lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ae2254dd-dcc8-3375-e8d6-efb73e280574@virtuozzo.com>
Date:   Thu, 18 Nov 2021 07:57:33 +0300
From:   Nikita Yushchenko <nikita.yushchenko@...tuozzo.com>
To:     Steven Rostedt <rostedt@...dmis.org>
Cc:     Ingo Molnar <mingo@...hat.com>, linux-kernel@...r.kernel.org,
        kernel@...nvz.org
Subject: Re: [PATCH] tracing: fix va_list breakage in trace_check_vprintf()

Hi

> The real fix is:
> 
> diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
> index f9139dc1262c..7aa5ea5ca912 100644
> --- a/kernel/trace/trace.c
> +++ b/kernel/trace/trace.c
> @@ -3654,6 +3654,10 @@ static bool trace_safe_str(struct trace_iterator *iter, const char *str)
>   	struct trace_event *trace_event;
>   	struct trace_event_call *event;
>   
> +	/* if seq is full, then we can't test it */
> +	if (iter->seq->full)
> +		return true;
> +

What I don't like here is - trace_check_vprintf() will still extract wrong positional arguments, and use 
the result as part of it's logic.

Although with your change such use becomes a no-op, this is unintuitive and can turn easily into real 
problems with future changes.

And, the above comment is inexact...  why we can't test? We can, testing code does no depend on 
iter->seq. What we can't is - reliably extract str to test.

If testing seq->full condition is preferred over forcibly consuming args from va_list, then such a test 
shall be done before trace_check_vprintf() tries to use va_arg(). Will submit a patch doing that.

Nikita

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ