lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180109230917.19eaed97@vmware.local.home>
Date:   Tue, 9 Jan 2018 23:09:17 -0500
From:   Steven Rostedt <rostedt@...dmis.org>
To:     "Du, Changbin" <changbin.du@...el.com>
Cc:     jolsa@...hat.com, peterz@...radead.org, mingo@...hat.com,
        alexander.shishkin@...ux.intel.com, linux-kernel@...r.kernel.org,
        linux-perf-users@...r.kernel.org
Subject: Re: [PATCH 1/3] tracing: detect the string termination character
 when parsing user input string

On Wed, 10 Jan 2018 11:01:20 +0800
"Du, Changbin" <changbin.du@...el.com> wrote:

> hi Rostedt,
> 
> On Tue, Jan 09, 2018 at 05:54:34PM -0500, Steven Rostedt wrote:
> > On Tue,  9 Jan 2018 17:55:46 +0800
> > changbin.du@...el.com wrote:
> >   
> > > From: Changbin Du <changbin.du@...el.com>
> > > 
> > > The usersapce can give a '\0' terminated C string or even has '\0' at the
> > > middle of input buffer. We need handle both these two cases correctly.  
> > 
> > What do you define as correctly. Because I'm not seeing it.
> >  
> Soory I don't fully understand your question. What I meant is want to get clear that
> how will tracing parser below strings.
>   "", "  ",  "\0", " \0 ", "aa\0bb"
> The parser may only recognize certain formats, but whatever the behaviour should
> be clear and coherent for all tracing interfaces.

We have a lack of communication here, because now I'm confused by what
exactly you are asking. ;-)

> 
> > > 
> > > Before this change, trace_get_user() will return a parsed string "\0" in
> > > below case. It is not expected (expects it skip all inputs) and cause the
> > > caller failed.
> > > 
> > > open("/sys/kernel/debug/tracing//set_ftrace_pid", O_WRONLY|O_TRUNC) = 3
> > > write(3, " \0", 2)                      = -1 EINVAL (Invalid argument)  
> > 
> > That looks more like a feature and not a bug.
> >   
> I point this out because I think the parser should take this as an emptry string
> per the comments of trace_get_user().
> /*
>  * trace_get_user - reads the user input string separated by  space
>  * (matched by isspace(ch))
>  *
>  * For each string found the 'struct trace_parser' is updated,
>  * and the function returns.
>  *
>  * Returns number of bytes read.
>  *
>  * See kernel/trace/trace.h for 'struct trace_parser' details.
>  */

I'm also confused about the inconsistency you see here.

> 
> > > 
> > > This patch try to make the parser '\0' aware to fix such issue.  
> > 
> > Why?
> >   
> 
> > > 
> > > Since the caller expects trace_get_user() to parse whole input buffer, so
> > > this patch treat '\0' as a separator as whitespace.  
> > 
> > It looks more like we are trying to fix a userspace bug via the kernel.
> >   
> 
> > I'm not liking this. So NACK.

Thinking about this more, I may not be so against it. I'm guessing you
want to do something like:

	write(fd, "func1", 6);
	write(fd, "func2", 6);

And have it add both func1 and func2, where the '\0' is the separator.

If so, I can see that as a legitimate use case.

-- Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ