Message ID | 20230302020810.762384440@goodmis.org |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:5915:0:0:0:0:0 with SMTP id v21csp3994554wrd; Wed, 1 Mar 2023 18:21:11 -0800 (PST) X-Google-Smtp-Source: AK7set+H9Ai+iQk/3y0hLgD8xHXL2kEh03tVNanq1Fe0MQIpN0a9VjAV3ucTdtxJsvftQ80aOcux X-Received: by 2002:a17:907:c619:b0:883:fe6b:814 with SMTP id ud25-20020a170907c61900b00883fe6b0814mr10351601ejc.37.1677723671431; Wed, 01 Mar 2023 18:21:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1677723671; cv=none; d=google.com; s=arc-20160816; b=rj2ldX3BZM9tm+KmBq9aPGyFu3c2oM5f8B++g7bteYzQohWvWsdYEAdKVsLMfJzsfS 39Pt/1eWYTRMcLJpINtJDxQzv91+aBk5RX13T3B4/H88BATJBDPr4bgYQBnIbN5NBG5H 99upSNiWpAnuNHJp2qdZxtLwFvyZ/tDJ4fSnw5+kWDvwowbteHOWwuADQrAm2ds0aeIw RD/b78wKgbFFJvEZ418bv6qWpd+7rRsYiz7Tw6JcHBPbA+399LxO5Mz2laa+hUb9EWIZ w8REpFl0v96gUHHpA1mBXFEgwVG+mqRHwzpXK1wAIt9IEMUb+QTyWKNqNQgt/oYNrC3l Ao2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:subject:cc:to:from:date :user-agent:message-id; bh=z3zNcooaLHsMgblmr+2d/ouGKlnP8GN7oMw1Tki90qI=; b=Fzfi7JiSXN9SrVVJsEfykc+oACVfDkX9ixdc0F0wEsPZpNyFUJk6m/3LsmKDDITpMY Wxsx7LJBeyiyA0n7VCZyeHBFqSJK/NRoWGgx6ZqyGroaGBwfuNJ9plxyVr+mkMgLE21/ 3ZhfTW+N7RCwQxY1oMJfe5NXy55aQ6kBOBSEIr68+j5jOu6ik4X+maswxTGZdms5ChJ0 NzEKcXZh05/y6bTNChYSt+EISLr+SQqyfN0W/3Rv48GkhF+LhxSQmXSSNMVfd2YyMLyk YNvkqETHsIwOmGJN9fstxVUTcBKULMUGs4TBV4X9dxt1SZuxmnVyxs6bfsiU3kPH//8J f2rg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id br18-20020a170906d15200b008f421bb1a9asi4724033ejb.287.2023.03.01.18.20.48; Wed, 01 Mar 2023 18:21:11 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229815AbjCBCIP (ORCPT <rfc822;davidbtadokoro@gmail.com> + 99 others); Wed, 1 Mar 2023 21:08:15 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39284 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229535AbjCBCIO (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Wed, 1 Mar 2023 21:08:14 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1565E1B579; Wed, 1 Mar 2023 18:08:13 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 9CC5E61545; Thu, 2 Mar 2023 02:08:12 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 08C0DC433EF; Thu, 2 Mar 2023 02:08:11 +0000 (UTC) Received: from rostedt by gandalf.local.home with local (Exim 4.96) (envelope-from <rostedt@goodmis.org>) id 1pXYMc-003Wco-33; Wed, 01 Mar 2023 21:08:10 -0500 Message-ID: <20230302020810.762384440@goodmis.org> User-Agent: quilt/0.66 Date: Wed, 01 Mar 2023 20:00:53 -0500 From: Steven Rostedt <rostedt@goodmis.org> To: linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org Cc: Masami Hiramatsu <mhiramat@kernel.org>, Mark Rutland <mark.rutland@arm.com>, Andrew Morton <akpm@linux-foundation.org>, stable@vger.kernel.org Subject: [PATCH 2/2] tracing: Check field value in hist_field_name() References: <20230302010051.044209550@goodmis.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-Spam-Status: No, score=-4.0 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1759220776287122595?= X-GMAIL-MSGID: =?utf-8?q?1759220776287122595?= |
Series |
tracing: Fix adding some modifiers to histogram values
|
|
Commit Message
Steven Rostedt
March 2, 2023, 1 a.m. UTC
From: "Steven Rostedt (Google)" <rostedt@goodmis.org> The function hist_field_name() cannot handle being passed a NULL field parameter. It should never be NULL, but due to a previous bug, NULL was passed to the function and the kernel crashed due to a NULL dereference. Mark Rutland reported this to me on IRC. The bug was fixed, but to prevent future bugs from crashing the kernel, check the field and add a WARN_ON() if it is NULL. Cc: stable@vger.kernel.org Reported-by: Mark Rutland <mark.rutland@arm.com> Fixes: c6afad49d127f ("tracing: Add hist trigger 'sym' and 'sym-offset' modifiers") Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> --- kernel/trace/trace_events_hist.c | 3 +++ 1 file changed, 3 insertions(+)
Comments
On Wed, Mar 01, 2023 at 08:00:53PM -0500, Steven Rostedt wrote: > From: "Steven Rostedt (Google)" <rostedt@goodmis.org> > > The function hist_field_name() cannot handle being passed a NULL field > parameter. It should never be NULL, but due to a previous bug, NULL was > passed to the function and the kernel crashed due to a NULL dereference. > Mark Rutland reported this to me on IRC. > > The bug was fixed, but to prevent future bugs from crashing the kernel, > check the field and add a WARN_ON() if it is NULL. > > Cc: stable@vger.kernel.org > Reported-by: Mark Rutland <mark.rutland@arm.com> > Fixes: c6afad49d127f ("tracing: Add hist trigger 'sym' and 'sym-offset' modifiers") > Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> Tested-by: Mark Rutland <mark.rutland@arm.com> I gave this patch a spin on its own (without the prior patch), and it behaves as expected. When deliberately triggering the aforementioned bug I hit the WARN_ON_ONCE() without crashing the kernel: | # echo 'p:copy_to_user __arch_copy_to_user n=$arg2' >> /sys/kernel/tracing/kprobe_events | # echo 'hist:keys=n:vals=hitcount.buckets=8:sort=hitcount' > /sys/kernel/tracing/events/kprobes/copy_to_user/trigger | # cat /sys/kernel/tracing/events/kprobes/copy_to_user/hist | ------------[ cut here ]------------ | WARNING: CPU: 0 PID: 133 at kernel/trace/trace_events_hist.c:1337 hist_field_name+0x94/0x144 | Modules linked in: | CPU: 0 PID: 133 Comm: cat Not tainted 6.2.0-00003-g785bb684c534 #2 | Hardware name: linux,dummy-virt (DT) | pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) | pc : hist_field_name+0x94/0x144 | lr : hist_field_name+0xbc/0x144 | sp : ffff800008343a60 | x29: ffff800008343a60 x28: 0000000000000001 x27: 0000000000400cc0 | x26: ffffaed00953fcd0 x25: 0000000000000000 x24: ffff65c743e8bf00 | x23: ffffaed0093d2488 x22: ffff65c743fadc00 x21: 0000000000000001 | x20: ffff65c743ec1000 x19: ffff65c743fadc00 x18: 0000000000000000 | x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 | x14: 0000000000000000 x13: 203a6f666e692072 x12: 6567676972742023 | x11: 0a230a6d6172676f x10: 000000000000002c x9 : ffffaed007be1fcc | x8 : 000000000000002c x7 : 7f7f7f7f7f7f7f7f x6 : 000000000000002c | x5 : ffff65c743b0103e x4 : ffffaed00953fcd1 x3 : 000000000000003d | x2 : 0000000000020001 x1 : 0000000000000001 x0 : 0000000000000000 | Call trace: | hist_field_name+0x94/0x144 | hist_field_print+0x28/0x14c | event_hist_trigger_print+0x174/0x4d0 | hist_show+0xf8/0x980 | seq_read_iter+0x1bc/0x4b0 | seq_read+0x8c/0xc4 | vfs_read+0xc8/0x2a4 | ksys_read+0x70/0xfc | __arm64_sys_read+0x24/0x30 | invoke_syscall+0x50/0x120 | el0_svc_common.constprop.0+0x4c/0x100 | do_el0_svc+0x44/0xd0 | el0_svc+0x2c/0x84 | el0t_64_sync_handler+0xbc/0x140 | el0t_64_sync+0x190/0x194 | ---[ end trace 0000000000000000 ]--- | # event histogram | # | # trigger info: hist:keys=n:vals=hitcount,.buckets=8:sort=hitcount:size=2048 [active] | # | | { n: 18446574505247538232 } hitcount: 1 : 1 | { n: 18446574505249480120 } hitcount: 1 : 1 | { n: 18446574505255937966 } hitcount: 1 : 1 | { n: 18446574505234423224 } hitcount: 1 : 1 [...] | Totals: | Hits: 371 | Entries: 263 | Dropped: 0 Note: the 'n' values are large because '$arg2' is actually the 'from' pointer here, another mistake of mine (I had meant to capture '$arg3'). Thanks, Mark. > --- > kernel/trace/trace_events_hist.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c > index 6e8ab726a7b5..486cca3c2b75 100644 > --- a/kernel/trace/trace_events_hist.c > +++ b/kernel/trace/trace_events_hist.c > @@ -1331,6 +1331,9 @@ static const char *hist_field_name(struct hist_field *field, > { > const char *field_name = ""; > > + if (WARN_ON_ONCE(!field)) > + return field_name; > + > if (level > 1) > return field_name; > > -- > 2.39.1
diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c index 6e8ab726a7b5..486cca3c2b75 100644 --- a/kernel/trace/trace_events_hist.c +++ b/kernel/trace/trace_events_hist.c @@ -1331,6 +1331,9 @@ static const char *hist_field_name(struct hist_field *field, { const char *field_name = ""; + if (WARN_ON_ONCE(!field)) + return field_name; + if (level > 1) return field_name;