From patchwork Tue Apr 25 22:51:03 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Beau Belgrave <beaub@linux.microsoft.com>
X-Patchwork-Id: 8651
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp3716366vqo;
        Tue, 25 Apr 2023 16:03:48 -0700 (PDT)
X-Google-Smtp-Source: 
 ACHHUZ6+hiiMYcrpy8TSBi1VIxopEocVK9DeKMy3jFQhbxp/hlb/Yzn8Cc9E/n1jiwYLSYSpfwL1
X-Received: by 2002:a05:6a20:1588:b0:f4:c0d6:87c with SMTP id
 h8-20020a056a20158800b000f4c0d6087cmr570120pzj.14.1682463828221;
        Tue, 25 Apr 2023 16:03:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1682463828; cv=none;
        d=google.com; s=arc-20160816;
        b=fPf84ajssSnKHTvOVCDwsYs+KhNk1iCtkP720otlzRFFeYz4+/THfUMnglEEVBR/M/
         jxkmM89ToEyOQUeIunFiZ5g+lkQpqyB6cj5o+SFHoEQq3gD3HkyJ7/LtRQsykQ5WVqGj
         NRMUV4a2wT6RR7cMvqbgTHmwKC/vcMhGtdZtG0yr8MujmDNbXZZxyJhcpNR90Ql5HoEG
         KMfjvrPhZdIvpJJ7LSGGuO3MQxbW6NmHJFYMYK+ys1IAl8we/OYsul1fgT/UsU+HpxE+
         skRvHzO1DqkqcBtVBEbr7rXwmCcbsONtum6bObbYBifRN9jSaUFny2MX+JCUV2xC75+Y
         BXYw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature:dkim-filter;
        bh=L1AXYHPntk2HUOdYyd7K3FMzmoBV9l/TinryI5Tmn+s=;
        b=g6BTNKFYL68o4y4k/L6ceHe3sv+eKupjSTKqLE1cR/5+JsnZiqfpzXRt17L3WP5XBk
         iAkbYTMORXXC72GigMYvF2i2LMj9Wi/4sKhOZqh3CvC6WhHqEfSPprPMjSecpA9rcBgL
         hQ3kAcnly0+lN9KQZvjRlZx58Tg0t+lmYP8QLSv+H+ReaVa11jNtCPB5t80M5033LojA
         rODa8gD5SMrwb0bQudCjFnh60qEKEJtuf4t2ETzNjImUoWHjdL4JVkd0q5YHTo0rOnnD
         oWcal1vQGYkwIVV2pNnDNxZ03pVoh0DoXeQhCpZOnLJZDNp8WMDVlavTzL+uz1/MIxf6
         PSpA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linux.microsoft.com header.s=default
 header.b=PKMKexMG;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 j16-20020a63e750000000b0051b631334f1si13890535pgk.764.2023.04.25.16.03.35;
        Tue, 25 Apr 2023 16:03:48 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linux.microsoft.com header.s=default
 header.b=PKMKexMG;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S236278AbjDYWvT (ORCPT <rfc822;zxc52fgh@gmail.com> + 99 others);
        Tue, 25 Apr 2023 18:51:19 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58028 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231927AbjDYWvS (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 25 Apr 2023 18:51:18 -0400
Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182])
        by lindbergh.monkeyblade.net (Postfix) with ESMTP id 053FA83FF;
        Tue, 25 Apr 2023 15:51:17 -0700 (PDT)
Received: from W11-BEAU-MD.localdomain (unknown [76.135.27.212])
        by linux.microsoft.com (Postfix) with ESMTPSA id 1BA2721C2B2D;
        Tue, 25 Apr 2023 15:51:16 -0700 (PDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 1BA2721C2B2D
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com;
        s=default; t=1682463076;
        bh=L1AXYHPntk2HUOdYyd7K3FMzmoBV9l/TinryI5Tmn+s=;
        h=From:To:Cc:Subject:Date:From;
        b=PKMKexMGjIVWy2CPi9TlRt7Nm63vZfvCrP+/gje6edTxCto8XWfAFX/RAy0Eqi0Mp
         m3xLhjl5cJhEQ6zbiTX/+TBkAkmnRBfcPbKlDS1p8NGZgOezIuXoVwox4a4ETjLPEX
         PrE6nHIm1ieyXdbNsHoHPNjGWHtN2VeZC5p+FBeA=
From: Beau Belgrave <beaub@linux.microsoft.com>
To: rostedt@goodmis.org, mhiramat@kernel.org,
        mathieu.desnoyers@efficios.com, dcook@linux.microsoft.com,
        alanau@linux.microsoft.com
Cc: linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org
Subject: [PATCH v2 0/4] tracing/user_events: Fixes and improvements for 6.4
Date: Tue, 25 Apr 2023 15:51:03 -0700
Message-Id: <20230425225107.8525-1-beaub@linux.microsoft.com>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
X-Spam-Status: No, score=-19.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_MED,
        SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,
        USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1764191191008037639?=
X-GMAIL-MSGID: =?utf-8?q?1764191191008037639?=

Now that user_events is in for-next we broadened our integration of
user_events. During this integration we found a few things that can
help prevent the debugging of issues for user_events when user
processes use the ABI directly.

The most important thing found is an out of bounds fix with the
write index. If it is negative, an out of bounds access is attempted.
This bug was introduced on one of the very first user_events patches
and remained unseen for a long time. Apologies for not catching that
sooner.

We think users will expect the kernel to always clear the registered
bit when events are unregistered, even if the event is still enabled
in a kernel tracer. The user process could do this after unregistering,
but it seems appropriate for the kernel side to attempt this. We also
discussed if it makes sense for the kernel to allow user processes
to tie multiple events to the same value and bit. While this doesn't
cause any issues on the kernel side, it leads to very undefined
behavior for the user process. Depending on which event gets enabled
when, the bit will vary.

Change history

V2:
Add bracket to complex for_each line.

Add patch to ensure in all cases we only limit up to 10 attempts to
fault-in data if the user is able to cause write failures with
successful fault-in sequences.

Beau Belgrave (4):
  tracing/user_events: Ensure write index cannot be negative
  tracing/user_events: Ensure bit is cleared on unregister
  tracing/user_events: Prevent same address and bit per process
  tracing/user_events: Limit max fault-in attempts

 kernel/trace/trace_events_user.c              | 123 ++++++++++++++++--
 .../testing/selftests/user_events/abi_test.c  |   9 +-
 .../selftests/user_events/ftrace_test.c       |  14 +-
 3 files changed, 130 insertions(+), 16 deletions(-)


base-commit: 88fe1ec75fcb296579e05eaf3807da3ee83137e4