From patchwork Sun Nov 20 20:11:57 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steven Rostedt X-Patchwork-Id: 23462 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp1258394wrr; Sun, 20 Nov 2022 12:38:35 -0800 (PST) X-Google-Smtp-Source: AA0mqf6hDWJ2TfSX8aMZl2dtlmodRVQQgi/gS8safwK08t5rFO3MVRLlpQjyF5+BLN50atPGdLa4 X-Received: by 2002:a17:90a:bd17:b0:212:dac0:ce83 with SMTP id y23-20020a17090abd1700b00212dac0ce83mr7970601pjr.223.1668976714929; Sun, 20 Nov 2022 12:38:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668976714; cv=none; d=google.com; s=arc-20160816; b=AGxfDkTaQqetDjelWde8Lr39DsFMV59CxRonengy/+u8/89MsVWpdWLjmBK8QiRGUh SlmbtP7ipI4OTp9oPGQQFor4qf08FwQotIcqbd8bE1w/CMcvt7I/tvp81A6f1jcY1KEv U8TIw6UPQ+XRhV4dAnk6jIkJ46ZiiilEZt2EO9DqbBLIjmtWNbAfZOd3W9ThpSmXwVyn nGOfTVPReN1Bjxg3fMrz2kk4U3LgN3+q0FQIA/cM3cKzhiVu1OsnEVy4gL6bzDzIcmnp g5YO6su8Fgz5B4K+LcMnnsDQvnX1OaYWUodvw61GMnJ52Ioh//K4LHBybrOdV0Wv/NmT ymqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:subject:cc:to:from:date :user-agent:message-id; bh=JZeOSHJTwnLlKebg8ANfs6aibLQKfWAWz2S5GdxcyH0=; b=bKg028Fd2wI6dP1wFzh29PSQv2RP0/fVT23jEo+OP7iFBZU7xdOHxPpi8BUyGEpllj j4x3uoQt0X4FyGovzrHOFOBQZ5HIf3gF7fqx3dhbAUOUHchjKRKsM97Z3aUIJGFUKCkh 9kMVkafHLoRg+P4lEsx6LdIxXDH2Vuyw/zjN0cIwU/Ui9ZZgUw0jwHUVdyl35KAAxbli 1pkEspt8ZlFIcVjigorm/1lJdSTT1vNIW1QAXuLdXmMxhAWXk7QPL/qSk/VI+l+fvpOY 6o/YbKIKmrycMsmNoj1ur9RoPWINj4nu4I0Kkat5nvPXuCSMcVydRy80tuWvh+kMAAyv xuYA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q10-20020a63e20a000000b00476e6407413si9806619pgh.15.2022.11.20.12.38.21; Sun, 20 Nov 2022 12:38:34 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229775AbiKTUMj (ORCPT + 99 others); Sun, 20 Nov 2022 15:12:39 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57450 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229546AbiKTUMa (ORCPT ); Sun, 20 Nov 2022 15:12:30 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9FDE5BD5; Sun, 20 Nov 2022 12:12:25 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 507ABB80B78; Sun, 20 Nov 2022 20:12:24 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 09425C433C1; Sun, 20 Nov 2022 20:12:23 +0000 (UTC) Received: from rostedt by gandalf.local.home with local (Exim 4.96) (envelope-from ) id 1owqfu-00DiW7-09; Sun, 20 Nov 2022 15:12:22 -0500 Message-ID: <20221120201221.917825605@goodmis.org> User-Agent: quilt/0.66 Date: Sun, 20 Nov 2022 15:11:57 -0500 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Masami Hiramatsu , Andrew Morton , Shang XiaoJing , stable@vger.kernel.org Subject: [for-linus][PATCH 1/7] tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit() References: <20221120201156.868430827@goodmis.org> MIME-Version: 1.0 X-Spam-Status: No, score=-6.7 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1750048928098044051?= X-GMAIL-MSGID: =?utf-8?q?1750048928098044051?= From: Shang XiaoJing When trace_get_event_file() failed, gen_kretprobe_test will be assigned as the error code. If module kprobe_event_gen_test is removed now, the null pointer dereference will happen in kprobe_event_gen_test_exit(). Check if gen_kprobe_test or gen_kretprobe_test is error code or NULL before dereference them. BUG: kernel NULL pointer dereference, address: 0000000000000012 PGD 0 P4D 0 Oops: 0000 [#1] SMP PTI CPU: 3 PID: 2210 Comm: modprobe Not tainted 6.1.0-rc1-00171-g2159299a3b74-dirty #217 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 RIP: 0010:kprobe_event_gen_test_exit+0x1c/0xb5 [kprobe_event_gen_test] Code: Unable to access opcode bytes at 0xffffffff9ffffff2. RSP: 0018:ffffc900015bfeb8 EFLAGS: 00010246 RAX: ffffffffffffffea RBX: ffffffffa0002080 RCX: 0000000000000000 RDX: ffffffffa0001054 RSI: ffffffffa0001064 RDI: ffffffffdfc6349c RBP: ffffffffa0000000 R08: 0000000000000004 R09: 00000000001e95c0 R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000800 R13: ffffffffa0002420 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f56b75be540(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffff9ffffff2 CR3: 000000010874a006 CR4: 0000000000330ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __x64_sys_delete_module+0x206/0x380 ? lockdep_hardirqs_on_prepare+0xd8/0x190 ? syscall_enter_from_user_mode+0x1c/0x50 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd Link: https://lore.kernel.org/all/20221108015130.28326-2-shangxiaojing@huawei.com/ Fixes: 64836248dda2 ("tracing: Add kprobe event command generation test module") Signed-off-by: Shang XiaoJing Acked-by: Masami Hiramatsu (Google) Cc: stable@vger.kernel.org Signed-off-by: Masami Hiramatsu (Google) --- kernel/trace/kprobe_event_gen_test.c | 44 ++++++++++++++++++---------- 1 file changed, 28 insertions(+), 16 deletions(-) diff --git a/kernel/trace/kprobe_event_gen_test.c b/kernel/trace/kprobe_event_gen_test.c index d81f7c51025c..1c98fafcf333 100644 --- a/kernel/trace/kprobe_event_gen_test.c +++ b/kernel/trace/kprobe_event_gen_test.c @@ -73,6 +73,10 @@ static struct trace_event_file *gen_kretprobe_test; #define KPROBE_GEN_TEST_ARG3 NULL #endif +static bool trace_event_file_is_valid(struct trace_event_file *input) +{ + return input && !IS_ERR(input); +} /* * Test to make sure we can create a kprobe event, then add more @@ -217,10 +221,12 @@ static int __init kprobe_event_gen_test_init(void) ret = test_gen_kretprobe_cmd(); if (ret) { - WARN_ON(trace_array_set_clr_event(gen_kretprobe_test->tr, - "kprobes", - "gen_kretprobe_test", false)); - trace_put_event_file(gen_kretprobe_test); + if (trace_event_file_is_valid(gen_kretprobe_test)) { + WARN_ON(trace_array_set_clr_event(gen_kretprobe_test->tr, + "kprobes", + "gen_kretprobe_test", false)); + trace_put_event_file(gen_kretprobe_test); + } WARN_ON(kprobe_event_delete("gen_kretprobe_test")); } @@ -229,24 +235,30 @@ static int __init kprobe_event_gen_test_init(void) static void __exit kprobe_event_gen_test_exit(void) { - /* Disable the event or you can't remove it */ - WARN_ON(trace_array_set_clr_event(gen_kprobe_test->tr, - "kprobes", - "gen_kprobe_test", false)); + if (trace_event_file_is_valid(gen_kprobe_test)) { + /* Disable the event or you can't remove it */ + WARN_ON(trace_array_set_clr_event(gen_kprobe_test->tr, + "kprobes", + "gen_kprobe_test", false)); + + /* Now give the file and instance back */ + trace_put_event_file(gen_kprobe_test); + } - /* Now give the file and instance back */ - trace_put_event_file(gen_kprobe_test); /* Now unregister and free the event */ WARN_ON(kprobe_event_delete("gen_kprobe_test")); - /* Disable the event or you can't remove it */ - WARN_ON(trace_array_set_clr_event(gen_kretprobe_test->tr, - "kprobes", - "gen_kretprobe_test", false)); + if (trace_event_file_is_valid(gen_kretprobe_test)) { + /* Disable the event or you can't remove it */ + WARN_ON(trace_array_set_clr_event(gen_kretprobe_test->tr, + "kprobes", + "gen_kretprobe_test", false)); + + /* Now give the file and instance back */ + trace_put_event_file(gen_kretprobe_test); + } - /* Now give the file and instance back */ - trace_put_event_file(gen_kretprobe_test); /* Now unregister and free the event */ WARN_ON(kprobe_event_delete("gen_kretprobe_test")); From patchwork Sun Nov 20 20:11:58 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steven Rostedt X-Patchwork-Id: 23461 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp1258135wrr; Sun, 20 Nov 2022 12:37:27 -0800 (PST) X-Google-Smtp-Source: AA0mqf4TGVEL9Ijwb9+0xe01+epy3kkJ9rtEvoz6bRWljTwVeg39qdycnZZCr2xPTCMlp6vZirlx X-Received: by 2002:a17:903:291:b0:186:994b:5b55 with SMTP id j17-20020a170903029100b00186994b5b55mr9056317plr.100.1668976647611; Sun, 20 Nov 2022 12:37:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668976647; cv=none; d=google.com; s=arc-20160816; b=t4l23YHMhqPKkFskHlmddio2LEKPaRo4pP2+x8BsJxLz5K6eIiBN0940fERLdkxjoS Zy3ezQGZV0+4Fb8iRAsOsIDaUS3clsW97qBq8xyGgkPZW/X4USPs28ZTm3T/xn30mqbk J0wbeJT6+QQCUhPgwKKMkNL7CE3v/dXBaS5ZCa4JkSVcD8jV5QvBVRwTAPb7gWBLIXJz NsqLh64/ebjejgFWNR2MbWusDUkJ9MNM8JXKik4q3XhnxMI1VmW7NxUTLe2cpZbBUQkV RtXTjR28AXPVSk85smxVmGewzLM+vh2/9POeHB10hEFNGjCDpG3tsOM7UpqGWqzkvIrN 6fKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:subject:cc:to:from:date :user-agent:message-id; bh=ANIZb9HWLDwY/GUkbF5FG2yddnPLoRsWF34qE/snoB8=; b=lAPSmjYdayaBX5NCvS5E1fubzziBug1mfPgOcwqYAUUU5dsm1mo75zTnOxtuLEyH8g 95JPVB/QUnKOz8kbeNVivW5SNMvTnfmdfwK3k9hVjNqagr/E6Q+FU+oRLLM7isfIjUZ9 IKPDu4ZEhbipt0uVsi6uwOupkCarsS027xCkZAXcyaiV3UzCNgpf8xtl+WTJq8bq1Vka rDVTasr3jYgQOl/2D6HOyPulxL4qzgQIsTviAqdgdHMSbZyDIVeY2Uwd67e5iJELjIo/ rPn2z7jTj1zRJsbG0mr3oztE3XOqsuyXGlAnoGK3ljq/zlquyUjyD8MXVSBXiyNRDaRa hc3g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j190-20020a6380c7000000b00477312c910dsi7017845pgd.657.2022.11.20.12.37.14; Sun, 20 Nov 2022 12:37:27 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229840AbiKTUMm (ORCPT + 99 others); Sun, 20 Nov 2022 15:12:42 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57474 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229634AbiKTUMa (ORCPT ); Sun, 20 Nov 2022 15:12:30 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A6347CCE; Sun, 20 Nov 2022 12:12:25 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 58616B80B86; Sun, 20 Nov 2022 20:12:24 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1C13FC43470; Sun, 20 Nov 2022 20:12:23 +0000 (UTC) Received: from rostedt by gandalf.local.home with local (Exim 4.96) (envelope-from ) id 1owqfu-00DiWb-0c; Sun, 20 Nov 2022 15:12:22 -0500 Message-ID: <20221120201222.066768561@goodmis.org> User-Agent: quilt/0.66 Date: Sun, 20 Nov 2022 15:11:58 -0500 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Masami Hiramatsu , Andrew Morton , Shang XiaoJing , stable@vger.kernel.org Subject: [for-linus][PATCH 2/7] tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit() References: <20221120201156.868430827@goodmis.org> MIME-Version: 1.0 X-Spam-Status: No, score=-6.7 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1750048856924814051?= X-GMAIL-MSGID: =?utf-8?q?1750048856924814051?= From: Shang XiaoJing When test_gen_kprobe_cmd() failed after kprobe_event_gen_cmd_end(), it will goto delete, which will call kprobe_event_delete() and release the corresponding resource. However, the trace_array in gen_kretprobe_test will point to the invalid resource. Set gen_kretprobe_test to NULL after called kprobe_event_delete() to prevent null-ptr-deref. BUG: kernel NULL pointer dereference, address: 0000000000000070 PGD 0 P4D 0 Oops: 0000 [#1] SMP PTI CPU: 0 PID: 246 Comm: modprobe Tainted: G W 6.1.0-rc1-00174-g9522dc5c87da-dirty #248 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 RIP: 0010:__ftrace_set_clr_event_nolock+0x53/0x1b0 Code: e8 82 26 fc ff 49 8b 1e c7 44 24 0c ea ff ff ff 49 39 de 0f 84 3c 01 00 00 c7 44 24 18 00 00 00 00 e8 61 26 fc ff 48 8b 6b 10 <44> 8b 65 70 4c 8b 6d 18 41 f7 c4 00 02 00 00 75 2f RSP: 0018:ffffc9000159fe00 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffff88810971d268 RCX: 0000000000000000 RDX: ffff8881080be600 RSI: ffffffff811b48ff RDI: ffff88810971d058 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001 R10: ffffc9000159fe58 R11: 0000000000000001 R12: ffffffffa0001064 R13: ffffffffa000106c R14: ffff88810971d238 R15: 0000000000000000 FS: 00007f89eeff6540(0000) GS:ffff88813b600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000070 CR3: 000000010599e004 CR4: 0000000000330ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __ftrace_set_clr_event+0x3e/0x60 trace_array_set_clr_event+0x35/0x50 ? 0xffffffffa0000000 kprobe_event_gen_test_exit+0xcd/0x10b [kprobe_event_gen_test] __x64_sys_delete_module+0x206/0x380 ? lockdep_hardirqs_on_prepare+0xd8/0x190 ? syscall_enter_from_user_mode+0x1c/0x50 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f89eeb061b7 Link: https://lore.kernel.org/all/20221108015130.28326-3-shangxiaojing@huawei.com/ Fixes: 64836248dda2 ("tracing: Add kprobe event command generation test module") Signed-off-by: Shang XiaoJing Cc: stable@vger.kernel.org Acked-by: Masami Hiramatsu (Google) Signed-off-by: Masami Hiramatsu (Google) --- kernel/trace/kprobe_event_gen_test.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/kernel/trace/kprobe_event_gen_test.c b/kernel/trace/kprobe_event_gen_test.c index 1c98fafcf333..c736487fc0e4 100644 --- a/kernel/trace/kprobe_event_gen_test.c +++ b/kernel/trace/kprobe_event_gen_test.c @@ -143,6 +143,8 @@ static int __init test_gen_kprobe_cmd(void) kfree(buf); return ret; delete: + if (trace_event_file_is_valid(gen_kprobe_test)) + gen_kprobe_test = NULL; /* We got an error after creating the event, delete it */ ret = kprobe_event_delete("gen_kprobe_test"); goto out; @@ -206,6 +208,8 @@ static int __init test_gen_kretprobe_cmd(void) kfree(buf); return ret; delete: + if (trace_event_file_is_valid(gen_kretprobe_test)) + gen_kretprobe_test = NULL; /* We got an error after creating the event, delete it */ ret = kprobe_event_delete("gen_kretprobe_test"); goto out; From patchwork Sun Nov 20 20:11:59 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steven Rostedt X-Patchwork-Id: 23464 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp1259252wrr; Sun, 20 Nov 2022 12:41:54 -0800 (PST) X-Google-Smtp-Source: AA0mqf6qfO0SaketGhc8XYtkZSCxZG3jU7qyBf0LsQJUy5nS9+ctVl6QYCU1cuErhF6KCYOin7IA X-Received: by 2002:a17:902:dac2:b0:189:7d5:26ea with SMTP id q2-20020a170902dac200b0018907d526eamr8686158plx.145.1668976914282; Sun, 20 Nov 2022 12:41:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668976914; cv=none; d=google.com; s=arc-20160816; b=NaY3o8vZOvRroTruCAzjTk5xz+aXJ+b2Dtemx9o94nJ64AJZrPl1tQbIe80f5Pmvp1 7HfZCAs+fXo/6YXMGJ8yJTLD6DInoD8tBqj3d/RjVkGBHtT8z633o6QUiKV67m3oYt0w T4PqfHZg4lmX2r7K69fxiw4Trm9dQlXS85+E9K9LRhLBxGGX6UitaVxIRKObE/QGdYqU Wp9O1JMlMQ6pphqABTU3Oip/iCRvH2wvvpzt5hteGi8ooiDjvJcjbjAdbPXjRF/D10Jh y2HqxqpK7Nwb+RQFrEHdaXlj8ov5rQEl6lwpoE1PBUra/gBzWMlubPl/sBgseJxMaleb WiEQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:subject:cc:to:from:date :user-agent:message-id; bh=DT2XvdclpEb3IZiDB7cBmBeGYtr/zQYN3lDodrablW4=; b=WtdCHtOQZH7/CFeT2+LVG3fT5ZSeOxt3/wfyCd0lO5f3VSJKuhKvawTeGuS3kjNb0i UnNPkXccEXrh0oXnXEWPVBpOXKgwgGt44Cw7+emfLlFjhioYWFABJrpvNj93jGW2cOPs VqrDRpOFqLiTMKAtyBbtXea0+sTR9UI/IBBv77STAxsEoen+ImXSD1hfY8d+mGipiI24 UnwECTb1mo2WQdg5LMKoglgxaC7cqi2umm9d3wZLVcNXnC1fQlI99FXIxrG/XtVC4aKD 5q2B3nM09KV64ZpbZkkb0gSHn4IjZctShInu50tHSrr3kWYFgRJntPaeZzyhymmneXvu 9SGw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id z42-20020a056a001daa00b0056d789ba707si9181260pfw.294.2022.11.20.12.41.41; Sun, 20 Nov 2022 12:41:54 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229874AbiKTUMo (ORCPT + 99 others); Sun, 20 Nov 2022 15:12:44 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57442 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229513AbiKTUMa (ORCPT ); Sun, 20 Nov 2022 15:12:30 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7D4D51B3 for ; Sun, 20 Nov 2022 12:12:25 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id E269F60D27 for ; Sun, 20 Nov 2022 20:12:23 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4FA8FC43147; Sun, 20 Nov 2022 20:12:23 +0000 (UTC) Received: from rostedt by gandalf.local.home with local (Exim 4.96) (envelope-from ) id 1owqfu-00DiX5-14; Sun, 20 Nov 2022 15:12:22 -0500 Message-ID: <20221120201222.207937180@goodmis.org> User-Agent: quilt/0.66 Date: Sun, 20 Nov 2022 15:11:59 -0500 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Masami Hiramatsu , Andrew Morton , Rafael Mendonca Subject: [for-linus][PATCH 3/7] tracing/eprobe: Fix memory leak of filter string References: <20221120201156.868430827@goodmis.org> MIME-Version: 1.0 X-Spam-Status: No, score=-6.7 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1750049136717678382?= X-GMAIL-MSGID: =?utf-8?q?1750049136717678382?= From: Rafael Mendonca The filter string doesn't get freed when a dynamic event is deleted. If a filter is set, then memory is leaked: root@localhost:/sys/kernel/tracing# echo 'e:egroup/stat_runtime_4core \ sched/sched_stat_runtime runtime=$runtime:u32 if cpu < 4' >> dynamic_events root@localhost:/sys/kernel/tracing# echo "-:egroup/stat_runtime_4core" >> dynamic_events root@localhost:/sys/kernel/tracing# echo scan > /sys/kernel/debug/kmemleak [ 224.416373] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) root@localhost:/sys/kernel/tracing# cat /sys/kernel/debug/kmemleak unreferenced object 0xffff88810156f1b8 (size 8): comm "bash", pid 224, jiffies 4294935612 (age 55.800s) hex dump (first 8 bytes): 63 70 75 20 3c 20 34 00 cpu < 4. backtrace: [<000000009f880725>] __kmem_cache_alloc_node+0x18e/0x720 [<0000000042492946>] __kmalloc+0x57/0x240 [<0000000034ea7995>] __trace_eprobe_create+0x1214/0x1d30 [<00000000d70ef730>] trace_probe_create+0xf6/0x110 [<00000000915c7b16>] eprobe_dyn_event_create+0x21/0x30 [<000000000d894386>] create_dyn_event+0xf3/0x1a0 [<00000000e9af57d5>] trace_parse_run_command+0x1a9/0x2e0 [<0000000080777f18>] dyn_event_write+0x39/0x50 [<0000000089f0ec73>] vfs_write+0x311/0xe50 [<000000003da1bdda>] ksys_write+0x158/0x2a0 [<00000000bb1e616e>] __x64_sys_write+0x7c/0xc0 [<00000000e8aef1f7>] do_syscall_64+0x60/0x90 [<00000000fe7fe8ba>] entry_SYSCALL_64_after_hwframe+0x63/0xcd Additionally, in __trace_eprobe_create() function, if an error occurs after the call to trace_eprobe_parse_filter(), which allocates the filter string, then memory is also leaked. That can be reproduced by creating the same event probe twice: root@localhost:/sys/kernel/tracing# echo 'e:egroup/stat_runtime_4core \ sched/sched_stat_runtime runtime=$runtime:u32 if cpu < 4' >> dynamic_events root@localhost:/sys/kernel/tracing# echo 'e:egroup/stat_runtime_4core \ sched/sched_stat_runtime runtime=$runtime:u32 if cpu < 4' >> dynamic_events -bash: echo: write error: File exists root@localhost:/sys/kernel/tracing# echo scan > /sys/kernel/debug/kmemleak [ 207.871584] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) root@localhost:/sys/kernel/tracing# cat /sys/kernel/debug/kmemleak unreferenced object 0xffff8881020d17a8 (size 8): comm "bash", pid 223, jiffies 4294938308 (age 31.000s) hex dump (first 8 bytes): 63 70 75 20 3c 20 34 00 cpu < 4. backtrace: [<000000000e4f5f31>] __kmem_cache_alloc_node+0x18e/0x720 [<0000000024f0534b>] __kmalloc+0x57/0x240 [<000000002930a28e>] __trace_eprobe_create+0x1214/0x1d30 [<0000000028387903>] trace_probe_create+0xf6/0x110 [<00000000a80d6a9f>] eprobe_dyn_event_create+0x21/0x30 [<000000007168698c>] create_dyn_event+0xf3/0x1a0 [<00000000f036bf6a>] trace_parse_run_command+0x1a9/0x2e0 [<00000000014bde8b>] dyn_event_write+0x39/0x50 [<0000000078a097f7>] vfs_write+0x311/0xe50 [<00000000996cb208>] ksys_write+0x158/0x2a0 [<00000000a3c2acb0>] __x64_sys_write+0x7c/0xc0 [<0000000006b5d698>] do_syscall_64+0x60/0x90 [<00000000780e8ecf>] entry_SYSCALL_64_after_hwframe+0x63/0xcd Fix both issues by releasing the filter string in trace_event_probe_cleanup(). Link: https://lore.kernel.org/all/20221108235738.1021467-1-rafaelmendsr@gmail.com/ Fixes: 752be5c5c910 ("tracing/eprobe: Add eprobe filter support") Signed-off-by: Rafael Mendonca Acked-by: Masami Hiramatsu (Google) Signed-off-by: Masami Hiramatsu (Google) --- kernel/trace/trace_eprobe.c | 1 + 1 file changed, 1 insertion(+) diff --git a/kernel/trace/trace_eprobe.c b/kernel/trace/trace_eprobe.c index 5dd0617e5df6..fe4833a7b7b3 100644 --- a/kernel/trace/trace_eprobe.c +++ b/kernel/trace/trace_eprobe.c @@ -52,6 +52,7 @@ static void trace_event_probe_cleanup(struct trace_eprobe *ep) kfree(ep->event_system); if (ep->event) trace_event_put_ref(ep->event); + kfree(ep->filter_str); kfree(ep); } From patchwork Sun Nov 20 20:12:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steven Rostedt X-Patchwork-Id: 23460 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp1257540wrr; Sun, 20 Nov 2022 12:35:17 -0800 (PST) X-Google-Smtp-Source: AA0mqf7QB3XqxkyTlpCbgK6lx5SHoYPyZBeRQ3aW5AIoOYUGvCL+pX/K7Nc0C3oo97/XAJtdiD1k X-Received: by 2002:a17:902:f78a:b0:188:a51c:b570 with SMTP id q10-20020a170902f78a00b00188a51cb570mr9137802pln.7.1668976517102; Sun, 20 Nov 2022 12:35:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668976517; cv=none; d=google.com; s=arc-20160816; b=X9+Vvt2RHD59kCJulG0SqAyLFE7OIU0MN3znfzsIGbL4VqzRDdUKi66Fe4dX13zotV 3iZ2qNSG5wO5HCf0KhmoJBWK3HmIrvUwEBTQKc2XHapWhshOqeHsXOJUImaaANwn/8HU xyVA1FccdF1v6w6J8CqThWFuI6YadXJAVs/OetHw16mhllRJdIFaqQdNiwvdZepjYD/l RA5gDYhtytbOifw3MOxx8NL3oVUk2EoaZGk0pU9Z4JzCC3CIw2N88utYkxU7/gUmk3I1 HVj22KXr+r/y1mOBc0xN26z32I+M+jfsM91FYa9MbF3L3rOe3s2hEy79JskjrroB9/IL 1LKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:subject:cc:to:from:date :user-agent:message-id; bh=Gc4JMRdVBiaWmPAUh/M8rZZZjgY8V8als2nE4c7W8Q4=; b=fmbOCCYWRHUx+QoTLla0PTk9yMsPV4fHL+j075bkQ4qM1AhNOIfN7XsmXkoIM9O61W 6JD8iDn1aO4mRHbuZTDDqOuzdAQYNJpbq2v34Qh+6LEPTMTW1VohCapTKNzNBDWTn8Qj MibCLkTTBx32SciL9zNKLSF1zAudIJJUwJg1i1BdzYlaH0XJeG0C3qFEGy7MdbplZ/KG XirNgCnSsIhsT1NORle7eoCC5bZ0Fx5j1ATa3zcgpB+Ljo9CDfkcZt5WcVV87heVb7RF B50v8+8YwfW/lvQKuKBXs4xqJeX16Ra2M3vgVpbc2GGinxA0GPuueWkYcILczwZnn9xg z+6g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id z42-20020a056a001daa00b0056d789ba707si9181260pfw.294.2022.11.20.12.35.02; Sun, 20 Nov 2022 12:35:17 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229939AbiKTUMx (ORCPT + 99 others); Sun, 20 Nov 2022 15:12:53 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57478 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229635AbiKTUMa (ORCPT ); Sun, 20 Nov 2022 15:12:30 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D96D0E8A; Sun, 20 Nov 2022 12:12:25 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 8D865B80B87; Sun, 20 Nov 2022 20:12:24 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5FE4CC433D7; Sun, 20 Nov 2022 20:12:23 +0000 (UTC) Received: from rostedt by gandalf.local.home with local (Exim 4.96) (envelope-from ) id 1owqfu-00DiXZ-1X; Sun, 20 Nov 2022 15:12:22 -0500 Message-ID: <20221120201222.349027009@goodmis.org> User-Agent: quilt/0.66 Date: Sun, 20 Nov 2022 15:12:00 -0500 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Masami Hiramatsu , Andrew Morton , stable@vger.kernel.org, Yi Yang Subject: [for-linus][PATCH 4/7] rethook: fix a potential memleak in rethook_alloc() References: <20221120201156.868430827@goodmis.org> MIME-Version: 1.0 X-Spam-Status: No, score=-6.7 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1750048720006158426?= X-GMAIL-MSGID: =?utf-8?q?1750048720006158426?= From: Yi Yang In rethook_alloc(), the variable rh is not freed or passed out if handler is NULL, which could lead to a memleak, fix it. Link: https://lore.kernel.org/all/20221110104438.88099-1-yiyang13@huawei.com/ [Masami: Add "rethook:" tag to the title.] Fixes: 54ecbe6f1ed5 ("rethook: Add a generic return hook") Cc: stable@vger.kernel.org Signed-off-by: Yi Yang Acke-by: Masami Hiramatsu (Google) Signed-off-by: Masami Hiramatsu (Google) --- kernel/trace/rethook.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/kernel/trace/rethook.c b/kernel/trace/rethook.c index c69d82273ce7..32c3dfdb4d6a 100644 --- a/kernel/trace/rethook.c +++ b/kernel/trace/rethook.c @@ -83,8 +83,10 @@ struct rethook *rethook_alloc(void *data, rethook_handler_t handler) { struct rethook *rh = kzalloc(sizeof(struct rethook), GFP_KERNEL); - if (!rh || !handler) + if (!rh || !handler) { + kfree(rh); return NULL; + } rh->data = data; rh->handler = handler; From patchwork Sun Nov 20 20:12:01 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steven Rostedt X-Patchwork-Id: 23458 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp1251971wrr; Sun, 20 Nov 2022 12:14:17 -0800 (PST) X-Google-Smtp-Source: AA0mqf5HgyKHDNNLQD+aF2mtjdlUOCr9HbplX0utbs2AofHIh+DTyTSkaedIRL+xmWXUtAxqCnf+ X-Received: by 2002:a63:ef50:0:b0:476:e813:1ae9 with SMTP id c16-20020a63ef50000000b00476e8131ae9mr97149pgk.305.1668975257470; Sun, 20 Nov 2022 12:14:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668975257; cv=none; d=google.com; s=arc-20160816; b=bartHTFLn5Tmc8ZIvylZxewCPtCDqKrchTSLS6GB5XZsAr5mbzcIEwlcZoyex+B01O IM1r8k/0KYwDd6s/fvF7mI2evbMh2HQTiVkusCzC7BoVvQfzgJhOWotsn5xr9MPEzzEa X423rAN8t2OqDvj9lbNIEYeQwBTZazD5ZiMsvXaiCNQBmlKlVQBwrzZf9K/OeOmo51JG RxPhLWmdUqIM/oolQnTE+uNisY6Mz5ETWvZy4GxJLjy+K5m/Bb5lFAAOBgL8+9fQVicn aYL22bdzuaE0Kz5sqjGzR122i3Qq7UMgTUtWGto3Xfmci+tzoQPq0Ni/iNa5X7LGGJu3 lhJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:subject:cc:to:from:date :user-agent:message-id; bh=Rsae648pEn+RndgKEVi8Schb3nunRno9WYsRDnXDGpQ=; b=BfSBGWJlNRGdjPSzvvYqTMpQzewpRDpbYN/BfQ3bh+tfTg3pOXl6OmEh0Vq3/ynvus dRKDvOBJVm3nfBnC5JpSjrDoPslWQXuG8aBsTObCb/jarCZTKMz1AcRNz3rr9TOS9YsZ u9uYoREODLd0SHB7KOnkA1lfNYBLnr4HQUtuYjLWgPSUEQjBUprsj/khhBSBQ8kVhc0M 0PKC2DEwHi3RPeeT2VmyO41vibxKevfAW9x0XAUwx6pmku+ZLYg65IYJ+hOaL7DQniUZ lZOdpcZ6gM6DbJnboPCm4/SiITQqQZCbmQTE+OIbkgpZQnFemm9q24at6jPfMz11TKnF OXsg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f188-20020a636ac5000000b004493c7cfb5csi9344705pgc.447.2022.11.20.12.14.04; Sun, 20 Nov 2022 12:14:17 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229680AbiKTUMe (ORCPT + 99 others); Sun, 20 Nov 2022 15:12:34 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57446 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229518AbiKTUM3 (ORCPT ); Sun, 20 Nov 2022 15:12:29 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8CC3027D for ; Sun, 20 Nov 2022 12:12:25 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 25D4B60D29 for ; Sun, 20 Nov 2022 20:12:25 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7B5C9C4314A; Sun, 20 Nov 2022 20:12:23 +0000 (UTC) Received: from rostedt by gandalf.local.home with local (Exim 4.96) (envelope-from ) id 1owqfu-00DiY3-1z; Sun, 20 Nov 2022 15:12:22 -0500 Message-ID: <20221120201222.492058544@goodmis.org> User-Agent: quilt/0.66 Date: Sun, 20 Nov 2022 15:12:01 -0500 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Masami Hiramatsu , Andrew Morton , Zhao Gongyi , Li Huafei Subject: [for-linus][PATCH 5/7] kprobes: Skip clearing aggrprobes post_handler in kprobe-on-ftrace case References: <20221120201156.868430827@goodmis.org> MIME-Version: 1.0 X-Spam-Status: No, score=-6.7 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1750047399516475261?= X-GMAIL-MSGID: =?utf-8?q?1750047399516475261?= From: Li Huafei In __unregister_kprobe_top(), if the currently unregistered probe has post_handler but other child probes of the aggrprobe do not have post_handler, the post_handler of the aggrprobe is cleared. If this is a ftrace-based probe, there is a problem. In later calls to disarm_kprobe(), we will use kprobe_ftrace_ops because post_handler is NULL. But we're armed with kprobe_ipmodify_ops. This triggers a WARN in __disarm_kprobe_ftrace() and may even cause use-after-free: Failed to disarm kprobe-ftrace at kernel_clone+0x0/0x3c0 (error -2) WARNING: CPU: 5 PID: 137 at kernel/kprobes.c:1135 __disarm_kprobe_ftrace.isra.21+0xcf/0xe0 Modules linked in: testKprobe_007(-) CPU: 5 PID: 137 Comm: rmmod Not tainted 6.1.0-rc4-dirty #18 [...] Call Trace: __disable_kprobe+0xcd/0xe0 __unregister_kprobe_top+0x12/0x150 ? mutex_lock+0xe/0x30 unregister_kprobes.part.23+0x31/0xa0 unregister_kprobe+0x32/0x40 __x64_sys_delete_module+0x15e/0x260 ? do_user_addr_fault+0x2cd/0x6b0 do_syscall_64+0x3a/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd [...] For the kprobe-on-ftrace case, we keep the post_handler setting to identify this aggrprobe armed with kprobe_ipmodify_ops. This way we can disarm it correctly. Link: https://lore.kernel.org/all/20221112070000.35299-1-lihuafei1@huawei.com/ Fixes: 0bc11ed5ab60 ("kprobes: Allow kprobes coexist with livepatch") Reported-by: Zhao Gongyi Suggested-by: Masami Hiramatsu (Google) Signed-off-by: Li Huafei Acked-by: Masami Hiramatsu (Google) Signed-off-by: Masami Hiramatsu (Google) --- kernel/kprobes.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/kernel/kprobes.c b/kernel/kprobes.c index cd9f5a66a690..3050631e528d 100644 --- a/kernel/kprobes.c +++ b/kernel/kprobes.c @@ -1766,7 +1766,13 @@ static int __unregister_kprobe_top(struct kprobe *p) if ((list_p != p) && (list_p->post_handler)) goto noclean; } - ap->post_handler = NULL; + /* + * For the kprobe-on-ftrace case, we keep the + * post_handler setting to identify this aggrprobe + * armed with kprobe_ipmodify_ops. + */ + if (!kprobe_ftrace(ap)) + ap->post_handler = NULL; } noclean: /* From patchwork Sun Nov 20 20:12:02 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steven Rostedt X-Patchwork-Id: 23463 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp1258945wrr; Sun, 20 Nov 2022 12:40:47 -0800 (PST) X-Google-Smtp-Source: AA0mqf6bFvwYyxSwiCIsHLaW5Dk+phvG0jp2OEeSMuNNSNX743vrSX6K9EuJdTgZ0bAFOsccK2H9 X-Received: by 2002:a63:c46:0:b0:476:ed2a:6228 with SMTP id 6-20020a630c46000000b00476ed2a6228mr15606979pgm.137.1668976847306; Sun, 20 Nov 2022 12:40:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668976847; cv=none; d=google.com; s=arc-20160816; b=hJm9QO1oY2DlK8ajbIuwhsGNnWQ265VVYaAndFPSpxkoR5vbR6qftLbBDYzk8gwzUA V5NDtTt3gMzKA/YRXqjY57PCbheczEc9nBbzCZBom23a3MPvBFgZMRK4/hgelNRGN8pj YGWt/hYbCNm7xEDzSJjyu2lyssbJQ0jgenJNR0peP4HSJvvQPl9fA52zH6N6rFUf2kPD ZjoxyWIR+/7Pkt5sstbrzbQQ8Pyk8fC3C5UJ2VjSV24dZMwDZk8BjOUrMYedMOmSsHKc QooJlf+lNglslUr27KNCnqUsbZ8ng3yvebjUgWrwAh5wcgETQxs/sCdLrFuKZxv63UYv Dvkw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:subject:cc:to:from:date :user-agent:message-id; bh=mHMR27wbl+oZye5Vy0iFngGMYdXwLALxyDDw5I6LOT0=; b=tJi2n9rdWDL3JQTb1em9f+nJBZMjObYGGOfCqS28Y0J8XaZ6H9umgtOB6zttsaVSc/ 5+riUCgwMUJTe9ZFrLJMr6lueXbmlg3bTtBOHBJbMf9/HbLszqRpVnsCDkLKZ443Am1Z UpEodUvzTqQ2qneTHuH9UpxgsbGv+1QquUL0C8MMu5E2/PyAToDqb1tbwy8uFh/XmxgN TzvrN65Vy+KpSn4mRITQ9CU7lpeSM+FIL1+AXpAhoOsvBHwp5BfP2xGpIgaqZawhF54Q OekvPMYN689ZEZ0uY0jWGN2HCbrpgKHsGrhtbbbeH3GROhFP/ml7Ycoisd4skyis8dVK 2yvA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j190-20020a6380c7000000b00477312c910dsi7017845pgd.657.2022.11.20.12.40.33; Sun, 20 Nov 2022 12:40:47 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229916AbiKTUMq (ORCPT + 99 others); Sun, 20 Nov 2022 15:12:46 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57476 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229622AbiKTUMa (ORCPT ); Sun, 20 Nov 2022 15:12:30 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 276A9F2F for ; Sun, 20 Nov 2022 12:12:27 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id C85CFB80B7F for ; Sun, 20 Nov 2022 20:12:25 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A0CEBC4314D; Sun, 20 Nov 2022 20:12:23 +0000 (UTC) Received: from rostedt by gandalf.local.home with local (Exim 4.96) (envelope-from ) id 1owqfu-00DiYX-2R; Sun, 20 Nov 2022 15:12:22 -0500 Message-ID: <20221120201222.632754356@goodmis.org> User-Agent: quilt/0.66 Date: Sun, 20 Nov 2022 15:12:02 -0500 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Masami Hiramatsu , Andrew Morton , Rafael Mendonca Subject: [for-linus][PATCH 6/7] tracing/eprobe: Fix warning in filter creation References: <20221120201156.868430827@goodmis.org> MIME-Version: 1.0 X-Spam-Status: No, score=-6.7 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1750049066581880263?= X-GMAIL-MSGID: =?utf-8?q?1750049066581880263?= From: Rafael Mendonca The filter pointer (filterp) passed to create_filter() function must be a pointer that references a NULL pointer, otherwise, we get a warning when adding a filter option to the event probe: root@localhost:/sys/kernel/tracing# echo 'e:egroup/stat_runtime_4core sched/sched_stat_runtime \ runtime=$runtime:u32 if cpu < 4' >> dynamic_events [ 5034.340439] ------------[ cut here ]------------ [ 5034.341258] WARNING: CPU: 0 PID: 223 at kernel/trace/trace_events_filter.c:1939 create_filter+0x1db/0x250 [...] stripped [ 5034.345518] RIP: 0010:create_filter+0x1db/0x250 [...] stripped [ 5034.351604] Call Trace: [ 5034.351803] [ 5034.351959] ? process_preds+0x1b40/0x1b40 [ 5034.352241] ? rcu_read_lock_bh_held+0xd0/0xd0 [ 5034.352604] ? kasan_set_track+0x29/0x40 [ 5034.352904] ? kasan_save_alloc_info+0x1f/0x30 [ 5034.353264] create_event_filter+0x38/0x50 [ 5034.353573] __trace_eprobe_create+0x16f4/0x1d20 [ 5034.353964] ? eprobe_dyn_event_release+0x360/0x360 [ 5034.354363] ? mark_held_locks+0xa6/0xf0 [ 5034.354684] ? _raw_spin_unlock_irqrestore+0x35/0x60 [ 5034.355105] ? trace_hardirqs_on+0x41/0x120 [ 5034.355417] ? _raw_spin_unlock_irqrestore+0x35/0x60 [ 5034.355751] ? __create_object+0x5b7/0xcf0 [ 5034.356027] ? lock_is_held_type+0xaf/0x120 [ 5034.356362] ? rcu_read_lock_bh_held+0xb0/0xd0 [ 5034.356716] ? rcu_read_lock_bh_held+0xd0/0xd0 [ 5034.357084] ? kasan_set_track+0x29/0x40 [ 5034.357411] ? kasan_save_alloc_info+0x1f/0x30 [ 5034.357715] ? __kasan_kmalloc+0xb8/0xc0 [ 5034.357985] ? write_comp_data+0x2f/0x90 [ 5034.358302] ? __sanitizer_cov_trace_pc+0x25/0x60 [ 5034.358691] ? argv_split+0x381/0x460 [ 5034.358949] ? write_comp_data+0x2f/0x90 [ 5034.359240] ? eprobe_dyn_event_release+0x360/0x360 [ 5034.359620] trace_probe_create+0xf6/0x110 [ 5034.359940] ? trace_probe_match_command_args+0x240/0x240 [ 5034.360376] eprobe_dyn_event_create+0x21/0x30 [ 5034.360709] create_dyn_event+0xf3/0x1a0 [ 5034.360983] trace_parse_run_command+0x1a9/0x2e0 [ 5034.361297] ? dyn_event_release+0x500/0x500 [ 5034.361591] dyn_event_write+0x39/0x50 [ 5034.361851] vfs_write+0x311/0xe50 [ 5034.362091] ? dyn_event_seq_next+0x40/0x40 [ 5034.362376] ? kernel_write+0x5b0/0x5b0 [ 5034.362637] ? write_comp_data+0x2f/0x90 [ 5034.362937] ? __sanitizer_cov_trace_pc+0x25/0x60 [ 5034.363258] ? ftrace_syscall_enter+0x544/0x840 [ 5034.363563] ? write_comp_data+0x2f/0x90 [ 5034.363837] ? __sanitizer_cov_trace_pc+0x25/0x60 [ 5034.364156] ? write_comp_data+0x2f/0x90 [ 5034.364468] ? write_comp_data+0x2f/0x90 [ 5034.364770] ksys_write+0x158/0x2a0 [ 5034.365022] ? __ia32_sys_read+0xc0/0xc0 [ 5034.365344] __x64_sys_write+0x7c/0xc0 [ 5034.365669] ? syscall_enter_from_user_mode+0x53/0x70 [ 5034.366084] do_syscall_64+0x60/0x90 [ 5034.366356] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 5034.366767] RIP: 0033:0x7ff0b43938f3 [...] stripped [ 5034.371892] [ 5034.374720] ---[ end trace 0000000000000000 ]--- Link: https://lore.kernel.org/all/20221108202148.1020111-1-rafaelmendsr@gmail.com/ Fixes: 752be5c5c910 ("tracing/eprobe: Add eprobe filter support") Signed-off-by: Rafael Mendonca Acked-by: Masami Hiramatsu (Google) Signed-off-by: Masami Hiramatsu (Google) --- kernel/trace/trace_eprobe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/trace/trace_eprobe.c b/kernel/trace/trace_eprobe.c index fe4833a7b7b3..e888446d80fa 100644 --- a/kernel/trace/trace_eprobe.c +++ b/kernel/trace/trace_eprobe.c @@ -901,7 +901,7 @@ static int trace_eprobe_tp_update_arg(struct trace_eprobe *ep, const char *argv[ static int trace_eprobe_parse_filter(struct trace_eprobe *ep, int argc, const char *argv[]) { - struct event_filter *dummy; + struct event_filter *dummy = NULL; int i, ret, len = 0; char *p; From patchwork Sun Nov 20 20:12:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steven Rostedt X-Patchwork-Id: 23459 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp1255777wrr; Sun, 20 Nov 2022 12:29:27 -0800 (PST) X-Google-Smtp-Source: AA0mqf5N2tP02/xbLUwL+/kgBAtONHoiN0iywG5T6QREyQ6y6UgjExmdHhdtPcporaQiDGpxu1cY X-Received: by 2002:a17:90a:9706:b0:218:7ccd:d487 with SMTP id x6-20020a17090a970600b002187ccdd487mr14660470pjo.18.1668976167384; Sun, 20 Nov 2022 12:29:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668976167; cv=none; d=google.com; s=arc-20160816; b=h58kmDxX1d7XdfZT5WAYVWAIGkYcAw35D/PCUZzaC/WO3MbdlXYXlKDnD3iRCm/jj4 IPhk5JG0S0FNwHqxdiAGqq0UnwXR7aTjDHhNMRYpnc/V6e9BEmIMe1rOqC4wWwqUC9F1 4FoI+wDn67Unsxg7dVqIJUYE5vRH1zFgpr304klaENU5kFChuIyInynYjOGzq4ENF4Db ccEcALigLT+QELnos5I+S3mfMNav42FY/rrVjVgdegFWBTfL/eN7dAWcwsXHd3fEyczF rDu1DCn5YDqPG47/IYj7jtuJt/WRpl/EyxGXF/WYF4iF9dUm1wTN0zHJ7FFTV1qo4qYo 1kxg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:subject:cc:to:from:date :user-agent:message-id; bh=RHfle7F4zj03HufvWsnK1FYEADm1NrT1e1Tvi6DA3ns=; b=RtbP2NOY1WWCj6/2MlTozGdvr4YomsImzxLRnEBIqfq52oKoSiRtw2YYtWkxFgTFab b5X9KKxxEHcTC1D7RGjQqFh7DLQipmbekSiO2Bs//vyvl1XVJxx4MNQG0ueY5pH9sX58 fP8b6RrUAIlbE2RC3Cr3l2AjC1TAx2SEVKoQfwesSILNzQXiy1/8guxOaEHJGOcSwWAi hh84s2IxDxyFyjpabL3KXZLHD7MgWrhjkiCrEBJBixp1J7U1Zh50bxo4JWWWBLjwQFOv WYwLlwdExt/9omze3b+LV4VLepJuYSWqO4LoE5QtuR8sZycGmuF9zLYZzaVW8JJ6SX4u NOHw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id d17-20020aa78691000000b0056d097ca7efsi8645939pfo.37.2022.11.20.12.29.04; Sun, 20 Nov 2022 12:29:27 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229721AbiKTUMg (ORCPT + 99 others); Sun, 20 Nov 2022 15:12:36 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57448 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229519AbiKTUM3 (ORCPT ); Sun, 20 Nov 2022 15:12:29 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8EA04B6E for ; Sun, 20 Nov 2022 12:12:25 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 25D9160D2B for ; Sun, 20 Nov 2022 20:12:25 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C6E67C4314B; Sun, 20 Nov 2022 20:12:23 +0000 (UTC) Received: from rostedt by gandalf.local.home with local (Exim 4.96) (envelope-from ) id 1owqfu-00DiZ1-2v; Sun, 20 Nov 2022 15:12:22 -0500 Message-ID: <20221120201222.773967768@goodmis.org> User-Agent: quilt/0.66 Date: Sun, 20 Nov 2022 15:12:03 -0500 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Masami Hiramatsu , Andrew Morton , Rafael Mendonca Subject: [for-linus][PATCH 7/7] tracing/eprobe: Fix eprobe filter to make a filter correctly References: <20221120201156.868430827@goodmis.org> MIME-Version: 1.0 X-Spam-Status: No, score=-6.7 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1750048353417605737?= X-GMAIL-MSGID: =?utf-8?q?1750048353417605737?= From: "Masami Hiramatsu (Google)" Since the eprobe filter was defined based on the eprobe's trace event itself, it doesn't work correctly. Use the original trace event of the eprobe when making the filter so that the filter works correctly. Without this fix: # echo 'e syscalls/sys_enter_openat \ flags_rename=$flags:u32 if flags < 1000' >> dynamic_events # echo 1 > events/eprobes/sys_enter_openat/enable [ 114.551550] event trace: Could not enable event sys_enter_openat -bash: echo: write error: Invalid argument With this fix: # echo 'e syscalls/sys_enter_openat \ flags_rename=$flags:u32 if flags < 1000' >> dynamic_events # echo 1 > events/eprobes/sys_enter_openat/enable # tail trace cat-241 [000] ...1. 266.498449: sys_enter_openat: (syscalls.sys_enter_openat) flags_rename=0 cat-242 [000] ...1. 266.977640: sys_enter_openat: (syscalls.sys_enter_openat) flags_rename=0 Link: https://lore.kernel.org/all/166823166395.1385292.8931770640212414483.stgit@devnote3/ Fixes: 752be5c5c910 ("tracing/eprobe: Add eprobe filter support") Reported-by: Rafael Mendonca Tested-by: Rafael Mendonca Signed-off-by: Masami Hiramatsu (Google) --- kernel/trace/trace_eprobe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/trace/trace_eprobe.c b/kernel/trace/trace_eprobe.c index e888446d80fa..123d2c0a6b68 100644 --- a/kernel/trace/trace_eprobe.c +++ b/kernel/trace/trace_eprobe.c @@ -643,7 +643,7 @@ new_eprobe_trigger(struct trace_eprobe *ep, struct trace_event_file *file) INIT_LIST_HEAD(&trigger->list); if (ep->filter_str) { - ret = create_event_filter(file->tr, file->event_call, + ret = create_event_filter(file->tr, ep->event, ep->filter_str, false, &filter); if (ret) goto error;