lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20200130190310.640ba01c@gandalf.local.home>
Date:   Thu, 30 Jan 2020 19:03:10 -0500
From:   Steven Rostedt <rostedt@...dmis.org>
To:     Arnaldo Carvalho de Melo <acme@...nel.org>
Cc:     Linux Trace Devel <linux-trace-devel@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>, john.koepi@...il.com
Subject: [PATCH] tools lib traceevent: Handle gcc __attribute__(()) in
 fields


From: "Steven Rostedt (VMware)" <rostedt@...dmis.org>

When CONFIG_STURCTLEAK and gcc plugins are enabled, then some macros become
expanded and displayed as part of the format fields in the event format
files. For example, the __user macro expands to __attribute__((user)) and
the field buf for the syscall trace event sys_enter_write has it added:

 # cat /sys/kernel/tracing/events/syscalls/sys_enter_write/format
name: sys_enter_write
ID: 680
format:
        field:unsigned short common_type;       offset:0;       size:2; signed:0;
        field:unsigned char common_flags;       offset:2;       size:1; signed:0;
        field:unsigned char common_preempt_count;       offset:3; size:1; signed:0;
        field:int common_pid;   offset:4;       size:4; signed:1;

        field:int __syscall_nr; offset:8;       size:4; signed:1;
        field:unsigned int fd;  offset:16;      size:8; signed:0;
        field:const char __attribute__((user)) * buf;   offset:24; size:8; signed:0;
        field:size_t count;     offset:32;      size:8; signed:0;

The "__attribute__((user))" breaks the parsing of the event. This needs to
also be handled.

Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=205857
Signed-off-by: Steven Rostedt (VMware) <rostedt@...dmis.org>
---

Arnaldo,

Hold off on applying this, I want to hear back from the reporter (in
the bugzilla) to make sure this solves the issue for him.

-- Steve

 tools/lib/traceevent/event-parse.c | 41 ++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/tools/lib/traceevent/event-parse.c b/tools/lib/traceevent/event-parse.c
index beaa8b8c08ff..ffba056772d5 100644
--- a/tools/lib/traceevent/event-parse.c
+++ b/tools/lib/traceevent/event-parse.c
@@ -1477,6 +1477,47 @@ static int event_read_fields(struct tep_event *event, struct tep_format_field **
 		/* read the rest of the type */
 		for (;;) {
 			type = read_token(&token);
+
+			/* On some configs, gcc __attribute((*)) may appear. */
+			if (type == TEP_EVENT_DELIM && strcmp(token, "(") == 0 &&
+			    last_token && strcmp(last_token, "__attribute__") == 0) {
+				char *new_token;
+
+				breakpoint();
+				if (read_expected(TEP_EVENT_DELIM, "(") < 0) {
+					free(last_token);
+					goto fail;
+				}
+				free(token);
+				if (read_expect_type(TEP_EVENT_ITEM, &token) < 0) {
+					free(last_token);
+					goto fail;
+				}
+				new_token = realloc(last_token,
+						    strlen(last_token) +
+						    strlen(token) + 5);
+				if (!new_token) {
+					free(last_token);
+					goto fail;
+				}
+				last_token = new_token;
+				strcat(last_token, "((");
+				strcat(last_token, token);
+				strcat(last_token, "))");
+				free(token);
+				token = NULL;
+
+				if (read_expected(TEP_EVENT_DELIM, ")") < 0) {
+					free(last_token);
+					goto fail;
+				}
+				if (read_expected(TEP_EVENT_DELIM, ")") < 0) {
+					free(last_token);
+					goto fail;
+				}
+				continue;
+			}
+
 			if (type == TEP_EVENT_ITEM ||
 			    (type == TEP_EVENT_OP && strcmp(token, "*") == 0) ||
 			    /*
-- 
2.20.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ