| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 1 Jul 2021 14:05:10 -0400
From: Joel Fernandes <joelaf@...gle.com>
To: Paul Burton <paulburton@...gle.com>
Cc: linux-kernel@...r.kernel.org, Steven Rostedt <rostedt@...dmis.org>,
Ingo Molnar <mingo@...hat.com>, stable@...r.kernel.org
Subject: Re: [PATCH 1/2] tracing: Simplify & fix saved_tgids logic
On Thu, Jul 1, 2021 at 1:32 PM Paul Burton <paulburton@...gle.com> wrote:
>
> Hi Joel,
>
> On Wed, Jun 30, 2021 at 06:29:55PM -0400, Joel Fernandes wrote:
> > On Tue, Jun 29, 2021 at 8:34 PM Paul Burton <paulburton@...gle.com> wrote:
> > >
> > > The tgid_map array records a mapping from pid to tgid, where the index
> > > of an entry within the array is the pid & the value stored at that index
> > > is the tgid.
> > >
> > > The saved_tgids_next() function iterates over pointers into the tgid_map
> > > array & dereferences the pointers which results in the tgid, but then it
> > > passes that dereferenced value to trace_find_tgid() which treats it as a
> > > pid & does a further lookup within the tgid_map array. It seems likely
> > > that the intent here was to skip over entries in tgid_map for which the
> > > recorded tgid is zero, but instead we end up skipping over entries for
> > > which the thread group leader hasn't yet had its own tgid recorded in
> > > tgid_map.
> > >
> > > A minimal fix would be to remove the call to trace_find_tgid, turning:
> > >
> > > if (trace_find_tgid(*ptr))
> > >
> > > into:
> > >
> > > if (*ptr)
> > >
> > > ..but it seems like this logic can be much simpler if we simply let
> > > seq_read() iterate over the whole tgid_map array & filter out empty
> > > entries by returning SEQ_SKIP from saved_tgids_show(). Here we take that
> > > approach, removing the incorrect logic here entirely.
> >
> > Looks reasonable except for one nit:
> >
> > > Signed-off-by: Paul Burton <paulburton@...gle.com>
> > > Fixes: d914ba37d714 ("tracing: Add support for recording tgid of tasks")
> > > Cc: Steven Rostedt <rostedt@...dmis.org>
> > > Cc: Ingo Molnar <mingo@...hat.com>
> > > Cc: Joel Fernandes <joelaf@...gle.com>
> > > Cc: <stable@...r.kernel.org>
> > > ---
> > > kernel/trace/trace.c | 38 +++++++++++++-------------------------
> > > 1 file changed, 13 insertions(+), 25 deletions(-)
> > >
> > > diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
> > > index d23a09d3eb37b..9570667310bcc 100644
> > > --- a/kernel/trace/trace.c
> > > +++ b/kernel/trace/trace.c
> > > @@ -5608,37 +5608,20 @@ static const struct file_operations tracing_readme_fops = {
> > >
> > > static void *saved_tgids_next(struct seq_file *m, void *v, loff_t *pos)
> > > {
> > > - int *ptr = v;
> > > + int pid = ++(*pos);
> > >
> > > - if (*pos || m->count)
> > > - ptr++;
> > > -
> > > - (*pos)++;
> > > -
> > > - for (; ptr <= &tgid_map[PID_MAX_DEFAULT]; ptr++) {
> > > - if (trace_find_tgid(*ptr))
> > > - return ptr;
> >
> > It would be great if you can add back the check for !tgid_map to both
> > next() and show() as well, for added robustness (since the old code
> > previously did it).
>
> That condition cannot happen, because both next() & show() are called to
> iterate through the content of the seq_file & by definition their v
> argument is non-NULL (else seq_file would have finished iterating
> already). That argument came from either start() or an earlier call to
> next(), which would only have returned a non-NULL pointer into tgid_map
> if tgid_map is non-NULL.
Hmm, You do have a point. Alright then. You could add my Reviewed-by
tag for this patch to subsequent postings.
thanks,
-Joel
Powered by blists - more mailing lists