lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20200426165904.a54e6942643f01fd9a1950c3@kernel.org>
Date:   Sun, 26 Apr 2020 16:59:04 +0900
From:   Masami Hiramatsu <mhiramat@...nel.org>
To:     Steven Rostedt <rostedt@...dmis.org>
Cc:     Tom Zanussi <zanussi@...nel.org>, linux-kernel@...r.kernel.org,
        Ingo Molnar <mingo@...nel.org>
Subject: Re: [PATCH 2/3] tracing/boottime: Fix kprobe event API usage

On Sat, 25 Apr 2020 10:00:20 -0400
Steven Rostedt <rostedt@...dmis.org> wrote:

> On Sat, 25 Apr 2020 14:49:17 +0900
> Masami Hiramatsu <mhiramat@...nel.org> wrote:
> 
> > Fix boottime kprobe events to use API correctly for
> > multiple events.
> > 
> > For example, when we set a multiprobe kprobe events in
> > bootconfig like below,
> > 
> >   ftrace.event.kprobes.myevent {
> >   	probes = "vfs_read $arg1 $arg2", "vfs_write $arg1 $arg2"
> >   }
> > 
> > This cause an error;
> > 
> >   trace_boot: Failed to add probe: p:kprobes/myevent (null)  vfs_read $arg1 $arg2  vfs_write $arg1 $arg2
> > 
> > This shows the 1st argument becomes NULL and multiprobes
> > are merged to 1 probe.
> > 
> > Fixes: 29a154810546 ("tracing: Change trace_boot to use kprobe_event interface")
> > Signed-off-by: Masami Hiramatsu <mhiramat@...nel.org>
> > Cc: stable@...r.kernel.org
> > ---
> >  kernel/trace/trace_boot.c |   20 ++++++++------------
> >  1 file changed, 8 insertions(+), 12 deletions(-)
> > 
> > diff --git a/kernel/trace/trace_boot.c b/kernel/trace/trace_boot.c
> > index 06d7feb5255f..9de29bb45a27 100644
> > --- a/kernel/trace/trace_boot.c
> > +++ b/kernel/trace/trace_boot.c
> > @@ -95,24 +95,20 @@ trace_boot_add_kprobe_event(struct xbc_node *node, const char *event)
> >  	struct xbc_node *anode;
> >  	char buf[MAX_BUF_LEN];
> >  	const char *val;
> > -	int ret;
> > +	int ret = 0;
> >  
> > -	kprobe_event_cmd_init(&cmd, buf, MAX_BUF_LEN);
> > +	xbc_node_for_each_array_value(node, "probes", anode, val) {
> > +		kprobe_event_cmd_init(&cmd, buf, MAX_BUF_LEN);
> >  
> > -	ret = kprobe_event_gen_cmd_start(&cmd, event, NULL);
> > -	if (ret)
> > -		return ret;
> > +		ret = kprobe_event_gen_cmd_start(&cmd, event, val);
> > +		if (ret)
> > +			break;
> 
> Should we break here? What about just printing an error message and
> continuing to the next probe. If I start up something with a typo in
> the first element, I lose all events. But if I have a typo in the last
> one, I get all but that one. I rather have it just fail on the ones that
> don't parse properly.

This kprobe_event_gen_cmd_start() causes an error only if there is
a program bug or out of memory, because it never evaluate given probe
definition, but kprobe_event_gen_cmd_end() does. Thus I think this is
correct way to handle the error.

IOW, if you typo a probe, it will be handled by
kprobe_event_gen_cmd_end() and it shows an error message and continue
to process other probe definitions. See below,

> > -	xbc_node_for_each_array_value(node, "probes", anode, val) {
> > -		ret = kprobe_event_add_field(&cmd, val);
> > +		ret = kprobe_event_gen_cmd_end(&cmd);
> >  		if (ret)
> > -			return ret;
> > +			pr_err("Failed to add probe: %s\n", buf);
> >  	}

This continues to next probe ;-)

Thank you,

> >  
> > -	ret = kprobe_event_gen_cmd_end(&cmd);
> > -	if (ret)
> > -		pr_err("Failed to add probe: %s\n", buf);
> > -
> >  	return ret;
> >  }
> >  #else
> 


-- 
Masami Hiramatsu <mhiramat@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ