lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20170210062059.GC14705@sejong>
Date:   Fri, 10 Feb 2017 15:20:59 +0900
From:   Namhyung Kim <namhyung@...nel.org>
To:     Steven Rostedt <rostedt@...dmis.org>
CC:     LKML <linux-kernel@...r.kernel.org>,
        Srikar Dronamraju <srikar@...ux.vnet.ibm.com>,
        Masami Hiramatsu <mhiramat@...nel.org>,
        Ingo Molnar <mingo@...nel.org>,
        Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: [RFC][PATCH] tracing: Have traceprobe_probes_write() not access
 userspace unnecessarily

On Thu, Feb 09, 2017 at 06:04:58PM -0500, Steven Rostedt wrote:
> 
> The code in traceprobe_probes_write() reads up to 4096 bytes from userpace
> for each line. If userspace passes in several lines to execute, the code
> will do a large read for each line, even though, it is highly likely that
> the first read from userspace received all of the lines at one.
> 
> I changed the logic to do a single read from userspace, and to only read
> from userspace again if not all of the read from userspace made it in.
> 
> I tested this by adding printk()s and writing files that would test -1, ==,
> and +1 the buffer size, to make sure that there's no overflows and that if a
> single line is written with +1 the buffer size, that it fails properly.
> 
> Signed-off-by: Steven Rostedt (VMware) <rostedt@...dmis.org>

Acked-by: Namhyung Kim <namhyung@...nel.org>

Thanks,
Namhyung


> ---
>  kernel/trace/trace_probe.c | 48 ++++++++++++++++++++++++++++------------------
>  1 file changed, 29 insertions(+), 19 deletions(-)
> 
> diff --git a/kernel/trace/trace_probe.c b/kernel/trace/trace_probe.c
> index 8c0553d..2a06f1f 100644
> --- a/kernel/trace/trace_probe.c
> +++ b/kernel/trace/trace_probe.c
> @@ -647,7 +647,7 @@ ssize_t traceprobe_probes_write(struct file *file, const char __user *buffer,
>  				size_t count, loff_t *ppos,
>  				int (*createfn)(int, char **))
>  {
> -	char *kbuf, *tmp;
> +	char *kbuf, *buf, *tmp;
>  	int ret = 0;
>  	size_t done = 0;
>  	size_t size;
> @@ -667,27 +667,37 @@ ssize_t traceprobe_probes_write(struct file *file, const char __user *buffer,
>  			goto out;
>  		}
>  		kbuf[size] = '\0';
> -		tmp = strchr(kbuf, '\n');
> +		buf = kbuf;
> +		do {
> +			tmp = strchr(buf, '\n');
> +			if (tmp) {
> +				*tmp = '\0';
> +				size = tmp - buf + 1;
> +			} else {
> +				size = strlen(buf);
> +				if (done + size < count) {
> +					if (buf != kbuf)
> +						break;
> +					pr_warn("Line length is too long: Should be less than %d\n",
> +						WRITE_BUFSIZE);
> +					ret = -EINVAL;
> +					goto out;
> +				}
> +			}
> +			done += size;
>  
> -		if (tmp) {
> -			*tmp = '\0';
> -			size = tmp - kbuf + 1;
> -		} else if (done + size < count) {
> -			pr_warn("Line length is too long: Should be less than %d\n",
> -				WRITE_BUFSIZE);
> -			ret = -EINVAL;
> -			goto out;
> -		}
> -		done += size;
> -		/* Remove comments */
> -		tmp = strchr(kbuf, '#');
> +			/* Remove comments */
> +			tmp = strchr(buf, '#');
>  
> -		if (tmp)
> -			*tmp = '\0';
> +			if (tmp)
> +				*tmp = '\0';
>  
> -		ret = traceprobe_command(kbuf, createfn);
> -		if (ret)
> -			goto out;
> +			ret = traceprobe_command(buf, createfn);
> +			if (ret)
> +				goto out;
> +			buf += size;
> +
> +		} while (done < count);
>  	}
>  	ret = done;
>  
> -- 
> 2.9.3
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ