| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 9 May 2019 11:15:07 +0200
From: Ingo Molnar <mingo@...nel.org>
To: Masami Hiramatsu <mhiramat@...nel.org>
Cc: Steven Rostedt <rostedt@...dmis.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Shuah Khan <shuah@...nel.org>,
Arnaldo Carvalho de Melo <acme@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
linux-kernel@...r.kernel.org,
Andy Lutomirski <luto@...capital.net>,
Andrew Morton <akpm@...ux-foundation.org>,
Changbin Du <changbin.du@...il.com>,
Jann Horn <jannh@...gle.com>,
Kees Cook <keescook@...omium.org>,
Andy Lutomirski <luto@...nel.org>,
Alexei Starovoitov <alexei.starovoitov@...il.com>,
Nadav Amit <namit@...are.com>,
Joel Fernandes <joel@...lfernandes.org>, yhs@...com
Subject: Re: [PATCH v7 3/6] tracing/probe: Add ustring type for user-space
string
* Masami Hiramatsu <mhiramat@...nel.org> wrote:
> Add "ustring" type for fetching user-space string from kprobe event.
> User can specify ustring type at uprobe event, and it is same as
> "string" for uprobe.
>
> Note that probe-event provides this option but it doesn't choose the
> correct type automatically since we have not way to decide the address
> is in user-space or not on some arch (and on some other arch, you can
> fetch the string by "string" type). So user must carefully check the
> target code (e.g. if you see __user on the target variable) and
> use this new type.
>
> Signed-off-by: Masami Hiramatsu <mhiramat@...nel.org>
> Acked-by: Steven Rostedt (VMware) <rostedt@...dmis.org>
>
> ---
> Changes in v5:
> - Use strnlen_unsafe_user() in fetch_store_strlen_user().
> Changes in v2:
> - Use strnlen_user() instead of open code for fetch_store_strlen_user().
> ---
> Documentation/trace/kprobetrace.rst | 9 +++++++--
> kernel/trace/trace.c | 2 +-
> kernel/trace/trace_kprobe.c | 29 +++++++++++++++++++++++++++++
> kernel/trace/trace_probe.c | 14 +++++++++++---
> kernel/trace/trace_probe.h | 1 +
> kernel/trace/trace_probe_tmpl.h | 14 +++++++++++++-
> kernel/trace/trace_uprobe.c | 12 ++++++++++++
> 7 files changed, 74 insertions(+), 7 deletions(-)
>
> diff --git a/Documentation/trace/kprobetrace.rst b/Documentation/trace/kprobetrace.rst
> index 235ce2ab131a..a3ac7c9ac242 100644
> --- a/Documentation/trace/kprobetrace.rst
> +++ b/Documentation/trace/kprobetrace.rst
> @@ -55,7 +55,8 @@ Synopsis of kprobe_events
> NAME=FETCHARG : Set NAME as the argument name of FETCHARG.
> FETCHARG:TYPE : Set TYPE as the type of FETCHARG. Currently, basic types
> (u8/u16/u32/u64/s8/s16/s32/s64), hexadecimal types
> - (x8/x16/x32/x64), "string" and bitfield are supported.
> + (x8/x16/x32/x64), "string", "ustring" and bitfield
> + are supported.
>
> (\*1) only for the probe on function entry (offs == 0).
> (\*2) only for return probe.
> @@ -77,7 +78,11 @@ apply it to registers/stack-entries etc. (for example, '$stack1:x8[8]' is
> wrong, but '+8($stack):x8[8]' is OK.)
> String type is a special type, which fetches a "null-terminated" string from
> kernel space. This means it will fail and store NULL if the string container
> -has been paged out.
> +has been paged out. "ustring" type is an alternative of string for user-space.
> +Note that kprobe-event provides string/ustring types, but doesn't change it
> +automatically. So user has to decide if the targe string in kernel or in user
> +space carefully. On some arch, if you choose wrong one, it always fails to
> +record string data.
> The string array type is a bit different from other types. For other base
> types, <base-type>[1] is equal to <base-type> (e.g. +0(%di):x32[1] is same
> as +0(%di):x32.) But string[1] is not equal to string. The string type itself
> diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
> index dcb9adb44be9..101a5d09a632 100644
> --- a/kernel/trace/trace.c
> +++ b/kernel/trace/trace.c
> @@ -4858,7 +4858,7 @@ static const char readme_msg[] =
> "\t $stack<index>, $stack, $retval, $comm\n"
> #endif
> "\t type: s8/16/32/64, u8/16/32/64, x8/16/32/64, string, symbol,\n"
> - "\t b<bit-width>@<bit-offset>/<container-size>,\n"
> + "\t b<bit-width>@<bit-offset>/<container-size>, ustring,\n"
> "\t <type>\\[<array-size>\\]\n"
> #ifdef CONFIG_HIST_TRIGGERS
> "\t field: <stype> <name>;\n"
> diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c
> index 7d736248a070..fcb8806fc93c 100644
> --- a/kernel/trace/trace_kprobe.c
> +++ b/kernel/trace/trace_kprobe.c
> @@ -886,6 +886,14 @@ fetch_store_strlen(unsigned long addr)
> return (ret < 0) ? ret : len;
> }
>
> +/* Return the length of string -- including null terminal byte */
> +static nokprobe_inline int
> +fetch_store_strlen_user(unsigned long addr)
> +{
> + return strnlen_unsafe_user((__force const void __user *)addr,
> + MAX_STRING_SIZE);
> +}
> +
> /*
> * Fetch a null-terminated string. Caller MUST set *(u32 *)buf with max
> * length and relative data location.
> @@ -910,6 +918,27 @@ fetch_store_string(unsigned long addr, void *dest, void *base)
> return ret;
> }
>
> +/*
> + * Fetch a null-terminated string from user. Caller MUST set *(u32 *)buf
> + * with max length and relative data location.
> + */
> +static nokprobe_inline int
> +fetch_store_string_user(unsigned long addr, void *dest, void *base)
> +{
> + int maxlen = get_loc_len(*(u32 *)dest);
> + u8 *dst = get_loc_data(dest, base);
> + long ret;
> +
> + if (unlikely(!maxlen))
> + return -ENOMEM;
> + ret = strncpy_from_unsafe_user(dst, (__force const void __user *)addr,
> + maxlen);
Pointless line break.
> +
> + if (ret >= 0)
> + *(u32 *)dest = make_data_loc(ret, (void *)dst - base);
> + return ret;
> +}
Plus the problem as in the earlier patch.
Thanks,
Ingo
Powered by blists - more mailing lists