lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 22 Jan 2019 22:14:34 +0900
From:   Masami Hiramatsu <mhiramat@...nel.org>
To:     Andreas Ziegler <andreas.ziegler@....de>
Cc:     Steven Rostedt <rostedt@...dmis.org>,
        Ingo Molnar <mingo@...hat.com>,
        Masami Hiramatsu <mhiramat@...nel.org>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] tracing: probeevent: Correctly update remaining space
 in dynamic area

On Tue, 22 Jan 2019 13:48:48 +0100
Andreas Ziegler <andreas.ziegler@....de> wrote:

> Commit 9178412ddf5a ("tracing: probeevent: Return consumed
> bytes of dynamic area") improved the string fetching
> mechanism by returning the number of required bytes after
> copying the argument to the dynamic area. However, this
> return value is now only used to increment the pointer
> inside the dynamic area but misses updating the 'maxlen'
> variable which indicates the remaining space in the dynamic
> area.

Oops! Good catch! :)

> 
> This means that fetch_store_string() always reads the *total*
> size of the dynamic area from the data_loc pointer instead of
> the *remaining* size (and passes it along to
> strncpy_from_{user,unsafe}) even if we're already about to
> copy data into the middle of the dynamic area.
> 

This looks good to me.

Acked-by: Masami Hiramatsu <mhiramat@...nel.org>

Thank you!!

> Fixes: 9178412ddf5a ("tracing: probeevent: Return consumed bytes of dynamic area")
> Signed-off-by: Andreas Ziegler <andreas.ziegler@....de>
> ---
>  kernel/trace/trace_probe_tmpl.h | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/kernel/trace/trace_probe_tmpl.h b/kernel/trace/trace_probe_tmpl.h
> index 5c56afc17cf8..0cf953e47584 100644
> --- a/kernel/trace/trace_probe_tmpl.h
> +++ b/kernel/trace/trace_probe_tmpl.h
> @@ -182,8 +182,10 @@ store_trace_args(void *data, struct trace_probe *tp, struct pt_regs *regs,
>  		ret = process_fetch_insn(arg->code, regs, dl, base);
>  		if (unlikely(ret < 0 && arg->dynamic))
>  			*dl = make_data_loc(0, dyndata - base);
> -		else
> +		else {
>  			dyndata += ret;
> +			maxlen -= ret;
> +		}
>  	}
>  }
>  
> -- 
> 2.17.1
> 


-- 
Masami Hiramatsu <mhiramat@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ