lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20231106185513.79411f9a@gandalf.local.home>
Date:   Mon, 6 Nov 2023 18:55:13 -0500
From:   Steven Rostedt <rostedt@...dmis.org>
To:     Łukasz Bartosik <lb@...ihalf.com>
Cc:     Jason Baron <jbaron@...mai.com>, Jim Cromie <jim.cromie@...il.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Kees Cook <keescook@...omium.org>,
        Douglas Anderson <dianders@...omium.org>,
        Guenter Roeck <groeck@...gle.com>,
        Yaniv Tzoreff <yanivt@...gle.com>,
        Benson Leung <bleung@...gle.com>,
        Vincent Whitchurch <vincent.whitchurch@...s.com>,
        Pekka Paalanen <ppaalanen@...il.com>,
        Sean Paul <seanpaul@...omium.org>,
        Daniel Vetter <daniel@...ll.ch>, linux-kernel@...r.kernel.org,
        upstream@...ihalf.com
Subject: Re: [PATCH v1 04/12] dyndbg: add 2 trace-events: pr_debug, dev_dbg

On Fri,  3 Nov 2023 14:10:03 +0100
Łukasz Bartosik <lb@...ihalf.com> wrote:

> +/* capture pr_debug() callsite descriptor and message */
> +TRACE_EVENT(prdbg,
> +	    TP_PROTO(const struct _ddebug *desc, const char *text, size_t len),
> +
> +	    TP_ARGS(desc, text, len),
> +
> +	    TP_STRUCT__entry(
> +			__field(const struct _ddebug *, desc)
> +			__dynamic_array(char, msg, len + 1)
> +		    ),
> +
> +	    TP_fast_assign(
> +			__entry->desc = desc;
> +			/*
> +			 * Each trace entry is printed in a new line.
> +			 * If the msg finishes with '\n', cut it off
> +			 * to avoid blank lines in the trace.
> +			 */
> +			if (len > 0 && (text[len - 1] == '\n'))
> +				len -= 1;
> +
> +			memcpy(__get_str(msg), text, len);
> +			__get_str(msg)[len] = 0;
> +		    ),
> +


> +	    TP_printk("%s.%s %s", __entry->desc->modname,
> +		      __entry->desc->function, __get_str(msg))
> +);
> +

That TP_printk() is dangerous. How do you know __entry->desc still exists
when reading the buffer?

Is the struct _ddebug permanent? Can it be freed? If so, the above can
easily cause a crash.

-- Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ