korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-11 20:48:49 +08:00
Code Issues Packages Projects Releases Wiki Activity
59300b36f8
linux/include
History
Steven Rostedt (VMware) 83b62687a0 workqueue/tracing: Copy workqueue name to buffer in trace event 
The trace event "workqueue_queue_work" references an unsafe string in
dereferencing the name of the workqueue. As the name is allocated, it
could later be freed, and the pointer to that string could stay on the
tracing buffer. If the trace buffer is read after the string is freed, it
will reference an unsafe pointer.

I added a new verifier to make sure that all strings referenced in the
output of the trace buffer is safe to read and this triggered on the
workqueue_queue_work trace event:

workqueue_queue_work: work struct=00000000b2b235c7 function=gc_worker workqueue=(0xffff888100051160:events_power_efficient)[UNSAFE-MEMORY] req_cpu=256 cpu=1
workqueue_queue_work: work struct=00000000c344caec function=flush_to_ldisc workqueue=(0xffff888100054d60:events_unbound)[UNSAFE-MEMORY] req_cpu=256 cpu=4294967295
workqueue_queue_work: work struct=00000000b2b235c7 function=gc_worker workqueue=(0xffff888100051160:events_power_efficient)[UNSAFE-MEMORY] req_cpu=256 cpu=1
workqueue_queue_work: work struct=000000000b238b3f function=vmstat_update workqueue=(0xffff8881000c3760:mm_percpu_wq)[UNSAFE-MEMORY] req_cpu=1 cpu=1

Also, if this event is read via a user space application like perf or
trace-cmd, the name would only be an address and useless information:

workqueue_queue_work: work struct=0xffff953f80b4b918 function=disk_events_workfn workqueue=ffff953f8005d378 req_cpu=8192 cpu=5

Cc: Zqiang <qiang.zhang@windriver.com>
Cc: Tejun Heo <tj@kernel.org>
Fixes: 7bf9c4a88e ("workqueue: tracing the name of the workqueue instead of it's address")
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
2021-03-18 12:57:37 -04:00
..
acpi IOMMU Updates for Linux v5.12 2021-02-22 10:31:29 -08:00
asm-generic RISC-V Patches for the 5.12 Merge Window 2021-02-26 10:28:35 -08:00
clocksource
crypto Keyrings miscellany 2021-02-23 16:09:23 -08:00
drm drm/drm_vblank: set the dma-fence timestamp during send_vblank_event 2021-02-24 21:05:54 +05:30
dt-bindings RISC-V Patches for the 5.12 Merge Window 2021-02-26 10:28:35 -08:00
keys
kunit
kvm KVM: arm64: Turn kvm_arm_support_pmu_v3() into a static key 2021-03-06 04:18:40 -05:00
linux A set of irqchip updates: 2021-03-14 13:33:33 -07:00
math-emu
media media: rc: compile rc-cec.c into rc-core 2021-03-11 11:40:28 +01:00
memory
misc
net net: icmp: pass zeroed opts from icmp{,v6}_ndo_send before sending 2021-02-23 11:29:52 -08:00
pcmcia
ras
rdma RDMA/ipoib: Remove racy Subnet Manager sendonly join checks 2021-02-16 14:42:58 -04:00
scsi
soc RISC-V Patches for the 5.12 Merge Window 2021-02-26 10:28:35 -08:00
sound ALSA/ASoC/SOF/SoundWire: fix Kconfig issues 2021-03-02 18:30:07 +01:00
target scsi: target: core: Add cmd length set before cmd complete 2021-02-22 22:21:29 -05:00
trace workqueue/tracing: Copy workqueue name to buffer in trace event 2021-03-18 12:57:37 -04:00
uapi Merge git://git.kernel.org:/pub/scm/linux/kernel/git/netdev/net 2021-03-09 17:15:56 -08:00
vdso
video
xen Xen/gnttab: introduce common INVALID_GRANT_{HANDLE,REF} 2021-03-10 16:39:29 -06:00