2014-06-06 17:21:08

by Steven Rostedt

[permalink] [raw]
Subject: [for-next][PATCH 4/6] tracing: Return error if ftrace_trace_arrays list is empty

From: Yoshihiro YUNOMAE <[email protected]>

ftrace_trace_arrays links global_trace.list. However, global_trace
is not added to ftrace_trace_arrays if trace_alloc_buffers() failed.
As the result, ftrace_trace_arrays becomes an empty list. If
ftrace_trace_arrays is an empty list, current top_trace_array() returns
an invalid pointer. As the result, the kernel can induce memory corruption
or panic.

Current implementation does not check whether ftrace_trace_arrays is empty
list or not. So, in this patch, if ftrace_trace_arrays is empty list,
top_trace_array() returns NULL. Moreover, this patch makes all functions
calling top_trace_array() handle it appropriately.

Link: http://lkml.kernel.org/p/20140605223517.32311.99233.stgit@yunodevel

Signed-off-by: Yoshihiro YUNOMAE <[email protected]>
Signed-off-by: Steven Rostedt <[email protected]>
---
kernel/trace/trace.h | 3 +++
kernel/trace/trace_events.c | 13 +++++++++++++
2 files changed, 16 insertions(+)

diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h
index 217207ad60b3..9e82551dd566 100644
--- a/kernel/trace/trace.h
+++ b/kernel/trace/trace.h
@@ -252,6 +252,9 @@ static inline struct trace_array *top_trace_array(void)
{
struct trace_array *tr;

+ if (list_empty(ftrace_trace_arrays.prev))
+ return NULL;
+
tr = list_entry(ftrace_trace_arrays.prev,
typeof(*tr), list);
WARN_ON(!(tr->flags & TRACE_ARRAY_FL_GLOBAL));
diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c
index 3ddfd8f62c05..f99e0b3bca8c 100644
--- a/kernel/trace/trace_events.c
+++ b/kernel/trace/trace_events.c
@@ -574,6 +574,9 @@ int trace_set_clr_event(const char *system, const char *event, int set)
{
struct trace_array *tr = top_trace_array();

+ if (!tr)
+ return -ENODEV;
+
return __ftrace_set_clr_event(tr, NULL, system, event, set);
}
EXPORT_SYMBOL_GPL(trace_set_clr_event);
@@ -2065,6 +2068,9 @@ event_enable_func(struct ftrace_hash *hash,
bool enable;
int ret;

+ if (!tr)
+ return -ENODEV;
+
/* hash funcs only work with set_ftrace_filter */
if (!enabled || !param)
return -EINVAL;
@@ -2396,6 +2402,9 @@ static __init int event_trace_enable(void)
char *token;
int ret;

+ if (!tr)
+ return -ENODEV;
+
for_each_event(iter, __start_ftrace_events, __stop_ftrace_events) {

call = *iter;
@@ -2442,6 +2451,8 @@ static __init int event_trace_init(void)
int ret;

tr = top_trace_array();
+ if (!tr)
+ return -ENODEV;

d_tracer = tracing_init_dentry();
if (!d_tracer)
@@ -2535,6 +2546,8 @@ static __init void event_trace_self_tests(void)
int ret;

tr = top_trace_array();
+ if (!tr)
+ return;

pr_info("Running tests on trace events:\n");

--
2.0.0.rc2


2014-06-10 05:20:43

by Namhyung Kim

[permalink] [raw]
Subject: Re: [for-next][PATCH 4/6] tracing: Return error if ftrace_trace_arrays list is empty

On Fri, 06 Jun 2014 12:30:38 -0400, Steven Rostedt wrote:
> From: Yoshihiro YUNOMAE <[email protected]>
>
> ftrace_trace_arrays links global_trace.list. However, global_trace
> is not added to ftrace_trace_arrays if trace_alloc_buffers() failed.
> As the result, ftrace_trace_arrays becomes an empty list. If
> ftrace_trace_arrays is an empty list, current top_trace_array() returns
> an invalid pointer. As the result, the kernel can induce memory corruption
> or panic.
>
> Current implementation does not check whether ftrace_trace_arrays is empty
> list or not. So, in this patch, if ftrace_trace_arrays is empty list,
> top_trace_array() returns NULL. Moreover, this patch makes all functions
> calling top_trace_array() handle it appropriately.

[SNIP]
> @@ -252,6 +252,9 @@ static inline struct trace_array *top_trace_array(void)
> {
> struct trace_array *tr;
>
> + if (list_empty(ftrace_trace_arrays.prev))
> + return NULL;

It looks weird to me.. why not checking "list_empty(&ftrace_trace_arrays)"?

Thanks,
Namhyung

> +
> tr = list_entry(ftrace_trace_arrays.prev,
> typeof(*tr), list);
> WARN_ON(!(tr->flags & TRACE_ARRAY_FL_GLOBAL));

2014-06-10 13:42:57

by Steven Rostedt

[permalink] [raw]
Subject: Re: [for-next][PATCH 4/6] tracing: Return error if ftrace_trace_arrays list is empty

On Tue, 10 Jun 2014 14:20:39 +0900
Namhyung Kim <[email protected]> wrote:

> On Fri, 06 Jun 2014 12:30:38 -0400, Steven Rostedt wrote:
> > From: Yoshihiro YUNOMAE <[email protected]>
> >
> > ftrace_trace_arrays links global_trace.list. However, global_trace
> > is not added to ftrace_trace_arrays if trace_alloc_buffers() failed.
> > As the result, ftrace_trace_arrays becomes an empty list. If
> > ftrace_trace_arrays is an empty list, current top_trace_array() returns
> > an invalid pointer. As the result, the kernel can induce memory corruption
> > or panic.
> >
> > Current implementation does not check whether ftrace_trace_arrays is empty
> > list or not. So, in this patch, if ftrace_trace_arrays is empty list,
> > top_trace_array() returns NULL. Moreover, this patch makes all functions
> > calling top_trace_array() handle it appropriately.
>
> [SNIP]
> > @@ -252,6 +252,9 @@ static inline struct trace_array *top_trace_array(void)
> > {
> > struct trace_array *tr;
> >
> > + if (list_empty(ftrace_trace_arrays.prev))
> > + return NULL;
>
> It looks weird to me.. why not checking "list_empty(&ftrace_trace_arrays)"?
>

Bah, I don't know how I missed that. Thanks.

-- Steve

> Thanks,
> Namhyung
>
> > +
> > tr = list_entry(ftrace_trace_arrays.prev,
> > typeof(*tr), list);
> > WARN_ON(!(tr->flags & TRACE_ARRAY_FL_GLOBAL));