korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-25 21:24:08 +08:00
Code Issues Packages Projects Releases Wiki Activity

tracing: Handle %.*s in trace_check_vprintf()

Browse Source 
If a trace event uses the %*.s notation, the trace_check_vprintf() will
fail and will warn about a bad processing of strings, because it does not
take into account the length field when processing the star (*) part.
Have it handle this case as well.

Link: https://lore.kernel.org/linux-nfs/238C0E2D-C2A4-4578-ADD2-C565B3B99842@oracle.com/

Reported-by: Chuck Lever III <chuck.lever@oracle.com>
Fixes: 9a6944fee6 ("tracing: Add a verifier to check string pointers for trace events")
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
This commit is contained in:
Steven Rostedt (VMware) 2021-05-13 12:23:24 -04:00
parent 6efb943b86
commit eb01f5353b
1 changed files with 27 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
kernel/trace/trace.c
View File

@ -3704,6 +3704,9 @@ void trace_check_vprintf(struct trace_iterator *iter, const char *fmt,
goto print;
while (*p) {
bool star = false;
int len = 0;
j = 0;
/* We only care about %s and variants */
@ -3725,13 +3728,17 @@ void trace_check_vprintf(struct trace_iterator *iter, const char *fmt,
/* Need to test cases like %08.*s */
for (j = 1; p[i+j]; j++) {
if (isdigit(p[i+j]) ||
p[i+j] == '*' ||
p[i+j] == '.')
continue;
if (p[i+j] == '*') {
star = true;
continue;
}
break;
}
if (p[i+j] == 's')
break;
star = false;
}
j = 0;
}
@ -3744,6 +3751,9 @@ void trace_check_vprintf(struct trace_iterator *iter, const char *fmt,
iter->fmt[i] = '\0';
trace_seq_vprintf(&iter->seq, iter->fmt, ap);
if (star)
len = va_arg(ap, int);
/* The ap now points to the string data of the %s */
str = va_arg(ap, const char *);
@ -3762,8 +3772,18 @@ void trace_check_vprintf(struct trace_iterator *iter, const char *fmt,
int ret;
/* Try to safely read the string */
ret = strncpy_from_kernel_nofault(iter->fmt, str,
iter->fmt_size);
if (star) {
if (len + 1 > iter->fmt_size)
len = iter->fmt_size - 1;
if (len < 0)
len = 0;
ret = copy_from_kernel_nofault(iter->fmt, str, len);
iter->fmt[len] = 0;
star = false;
} else {
ret = strncpy_from_kernel_nofault(iter->fmt, str,
iter->fmt_size);
}
if (ret < 0)
trace_seq_printf(&iter->seq, "(0x%px)", str);
else
@ -3775,7 +3795,10 @@ void trace_check_vprintf(struct trace_iterator *iter, const char *fmt,
strncpy(iter->fmt, p + i, j + 1);
iter->fmt[j+1] = '\0';
}
trace_seq_printf(&iter->seq, iter->fmt, str);
if (star)
trace_seq_printf(&iter->seq, iter->fmt, len, str);
else
trace_seq_printf(&iter->seq, iter->fmt, str);
p += i + j + 1;
}