lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAK8Bye+eAad4Lx6BWztD4Eax_WLyGB39oV2VFDfL5pGJJTYgcw@mail.gmail.com>
Date:   Fri, 10 Nov 2023 15:50:58 +0100
From:   Łukasz Bartosik <lb@...ihalf.com>
To:     Steven Rostedt <rostedt@...dmis.org>,
        Jim Cromie <jim.cromie@...il.com>
Cc:     Jason Baron <jbaron@...mai.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Kees Cook <keescook@...omium.org>,
        Douglas Anderson <dianders@...omium.org>,
        Guenter Roeck <groeck@...gle.com>,
        Yaniv Tzoreff <yanivt@...gle.com>,
        Benson Leung <bleung@...gle.com>,
        Vincent Whitchurch <vincent.whitchurch@...s.com>,
        Pekka Paalanen <ppaalanen@...il.com>,
        Sean Paul <seanpaul@...omium.org>,
        Daniel Vetter <daniel@...ll.ch>, linux-kernel@...r.kernel.org,
        upstream@...ihalf.com
Subject: Re: [PATCH v1 04/12] dyndbg: add 2 trace-events: pr_debug, dev_dbg

wt., 7 lis 2023 o 00:55 Steven Rostedt <rostedt@...dmis.org> napisał(a):
>
> On Fri,  3 Nov 2023 14:10:03 +0100
> Łukasz Bartosik <lb@...ihalf.com> wrote:
>
> > +/* capture pr_debug() callsite descriptor and message */
> > +TRACE_EVENT(prdbg,
> > +         TP_PROTO(const struct _ddebug *desc, const char *text, size_t len),
> > +
> > +         TP_ARGS(desc, text, len),
> > +
> > +         TP_STRUCT__entry(
> > +                     __field(const struct _ddebug *, desc)
> > +                     __dynamic_array(char, msg, len + 1)
> > +                 ),
> > +
> > +         TP_fast_assign(
> > +                     __entry->desc = desc;
> > +                     /*
> > +                      * Each trace entry is printed in a new line.
> > +                      * If the msg finishes with '\n', cut it off
> > +                      * to avoid blank lines in the trace.
> > +                      */
> > +                     if (len > 0 && (text[len - 1] == '\n'))
> > +                             len -= 1;
> > +
> > +                     memcpy(__get_str(msg), text, len);
> > +                     __get_str(msg)[len] = 0;
> > +                 ),
> > +
>
>
> > +         TP_printk("%s.%s %s", __entry->desc->modname,
> > +                   __entry->desc->function, __get_str(msg))
> > +);
> > +
>
> That TP_printk() is dangerous. How do you know __entry->desc still exists
> when reading the buffer?
>
> Is the struct _ddebug permanent? Can it be freed? If so, the above can
> easily cause a crash.
>

I assume that we're talking here about the scenario where TP prdbg is
called and before TP_printk runs _ddebug pointer
becomes invalid, is that correct ? If so then I believe this also
applied to __dynamic_pr_debug and other dyndbg functions because there
is also potential for _ddebug pointer to become invalid (in case of
rrmod) before a function dereferences it.

Would it be acceptable to increase reference count of a module and
hold it until at least one callsite in that module is enabled ?
This  would ensure that passed pointer to a _ddebug struct is valid.

> -- Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ