lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250327143853.1cef38af@gandalf.local.home>
Date: Thu, 27 Mar 2025 14:38:53 -0400
From: Steven Rostedt <rostedt@...dmis.org>
To: Libo Chen <libo.chen@...cle.com>
Cc: LKML <linux-kernel@...r.kernel.org>, Linux Trace Kernel
 <linux-trace-kernel@...r.kernel.org>, Masami Hiramatsu
 <mhiramat@...nel.org>, Mathieu Desnoyers <mathieu.desnoyers@...icios.com>
Subject: Re: [PATCH] tracing: Verify event formats that have "%*p.."

On Thu, 27 Mar 2025 11:32:23 -0700
Libo Chen <libo.chen@...cle.com> wrote:

> On 3/27/25 08:49, Steven Rostedt wrote:
> > From: Steven Rostedt <rostedt@...dmis.org>
> > 
> > The trace event verifier checks the formats of trace events to make sure
> > that they do not point at memory that is not in the trace event itself or
> > in data that will never be freed. If an event references data that was
> > allocated when the event triggered and that same data is freed before the
> > event is read, then the kernel can crash by reading freed memory.
> > 
> > The verifier runs at boot up (or module load) and scans the print formats
> > of the events and checks their arguments to make sure that dereferenced
> > pointers are safe. If the format uses "%*p.." the verifier will ignore it,
> > and that could be dangerous. Cover this case as well.
> > 
> > Also add to the sample code a use case of "%*pbl".
> > 
> > Link: https://urldefense.com/v3/__https://lore.kernel.org/all/bcba4d76-2c3f-4d11-baf0-02905db953dd@oracle.com/__;!!ACWV5N9M2RV99hQ!LTIVO1_O9wY2hBAnpNF5zcB1EFlC77zOnu4oVcM4DoD77p5ZO_m1LFZdPVJPj4spzye4JntXHOqOVxirPQ$ 
> >   
> Thanks Steve, a minor style issue below, otherwise LGTM. I have tested it, it works. 
> 
> Reviewed-by: Libo Chen <libo.chen@...cle.com>
> Tested-by: Libo Chen <libo.chen@...cle.com>

Thanks for testing.

> >  /*
> >   * Notice here the use of some helper functions. This includes:
> > @@ -370,7 +371,10 @@ TRACE_EVENT(foo_bar,
> >  
> >  		  __get_str(str), __get_str(lstr),
> >  		  __get_bitmask(cpus), __get_cpumask(cpum),
> > -		  __get_str(vstr))
> > +		  __get_str(vstr),
> > +	         __get_dynamic_array_len(cpus),
> > +	         __get_dynamic_array_len(cpus),
> > +	         __get_dynamic_array(cpus))  
> 
> __get_dynamic_array_len() calls don't seem to be aligned with the ones above
> 

Ah yeah. I'll update. Note, this isn't going to go into the kernel until at
least 6.16.

-- Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ