| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 25 May 2023 10:02:12 -0700
From: Beau Belgrave <beaub@...ux.microsoft.com>
To: sunliming <sunliming@...inos.cn>
Cc: mhiramat@...nel.org, rostedt@...dmis.org,
linux-trace-kernel@...r.kernel.org, linux-kernel@...r.kernel.org,
kelulanainsley@...il.com
Subject: Re: [PATCH] tracing/user_events: Prevent same name but different
args event
On Thu, May 25, 2023 at 09:21:05AM +0800, sunliming wrote:
> User processes register name_args for events. If the same name but different
> args event are registered. The trace outputs of second event are printed
> as the first event. This is incorrect.
>
Good catch, we do this in dynamic_events, but not in the raw ABI case.
> Return EADDRINUSE back to the user process if the same name but different args
> event has being registered.
>
> Signed-off-by: sunliming <sunliming@...inos.cn>
> ---
> kernel/trace/trace_events_user.c | 74 ++++++++++++++++---
> .../selftests/user_events/ftrace_test.c | 6 ++
> 2 files changed, 68 insertions(+), 12 deletions(-)
>
> diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c
> index b1ecd7677642..aacd22c1e9f8 100644
> --- a/kernel/trace/trace_events_user.c
> +++ b/kernel/trace/trace_events_user.c
> @@ -1741,6 +1741,46 @@ static int user_event_trace_register(struct user_event *user)
> return ret;
> }
>
> +static int compare_ftrace_field(struct ftrace_event_field *field1,
> + struct ftrace_event_field *field2)
> +{
> + if (field1->offset == field2->offset &&
> + field1->size == field2->size &&
> + field1->is_signed == field2->is_signed &&
> + field1->filter_type == field2->filter_type &&
> + !strcmp(field1->name, field2->name))
> + return 0;
> + else
> + return -1;
> +}
> +
> +static int user_event_compare_fields(struct user_event *user1,
> + struct user_event *user2)
> +{
> + struct ftrace_event_field *field1, *field2;
> +
> + field1 = list_first_entry(&user1->fields,
> + struct ftrace_event_field, link);
> + field2 = list_first_entry(&user2->fields,
> + struct ftrace_event_field, link);
> +
> + while (&field1->link != &user1->fields &&
> + &field2->link != &user2->fields) {
> +
> + if (compare_ftrace_field(field1, field2))
> + break;
> +
> + field1 = list_next_entry(field1, link);
> + field2 = list_next_entry(field2, link);
> + }
> +
> + if (&field1->link == &user1->fields &&
> + &field2->link == &user2->fields)
> + return 0;
> + else
> + return -EADDRINUSE;
> +}
> +
We already have a way to compare the fields match via the dynamic_events
interface. Please change to use user_fields_match() instead. This makes
it so we only have one way to do this check, etc.
> /*
> * Parses the event name, arguments and flags then registers if successful.
> * The name buffer lifetime is owned by this method for success cases only.
> @@ -1752,23 +1792,13 @@ static int user_event_parse(struct user_event_group *group, char *name,
> {
> int ret;
> u32 key;
> - struct user_event *user;
> + struct user_event *user, *tmp_user;
>
> /* Prevent dyn_event from racing */
> mutex_lock(&event_mutex);
> - user = find_user_event(group, name, &key);
> + tmp_user = find_user_event(group, name, &key);
> mutex_unlock(&event_mutex);
>
Here we should be able to just do something like:
argv = argv_split(GFP_KERNEL, args, &argc);
match = user_fields_match(user, argc, argv);
argv_free(argv);
NOTE: The above is just pseudocode and does not check the return of
argv_split, etc. but gives you the idea.
> - if (user) {
> - *newuser = user;
> - /*
> - * Name is allocated by caller, free it since it already exists.
> - * Caller only worries about failure cases for freeing.
> - */
> - kfree(name);
> - return 0;
> - }
> -
> user = kzalloc(sizeof(*user), GFP_KERNEL_ACCOUNT);
>
> if (!user)
> @@ -1786,6 +1816,26 @@ static int user_event_parse(struct user_event_group *group, char *name,
> if (ret)
> goto put_user;
>
> + if (tmp_user) {
> + /*
> + * Prevent users form using the same name for different fields. This
> + * can cause unexpected output for the second event.
> + */
> + ret = user_event_compare_fields(user, tmp_user);
> +
> + if (!ret) {
> + *newuser = tmp_user;
> + /*
> + * Name is allocated by caller, free it since it already exists.
> + * Caller only worries about failure cases for freeing.
> + */
> + kfree(name);
> + } else
> + refcount_dec(&tmp_user->refcnt);
> +
> + goto put_user;
> + }
> +
> ret = user_event_create_print_fmt(user);
>
> if (ret)
> diff --git a/tools/testing/selftests/user_events/ftrace_test.c b/tools/testing/selftests/user_events/ftrace_test.c
> index 7c99cef94a65..d738efd51daf 100644
> --- a/tools/testing/selftests/user_events/ftrace_test.c
> +++ b/tools/testing/selftests/user_events/ftrace_test.c
> @@ -228,6 +228,12 @@ TEST_F(user, register_events) {
> ASSERT_EQ(0, ioctl(self->data_fd, DIAG_IOCSREG, ®));
> ASSERT_EQ(0, reg.write_index);
>
> + /* Multipule regitsters to same name but different args should fail */
Typos, should be Multiple registers to same name but different args
should fail.
> + reg.enable_bit = 29;
> + reg.name_args = (__u64)"__test_event u32 field1;";
> + ASSERT_EQ(-1, ioctl(self->data_fd, DIAG_IOCSREG, ®));
> + ASSERT_EQ(EADDRINUSE, errno);
> +
> /* Ensure disabled */
> self->enable_fd = open(enable_file, O_RDWR);
> ASSERT_NE(-1, self->enable_fd);
> --
> 2.25.1
Thanks,
-Beau
Powered by blists - more mailing lists