| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20210903000246.425731d5@oasis.local.home>
Date: Fri, 3 Sep 2021 00:02:46 -0400
From: Steven Rostedt <rostedt@...dmis.org>
To: Jiang Jiasheng <jiasheng@...as.ac.cn>
Cc: mingo@...hat.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/2] tracing: Add trace_trigger_soft_disabled() in front
of trace_event_buffer_reserve() in trace_inject_entry()
On Fri, 3 Sep 2021 03:30:34 +0000
Jiang Jiasheng <jiasheng@...as.ac.cn> wrote:
> Directly use trace_event_buffer_reserve() might be unsafe,
How can it be unsafe?
> as we can see from the trace_trigger_soft_disabled() of
> 'include/linux/trace_events.h' that if the value of
> file->flags is 256, the check in the trace_trigger_soft_disabled()
> will be passed but actually shouldn't have.
> Therefore, we suggest that trace_trigger_soft_disabled()
> should be added in front of the trace_event_buffer_reserve()
> in trace_inject_entry().
Do you understand what the trace_inject_entry() does?
I'm not sure it makes sense to "soft disable" it.
>
> Signed-off-by: Jiang Jiasheng <jiasheng@...as.ac.cn>
> ---
> kernel/trace/trace_events_inject.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/kernel/trace/trace_events_inject.c b/kernel/trace/trace_events_inject.c
> index c188045..6dfd3cd 100644
> --- a/kernel/trace/trace_events_inject.c
> +++ b/kernel/trace/trace_events_inject.c
> @@ -21,6 +21,8 @@ trace_inject_entry(struct trace_event_file *file, void *rec, int len)
> void *entry;
>
> rcu_read_lock_sched();
> + if (trace_trigger_soft_disabled(file))
> + return written;
NACK!
The above introduces a major bug. Bonus points if you can figure out
what that is yourself.
-- Steve
> entry = trace_event_buffer_reserve(&fbuffer, file, len);
> if (entry) {
> memcpy(entry, rec, len);
Powered by blists - more mailing lists