lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 20 Apr 2021 14:38:43 -0400
From:   Steven Rostedt <rostedt@...dmis.org>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     LKML <linux-kernel@...r.kernel.org>,
        Ingo Molnar <mingo@...nel.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Jon Hunter <jonathanh@...dia.com>,
        Masami Hiramatsu <mhiramat@...nel.org>
Subject: [GIT PULL] tracing: Fix checking event hash pointer logic when
 tp_printk is enabled


Linus,

tracing: Fix tp_printk command line and trace events

Masami added a wrapper to be able to unhash trace event pointers
as they are only read by root anyway, and they can also be extracted
by the raw trace data buffers. But this wrapper utilized the iterator
to have a temporary buffer to manipulate the text with.

tp_printk is a kernel command line option that will send the trace
output of a trace event to the console on boot up (useful when the
system crashes before finishing the boot). But the code used the same
wrapper that Masami added, and its iterator did not have a buffer,
and this caused the system to crash.

Have the wrapper just print the trace event normally if the iterator
has no temporary buffer.


Please pull the latest trace-v5.12-rc8 tree, which can be found at:


  git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace.git
trace-v5.12-rc8

Tag SHA1: 39ed1af76146f9f995c224de1987f14babc9aa28
Head SHA1: 0e1e71d34901a633825cd5ae78efaf8abd9215c6


Steven Rostedt (VMware) (1):
      tracing: Fix checking event hash pointer logic when tp_printk is enabled

----
 kernel/trace/trace.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)
---------------------------
commit 0e1e71d34901a633825cd5ae78efaf8abd9215c6
Author: Steven Rostedt (VMware) <rostedt@...dmis.org>
Date:   Mon Apr 19 14:23:12 2021 -0400

    tracing: Fix checking event hash pointer logic when tp_printk is enabled
    
    Pointers in events that are printed are unhashed if the flags allow it,
    and the logic to do so is called before processing the event output from
    the raw ring buffer. In most cases, this is done when a user reads one of
    the trace files.
    
    But if tp_printk is added on the kernel command line, this logic is done
    for trace events when they are triggered, and their output goes out via
    printk. The unhash logic (and even the validation of the output) did not
    support the tp_printk output, and would crash.
    
    Link: https://lore.kernel.org/linux-tegra/9835d9f1-8d3a-3440-c53f-516c2606ad07@nvidia.com/
    
    Fixes: efbbdaa22bb7 ("tracing: Show real address for trace event arguments")
    Reported-by: Jon Hunter <jonathanh@...dia.com>
    Tested-by: Jon Hunter <jonathanh@...dia.com>
    Signed-off-by: Steven Rostedt (VMware) <rostedt@...dmis.org>

diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 5c777627212f..c0c9aa5cd8e2 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -3545,7 +3545,11 @@ static char *trace_iter_expand_format(struct trace_iterator *iter)
 {
 	char *tmp;
 
-	if (iter->fmt == static_fmt_buf)
+	/*
+	 * iter->tr is NULL when used with tp_printk, which makes
+	 * this get called where it is not safe to call krealloc().
+	 */
+	if (!iter->tr || iter->fmt == static_fmt_buf)
 		return NULL;
 
 	tmp = krealloc(iter->fmt, iter->fmt_size + STATIC_FMT_BUF_SIZE,
@@ -3566,7 +3570,7 @@ const char *trace_event_format(struct trace_iterator *iter, const char *fmt)
 	if (WARN_ON_ONCE(!fmt))
 		return fmt;
 
-	if (iter->tr->trace_flags & TRACE_ITER_HASH_PTR)
+	if (!iter->tr || iter->tr->trace_flags & TRACE_ITER_HASH_PTR)
 		return fmt;
 
 	p = fmt;
@@ -9692,7 +9696,7 @@ void __init early_trace_init(void)
 {
 	if (tracepoint_printk) {
 		tracepoint_print_iter =
-			kmalloc(sizeof(*tracepoint_print_iter), GFP_KERNEL);
+			kzalloc(sizeof(*tracepoint_print_iter), GFP_KERNEL);
 		if (MEM_FAIL(!tracepoint_print_iter,
 			     "Failed to allocate trace iterator\n"))
 			tracepoint_printk = 0;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ