tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'trace-v6.17-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace

Pull tracing fixes from Steven Rostedt:

- Fix buffer overflow in osnoise_cpu_write()

The allocated buffer to read user space did not add a nul terminating
byte after copying from user the string. It then reads the string,
and if user space did not add a nul byte, the read will continue
beyond the string.

Add a nul terminating byte after reading the string.

- Fix missing check for lockdown on tracing

There's a path from kprobe events or uprobe events that can update
the tracing system even if lockdown on tracing is activate. Add a
check in the dynamic event path.

- Add a recursion check for the function graph return path

Now that fprobes can hook to the function graph tracer and call
different code between the entry and the exit, the exit code may now
call functions that are not called in entry. This means that the exit
handler can possibly trigger recursion that is not caught and cause
the system to crash.

Add the same recursion checks in the function exit handler as exists
in the entry handler path.

* tag 'trace-v6.17-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
tracing: fgraph: Protect return handler from recursion loop
tracing: dynevent: Add a missing lockdown check on dynevent
tracing/osnoise: Fix slab-out-of-bounds in _parse_integer_limit()

Linus Torvalds 8f973663 a5b2a9f5

+14 -1
+12
kernel/trace/fgraph.c
··· 815 815 unsigned long bitmap; 816 816 unsigned long ret; 817 817 int offset; 818 + int bit; 818 819 int i; 819 820 820 821 ret_stack = ftrace_pop_return_trace(&trace, &ret, frame_pointer, &offset); ··· 829 828 830 829 if (fregs) 831 830 ftrace_regs_set_instruction_pointer(fregs, ret); 831 + 832 + bit = ftrace_test_recursion_trylock(trace.func, ret); 833 + /* 834 + * This can fail because ftrace_test_recursion_trylock() allows one nest 835 + * call. If we are already in a nested call, then we don't probe this and 836 + * just return the original return address. 837 + */ 838 + if (unlikely(bit < 0)) 839 + goto out; 832 840 833 841 #ifdef CONFIG_FUNCTION_GRAPH_RETVAL 834 842 trace.retval = ftrace_regs_get_return_value(fregs); ··· 862 852 } 863 853 } 864 854 855 + ftrace_test_recursion_unlock(bit); 856 + out: 865 857 /* 866 858 * The ftrace_graph_return() may still access the current 867 859 * ret_stack structure, we need to make sure the update of
+2 -1
kernel/trace/trace_osnoise.c
··· 2325 2325 if (count < 1) 2326 2326 return 0; 2327 2327 2328 - buf = kmalloc(count, GFP_KERNEL); 2328 + buf = kmalloc(count + 1, GFP_KERNEL); 2329 2329 if (!buf) 2330 2330 return -ENOMEM; 2331 2331 2332 2332 if (copy_from_user(buf, ubuf, count)) 2333 2333 return -EFAULT; 2334 + buf[count] = '\0'; 2334 2335 2335 2336 if (!zalloc_cpumask_var(&osnoise_cpumask_new, GFP_KERNEL)) 2336 2337 return -ENOMEM;