tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'trace-v6.16-2' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace

Pull tracing fixes from Steven Rostedt:

- Fix UAF in module unload in ftrace when there's a bug in the module

If a module is buggy and triggers ftrace_disable which is set when an
anomaly is detected, when it gets unloaded it doesn't free the hooks
into kallsyms, and when a kallsyms lookup is performed it may access
the mod->modname field and crash via UAF.

Fix this by still freeing the mod_maps that are attached to kallsyms
on module unload regardless if ftrace_disable is set or not.

- Do not bother allocating mod_maps for kallsyms if ftrace_disable is
set

- Remove unused trace events

When a trace event or tracepoint is created but not used, it still
creates the code and data structures needed for that trace event.
This just wastes memory.

Remove the trace events that are created but not used. This does not
remove trace events that are created but are not used due configs not
being set. That will be handled later. This only removes events that
have no user under any config.

* tag 'trace-v6.16-2' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
fsdax: Remove unused trace events for dax insert mapping
genirq/matrix: Remove unused irq_matrix_alloc_reserved tracepoint
xdp: Remove unused mem_return_failed event
ftrace: Don't allocate ftrace module map if ftrace is disabled
ftrace: Fix UAF when lookup kallsym after ftrace disabled

Linus Torvalds 70087d22 def5b099

+10 -115
-78
include/trace/events/fs_dax.h
··· 102 102 DEFINE_PMD_LOAD_HOLE_EVENT(dax_pmd_load_hole); 103 103 DEFINE_PMD_LOAD_HOLE_EVENT(dax_pmd_load_hole_fallback); 104 104 105 - DECLARE_EVENT_CLASS(dax_pmd_insert_mapping_class, 106 - TP_PROTO(struct inode *inode, struct vm_fault *vmf, 107 - long length, pfn_t pfn, void *radix_entry), 108 - TP_ARGS(inode, vmf, length, pfn, radix_entry), 109 - TP_STRUCT__entry( 110 - __field(unsigned long, ino) 111 - __field(unsigned long, vm_flags) 112 - __field(unsigned long, address) 113 - __field(long, length) 114 - __field(u64, pfn_val) 115 - __field(void *, radix_entry) 116 - __field(dev_t, dev) 117 - __field(int, write) 118 - ), 119 - TP_fast_assign( 120 - __entry->dev = inode->i_sb->s_dev; 121 - __entry->ino = inode->i_ino; 122 - __entry->vm_flags = vmf->vma->vm_flags; 123 - __entry->address = vmf->address; 124 - __entry->write = vmf->flags & FAULT_FLAG_WRITE; 125 - __entry->length = length; 126 - __entry->pfn_val = pfn.val; 127 - __entry->radix_entry = radix_entry; 128 - ), 129 - TP_printk("dev %d:%d ino %#lx %s %s address %#lx length %#lx " 130 - "pfn %#llx %s radix_entry %#lx", 131 - MAJOR(__entry->dev), 132 - MINOR(__entry->dev), 133 - __entry->ino, 134 - __entry->vm_flags & VM_SHARED ? "shared" : "private", 135 - __entry->write ? "write" : "read", 136 - __entry->address, 137 - __entry->length, 138 - __entry->pfn_val & ~PFN_FLAGS_MASK, 139 - __print_flags_u64(__entry->pfn_val & PFN_FLAGS_MASK, "|", 140 - PFN_FLAGS_TRACE), 141 - (unsigned long)__entry->radix_entry 142 - ) 143 - ) 144 - 145 - #define DEFINE_PMD_INSERT_MAPPING_EVENT(name) \ 146 - DEFINE_EVENT(dax_pmd_insert_mapping_class, name, \ 147 - TP_PROTO(struct inode *inode, struct vm_fault *vmf, \ 148 - long length, pfn_t pfn, void *radix_entry), \ 149 - TP_ARGS(inode, vmf, length, pfn, radix_entry)) 150 - 151 - DEFINE_PMD_INSERT_MAPPING_EVENT(dax_pmd_insert_mapping); 152 - 153 105 DECLARE_EVENT_CLASS(dax_pte_fault_class, 154 106 TP_PROTO(struct inode *inode, struct vm_fault *vmf, int result), 155 107 TP_ARGS(inode, vmf, result), ··· 145 193 DEFINE_PTE_FAULT_EVENT(dax_load_hole); 146 194 DEFINE_PTE_FAULT_EVENT(dax_insert_pfn_mkwrite_no_entry); 147 195 DEFINE_PTE_FAULT_EVENT(dax_insert_pfn_mkwrite); 148 - 149 - TRACE_EVENT(dax_insert_mapping, 150 - TP_PROTO(struct inode *inode, struct vm_fault *vmf, void *radix_entry), 151 - TP_ARGS(inode, vmf, radix_entry), 152 - TP_STRUCT__entry( 153 - __field(unsigned long, ino) 154 - __field(unsigned long, vm_flags) 155 - __field(unsigned long, address) 156 - __field(void *, radix_entry) 157 - __field(dev_t, dev) 158 - __field(int, write) 159 - ), 160 - TP_fast_assign( 161 - __entry->dev = inode->i_sb->s_dev; 162 - __entry->ino = inode->i_ino; 163 - __entry->vm_flags = vmf->vma->vm_flags; 164 - __entry->address = vmf->address; 165 - __entry->write = vmf->flags & FAULT_FLAG_WRITE; 166 - __entry->radix_entry = radix_entry; 167 - ), 168 - TP_printk("dev %d:%d ino %#lx %s %s address %#lx radix_entry %#lx", 169 - MAJOR(__entry->dev), 170 - MINOR(__entry->dev), 171 - __entry->ino, 172 - __entry->vm_flags & VM_SHARED ? "shared" : "private", 173 - __entry->write ? "write" : "read", 174 - __entry->address, 175 - (unsigned long)__entry->radix_entry 176 - ) 177 - ) 178 196 179 197 DECLARE_EVENT_CLASS(dax_writeback_range_class, 180 198 TP_PROTO(struct inode *inode, pgoff_t start_index, pgoff_t end_index),
-8
include/trace/events/irq_matrix.h
··· 138 138 TP_ARGS(bit, matrix) 139 139 ); 140 140 141 - DEFINE_EVENT(irq_matrix_cpu, irq_matrix_alloc_reserved, 142 - 143 - TP_PROTO(int bit, unsigned int cpu, 144 - struct irq_matrix *matrix, struct cpumap *cmap), 145 - 146 - TP_ARGS(bit, cpu, matrix, cmap) 147 - ); 148 - 149 141 DEFINE_EVENT(irq_matrix_cpu, irq_matrix_reserve_managed, 150 142 151 143 TP_PROTO(int bit, unsigned int cpu,
-26
include/trace/events/xdp.h
··· 379 379 ) 380 380 ); 381 381 382 - TRACE_EVENT(mem_return_failed, 383 - 384 - TP_PROTO(const struct xdp_mem_info *mem, 385 - const struct page *page), 386 - 387 - TP_ARGS(mem, page), 388 - 389 - TP_STRUCT__entry( 390 - __field(const struct page *, page) 391 - __field(u32, mem_id) 392 - __field(u32, mem_type) 393 - ), 394 - 395 - TP_fast_assign( 396 - __entry->page = page; 397 - __entry->mem_id = mem->id; 398 - __entry->mem_type = mem->type; 399 - ), 400 - 401 - TP_printk("mem_id=%d mem_type=%s page=%p", 402 - __entry->mem_id, 403 - __print_symbolic(__entry->mem_type, __MEM_TYPE_SYM_TAB), 404 - __entry->page 405 - ) 406 - ); 407 - 408 382 TRACE_EVENT(bpf_xdp_link_attach_failed, 409 383 410 384 TP_PROTO(const char *msg),
+10 -3
kernel/trace/ftrace.c
··· 7438 7438 7439 7439 mutex_lock(&ftrace_lock); 7440 7440 7441 - if (ftrace_disabled) 7442 - goto out_unlock; 7443 - 7441 + /* 7442 + * To avoid the UAF problem after the module is unloaded, the 7443 + * 'mod_map' resource needs to be released unconditionally. 7444 + */ 7444 7445 list_for_each_entry_safe(mod_map, n, &ftrace_mod_maps, list) { 7445 7446 if (mod_map->mod == mod) { 7446 7447 list_del_rcu(&mod_map->list); ··· 7449 7448 break; 7450 7449 } 7451 7450 } 7451 + 7452 + if (ftrace_disabled) 7453 + goto out_unlock; 7452 7454 7453 7455 /* 7454 7456 * Each module has its own ftrace_pages, remove ··· 7630 7626 unsigned long start, unsigned long end) 7631 7627 { 7632 7628 struct ftrace_mod_map *mod_map; 7629 + 7630 + if (ftrace_disabled) 7631 + return NULL; 7633 7632 7634 7633 mod_map = kmalloc(sizeof(*mod_map), GFP_KERNEL); 7635 7634 if (!mod_map)