(rq)
> +
> +);
> +
> +TRACE_EVENT(mmc_request_start,
> +
> +	TP_PROTO(struct mmc_host *host, struct mmc_request *mrq),
> +
> +	TP_ARGS(host, mrq),
> +
> +	TP_STRUCT__entry(
> +		__field(u32,			cmd_opcode)
> +		__field(u32,			cmd_arg)
> +		__field(unsigned int,		cmd_flags)
> +		__field(u32,			stop_opcode)
> +		__field(u32,			stop_arg)
> +		__field(unsigned int,		stop_flags)
> +		__field(u32,			sbc_opcode)
> +		__field(u32,			sbc_arg)
> +		__field(unsigned int,		sbc_flags)
> +		__field(unsigned int,		blocks)
> +		__field(unsigned int,		blksz)
> +		__field(unsigned int,		data_flags)
> +		__field(struct mmc_request *,	mrq)
> +		__field(struct mmc_host *,	host)
> +	),
> +
> +	TP_fast_assign(
> +		__entry->cmd_opcode = mrq->cmd->opcode;
> +		__entry->cmd_arg = mrq->cmd->arg;
> +		__entry->cmd_flags = mrq->cmd->flags;
> +		__entry->stop_opcode = mrq->stop ? mrq->stop->opcode : 0;
> +		__entry->stop_arg = mrq->stop ? mrq->stop->arg : 0;
> +		__entry->stop_flags = mrq->stop ? mrq->stop->flags : 0;
> +		__entry->sbc_opcode = mrq->sbc ? mrq->sbc->opcode : 0;
> +		__entry->sbc_arg = mrq->sbc ? mrq->sbc->arg : 0;
> +		__entry->sbc_flags = mrq->sbc ? mrq->sbc->flags : 0;
> +		__entry->blksz = mrq->data ? mrq->data->blksz : 0;
> +		__entry->blocks = mrq->data ? mrq->data->blocks : 0;
> +		__entry->data_flags = mrq->data ? mrq->data->flags : 0;
> +		__entry->mrq = mrq;
> +		__entry->host = host;
> +	),
> +
> +	TP_printk("%s: start struct mmc_request[%p]: "
> +		  "cmd_opcode=%u cmd_arg=0x%x cmd_flags=0x%x "
> +		  "stop_opcode=%u stop_arg=0x%x stop_flags=0x%x "
> +		  "sbc_opcode=%u sbc_arg=0x%x sbc_flags=0x%x "
> +		  "blocks=%u blksz=%u data_flags=0x%x",
> +		  mmc_hostname((struct mmc_host *)__entry->host),

Is this safe? I see mmc_hostname() defined as:

 dev_name(&(x)->class_dev)

Which would be here:

 dev_name(&(__entry->host)->class_dev)

How what happens if ater you trace a host, you free it? Then the old
pointer will still be in the buffer. If the user reads the trace data
and this is called, then __entry->host will be pointing to freed data,
and the dereference could cause a system crash.


> +		  (struct mmc_request *)__entry->mrq,
> +		  (u32)__entry->cmd_opcode, (u32)__entry->cmd_arg,
> +		  (unsigned int)__entry->cmd_flags,
> +		  (u32)__entry->stop_opcode, (u32)__entry->stop_arg,
> +		  (unsigned int)__entry->stop_flags,
> +		  (u32)__entry->sbc_opcode, (u32)__entry->sbc_arg,
> +		  (unsigned int)__entry->sbc_flags,
> +		  (unsigned int)__entry->blocks,
> +		  (unsigned int)__entry->blksz,
> +		  (unsigned int)__entry->data_flags)
> +);
> +
> +TRACE_EVENT(mmc_request_done,
> +
> +	TP_PROTO(struct mmc_host *host, struct mmc_request *mrq),
> +
> +	TP_ARGS(host, mrq),
> +
> +	TP_STRUCT__entry(
> +		__field(u32,		cmd_opcode)
> +		__field(int,		cmd_err)
> +		__array(u32,		cmd_resp,	4)
> +		__field(u32,		stop_opcode)
> +		__field(int,		stop_err)
> +		__array(u32,		stop_resp,	4)
> +		__field(u32,		sbc_opcode)
> +		__field(int,		sbc_err)
> +		__array(u32,		sbc_resp,	4)
> +		__field(unsigned int,		bytes_xfered)
> +		__field(int,			data_err)
> +		__field(struct mmc_request *,	mrq)
> +		__field(struct mmc_host *,	host)
> +	),
> +
> +	TP_fast_assign(
> +		__entry->cmd_opcode = mrq->cmd->opcode;
> +		__entry->cmd_err = mrq->cmd->error;
> +		memcpy(__entry->cmd_resp, mrq->cmd->resp, 4);
> +		__entry->stop_opcode = mrq->stop ? mrq->stop->opcode : 0;
> +		__entry->stop_err = mrq->stop ? mrq->stop->error : 0;
> +		__entry->stop_resp[0] = mrq->stop ? mrq->stop->resp[0] : 0;
> +		__entry->stop_resp[1] = mrq->stop ? mrq->stop->resp[1] : 0;
> +		__entry->stop_resp[2] = mrq->stop ? mrq->stop->resp[2] : 0;
> +		__entry->stop_resp[3] = mrq->stop ? mrq->stop->resp[3] : 0;
> +		__entry->sbc_opcode = mrq->sbc ? mrq->sbc->opcode : 0;
> +		__entry->sbc_err = mrq->sbc ? mrq->sbc->error : 0;
> +		__entry->sbc_resp[0] = mrq->sbc ? mrq->sbc->resp[0] : 0;
> +		__entry->sbc_resp[1] = mrq->sbc ? mrq->sbc->resp[1] : 0;
> +		__entry->sbc_resp[2] = mrq->sbc ? mrq->sbc->resp[2] : 0;
> +		__entry->sbc_resp[3] = mrq->sbc ? mrq->sbc->resp[3] : 0;
> +		__entry->bytes_xfered = mrq->data ? mrq->data->bytes_xfered : 0;
> +		__entry->data_err = mrq->data ? mrq->data->error : 0;
> +		__entry->host = host;
> +		__entry->mrq = mrq;
> +	),
> +
> +	TP_printk("%s: end struct mmc_request[%p]: "
> +		  "cmd_opcode=%u cmd_err=%d cmd_resp=0x%x 0x%x 0x%x 0x%x "
> +		  "stop_opcode=%u stop_err=%d stop_resp=0x%x 0x%x 0x%x 0x%x "
> +		  "sbc_opcode=%u sbc_err=%d sbc_resp=0x%x 0x%x 0x%x 0x%x "
> +		  "bytes_xfered=%u data_err=%d",
> +		  mmc_hostname((struct mmc_host *)__entry->host),

Same here, and please get rid of all the redundant typecasts.

-- Steve

> +		  (struct mmc_request *)__entry->mrq,
> +		  (u32)__entry->cmd_opcode, (int)__entry->cmd_err,
> +		  (u32)__entry->cmd_resp[0], (u32)__entry->cmd_resp[1],
> +		  (u32)__entry->cmd_resp[2], (u32)__entry->cmd_resp[3],
> +		  (u32)__entry->stop_opcode, (int)__entry->stop_err,
> +		  (u32)__entry->stop_resp[0], (u32)__entry->stop_resp[1],
> +		  (u32)__entry->stop_resp[2], (u32)__entry->stop_resp[3],
> +		  (u32)__entry->sbc_opcode, (int)__entry->sbc_err,
> +		  (u32)__entry->sbc_resp[0], (u32)__entry->sbc_resp[1],
> +		  (u32)__entry->sbc_resp[2], (u32)__entry->sbc_resp[3],
> +		  (unsigned int)__entry->bytes_xfered,
> +		  (int)__entry->data_err)
> +);
> +
> +#endif /* _TRACE_MMC_H */
> +
> +/* This part must be outside protection */
> +#include <trace/define_trace.h>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ