lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20201124120523.34a59eed@gandalf.local.home>
Date:   Tue, 24 Nov 2020 12:05:23 -0500
From:   Steven Rostedt <rostedt@...dmis.org>
To:     Hui Su <sh_def@....com>
Cc:     mingo@...hat.com, jack@...e.cz, akpm@...ux-foundation.org,
        neilb@...e.de, tj@...nel.org, trond.myklebust@...merspace.com,
        liuzhiqiang26@...wei.com, tytso@....edu, cai@....pw,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] trace: fix potenial dangerous pointer

On Wed, 25 Nov 2020 00:52:05 +0800
Hui Su <sh_def@....com> wrote:

> The bdi_dev_name() returns a char [64], and
> the __entry->name is a char [32].
> 
> It maybe dangerous to TP_printk("%s", __entry->name)
> after the strncpy().

Acked-by: Steven Rostedt (VMware) <rostedt@...dmis.org>

This should go through the tree that has the code that uses these
tracepoints.

-- Steve


> 
> Signed-off-by: Hui Su <sh_def@....com>
> ---
>  include/trace/events/writeback.h | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/include/trace/events/writeback.h b/include/trace/events/writeback.h
> index e7cbccc7c14c..57d795365987 100644
> --- a/include/trace/events/writeback.h
> +++ b/include/trace/events/writeback.h
> @@ -190,7 +190,7 @@ TRACE_EVENT(inode_foreign_history,
>  	),
>  
>  	TP_fast_assign(
> -		strncpy(__entry->name, bdi_dev_name(inode_to_bdi(inode)), 32);
> +		strscpy_pad(__entry->name, bdi_dev_name(inode_to_bdi(inode)), 32);
>  		__entry->ino		= inode->i_ino;
>  		__entry->cgroup_ino	= __trace_wbc_assign_cgroup(wbc);
>  		__entry->history	= history;
> @@ -219,7 +219,7 @@ TRACE_EVENT(inode_switch_wbs,
>  	),
>  
>  	TP_fast_assign(
> -		strncpy(__entry->name,	bdi_dev_name(old_wb->bdi), 32);
> +		strscpy_pad(__entry->name, bdi_dev_name(old_wb->bdi), 32);
>  		__entry->ino		= inode->i_ino;
>  		__entry->old_cgroup_ino	= __trace_wb_assign_cgroup(old_wb);
>  		__entry->new_cgroup_ino	= __trace_wb_assign_cgroup(new_wb);
> @@ -252,7 +252,7 @@ TRACE_EVENT(track_foreign_dirty,
>  		struct address_space *mapping = page_mapping(page);
>  		struct inode *inode = mapping ? mapping->host : NULL;
>  
> -		strncpy(__entry->name,	bdi_dev_name(wb->bdi), 32);
> +		strscpy_pad(__entry->name, bdi_dev_name(wb->bdi), 32);
>  		__entry->bdi_id		= wb->bdi->id;
>  		__entry->ino		= inode ? inode->i_ino : 0;
>  		__entry->memcg_id	= wb->memcg_css->id;
> @@ -285,7 +285,7 @@ TRACE_EVENT(flush_foreign,
>  	),
>  
>  	TP_fast_assign(
> -		strncpy(__entry->name,	bdi_dev_name(wb->bdi), 32);
> +		strscpy_pad(__entry->name, bdi_dev_name(wb->bdi), 32);
>  		__entry->cgroup_ino	= __trace_wb_assign_cgroup(wb);
>  		__entry->frn_bdi_id	= frn_bdi_id;
>  		__entry->frn_memcg_id	= frn_memcg_id;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ