Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp2017523imm;
        Sat, 13 Oct 2018 08:24:59 -0700 (PDT)
X-Google-Smtp-Source: ACcGV630Hi7wXE3ZcWNh/2jr9dRNfbYi0S7f7Qvl+KDFghmlyCBCN0pidL7L19LYbU7WHSyV3DZb
X-Received: by 2002:a17:902:109:: with SMTP id 9-v6mr10149163plb.320.1539444299827;
        Sat, 13 Oct 2018 08:24:59 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1539444299; cv=none;
        d=google.com; s=arc-20160816;
        b=cXKtSOYSBQ00nAFge4B7+5FQeMsrLp+OX9VKMjqjfy4NEV4Z20b9kaOvL+RnQn8cfZ
         10p8SG5Besrr2AK+kRELfjPnLowZx8isjzYuKwQI/E1xEPXpe0MmMpR9KxKECcNgn1nZ
         E0e6PYv9HkK5l+zHkVNvEwfLNZn7rmNWKyeS1wJ8+XJ21YRu+NzGyA+aw4aZlzQdU4V8
         P2NP6grbV1t/O0S4kvWmpEFK/eiG1DoUrnPq/ySjTmFoJ9c7AxhOs0XfwheoiNruWaC7
         +ZYiAfw8bSztHJdFPnT545lf9HsLFajnJ4GBywOzrQ0/qPNIsZRNEuBJ2P9eAQOYB6lX
         l/+Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature;
        bh=u/6TefTqpD1VbUoKwaPouPRI/HyAJKEvWaVUM3ZTrdg=;
        b=Zhffj1yjN1PuLHg1xgS3VHG2awaeK40lJPse5sn1dbKLci78qSajib3VrQpM00X7Oa
         sGht4TxLKhlAlX9H56K2SDcxTCVv9bPbbYRg/DOOZp6b0En925kXGYeI0ZZy49dyFO8C
         plU1ypGOC8jN1PU8BHTRRXngsspJ5LMn7DgBWNCRuY3vqfbMIsPKBwYhgE0fI1hr+QhV
         13HHLGWINa/HZ8FsPmCeI8vmt9V026B3b9tj4KlSe+7IFp737NL4LzpKVuEbXc0qtMrQ
         ghfnAB+kun5uSdR3ZvTtga6T5Pam3lhEpqDmu/cY51R4sPHlTR36uTkqcQgQtupqH8Ai
         eouw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linaro.org header.s=google header.b="TLt/FCEh";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 92-v6si5026551plw.81.2018.10.13.08.24.43;
        Sat, 13 Oct 2018 08:24:59 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linaro.org header.s=google header.b="TLt/FCEh";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726665AbeJMXBz (ORCPT <rfc822;chaneybenjamini@gmail.com>
        + 99 others); Sat, 13 Oct 2018 19:01:55 -0400
Received: from mail-it1-f194.google.com ([209.85.166.194]:54357 "EHLO
        mail-it1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726320AbeJMXBy (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 13 Oct 2018 19:01:54 -0400
Received: by mail-it1-f194.google.com with SMTP id l191-v6so22965253ita.4
        for <linux-kernel@vger.kernel.org>; Sat, 13 Oct 2018 08:24:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linaro.org; s=google;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=u/6TefTqpD1VbUoKwaPouPRI/HyAJKEvWaVUM3ZTrdg=;
        b=TLt/FCEhb8Crfu8HNw3Y28UHmsQDw5F4Vbpol/kJrozhjR2PtYBf6AXjc+MG0DU/dZ
         /9IbLg4Ib3hjxRFLmqll0Y33FhOjQC1fJnha4glzMVMUCPg3tAjxRSLBKavzTmfy07Kf
         XrBdj/5JcKtR+v16NkqI2UlCvs+20rjZMUFfI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=u/6TefTqpD1VbUoKwaPouPRI/HyAJKEvWaVUM3ZTrdg=;
        b=FdhhSEzzMWFJGkONKH8YRkKmKmOOLJ+SRbgZU0TDlwvdgQaoUkt85C8P3yBv0IM9Z5
         GTmpA1KotqeMPlD9VVYK9m0fx7MnbMx/ba1xtnGFzpKUur66mrLzLq+TYPB26SZPnXxD
         4GVmxIKwVBWwP69Th3xfvr1moMo2OxUpYZ0teK3Z+lSypHdW3ptPFJiV2XK2Wc/2yQU5
         2cKi/cTPKJUHiYrzvPLiBQG7V5B9tCkF8vq9+KeidjTnKKUuN4tgfBJ5EaidBoOBwLBA
         WzhGVTz8MWM4JN3T7ewHvjStZHYQzJehrfj0h/Gfsv6+CPlvsU8mHmiTGQj1CGUexMpH
         094g==
X-Gm-Message-State: ABuFfoh+T2q+jacFF6axvKYGdBO8DGo02NqJxn1JyMKnlCJxxXTWKphv
        l4j+yCZa5FWLBnmPj7UcunIBrxuxpw1CNn9ETr2a1g==
X-Received: by 2002:a05:660c:383:: with SMTP id x3mr7092772itj.121.1539444259788;
 Sat, 13 Oct 2018 08:24:19 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a6b:5910:0:0:0:0:0 with HTTP; Sat, 13 Oct 2018 08:24:19
 -0700 (PDT)
In-Reply-To: <CAKv+Gu_2xWvpNPucLSZwSXMj3YsxDUavsQvR9bKxRNqKaRRX9g@mail.gmail.com>
References: <20181012200523.23731-1-mathieu.desnoyers@efficios.com> <CAKv+Gu_2xWvpNPucLSZwSXMj3YsxDUavsQvR9bKxRNqKaRRX9g@mail.gmail.com>
From:   Ard Biesheuvel <ard.biesheuvel@linaro.org>
Date:   Sat, 13 Oct 2018 17:24:19 +0200
Message-ID: <CAKv+Gu8gLivx7dDkKeUS4BHi3s8jEoX0=Q+WUeDXPmi7WT6BGA@mail.gmail.com>
Subject: Re: [PATCH for 4.19] tracepoint: Fix: out-of-bound tracepoint array iteration
To:     Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc:     Steven Rostedt <rostedt@goodmis.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Michael Ellerman <mpe@ellerman.id.au>,
        Ingo Molnar <mingo@kernel.org>, Arnd Bergmann <arnd@arndb.de>,
        Benjamin Herrenschmidt <benh@kernel.crashing.org>,
        Bjorn Helgaas <bhelgaas@google.com>,
        Catalin Marinas <catalin.marinas@arm.com>,
        James Morris <james.morris@microsoft.com>,
        James Morris <jmorris@namei.org>, Jessica Yu <jeyu@kernel.org>,
        Josh Poimboeuf <jpoimboe@redhat.com>,
        Kees Cook <keescook@chromium.org>,
        Nicolas Pitre <nico@linaro.org>,
        Paul Mackerras <paulus@samba.org>,
        Petr Mladek <pmladek@suse.com>,
        Russell King <linux@armlinux.org.uk>,
        "Serge E. Hallyn" <serge@hallyn.com>,
        Sergey Senozhatsky <sergey.senozhatsky@gmail.com>,
        Thomas Garnier <thgarnie@google.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Will Deacon <will.deacon@arm.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 12 October 2018 at 23:07, Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
> Hi Mathieu,
>
> On 12 October 2018 at 22:05, Mathieu Desnoyers
> <mathieu.desnoyers@efficios.com> wrote:
>> commit 46e0c9be206f ("kernel: tracepoints: add support for relative
>> references") changes the layout of the __tracepoint_ptrs section on
>> architectures supporting relative references. However, it does so
>> without turning struct tracepoint * const into const int * elsewhere in
>> the tracepoint code, which has the following side-effect:
>>
>> tracepoint_module_{coming,going} invoke
>> tp_module_going_check_quiescent() with mod->tracepoints_ptrs
>> as first argument, and computes the end address of the array
>> for the second argument with:
>>
>>   mod->tracepoints_ptrs + mod->num_tracepoints
>>
>> However, because the type of mod->tracepoint_ptrs in module.h
>> has not been changed from pointer to int, it passes an end
>> pointer which is twice larger than the array, causing out-of-bound
>> array accesses.
>>
>> Fix this by introducing a new typedef: tracepoint_ptr_t, which
>> is either "const int" on architectures that have PREL32 relocations,
>> or "struct tracepoint * const" on architectures that does not have
>> this feature.
>>
>> Also provide a new tracepoint_ptr_defer() static inline to
>> encapsulate deferencing this type rather than duplicate code and
>> ugly idefs within the for_each_tracepoint_range() implementation.
>>
>
> Apologies for the breakage. FWIW, this looks like the correct approach
> to me (and mirrors what I did for initcalls in the same series)
>
>> This issue appears in 4.19-rc kernels, and should ideally be fixed
>> before the end of the rc cycle.
>>
>
> +1
>
>> Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
>> Link: http://lkml.kernel.org/r/20180704083651.24360-7-ard.biesheuvel@linaro.org
>> Cc: Michael Ellerman <mpe@ellerman.id.au>
>> Cc: Ingo Molnar <mingo@kernel.org>
>> Cc: Steven Rostedt (VMware) <rostedt@goodmis.org>
>> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>> Cc: Arnd Bergmann <arnd@arndb.de>
>> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
>> Cc: Bjorn Helgaas <bhelgaas@google.com>
>> Cc: Catalin Marinas <catalin.marinas@arm.com>
>> Cc: James Morris <james.morris@microsoft.com>
>> Cc: James Morris <jmorris@namei.org>
>> Cc: Jessica Yu <jeyu@kernel.org>
>> Cc: Josh Poimboeuf <jpoimboe@redhat.com>
>> Cc: Kees Cook <keescook@chromium.org>
>> Cc: Nicolas Pitre <nico@linaro.org>
>> Cc: Paul Mackerras <paulus@samba.org>
>> Cc: Petr Mladek <pmladek@suse.com>
>> Cc: Russell King <linux@armlinux.org.uk>
>> Cc: "Serge E. Hallyn" <serge@hallyn.com>
>> Cc: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
>> Cc: Thomas Garnier <thgarnie@google.com>
>> Cc: Thomas Gleixner <tglx@linutronix.de>
>> Cc: Will Deacon <will.deacon@arm.com>
>> Cc: Andrew Morton <akpm@linux-foundation.org>
>> Cc: Linus Torvalds <torvalds@linux-foundation.org>
>> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
>
> Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>

This fixes the build breakage for me that kbuild test robot reports.

diff --git a/include/linux/module.h b/include/linux/module.h
index cdab2451d6be..e19ae08c7fb8 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -20,6 +20,7 @@
 #include <linux/export.h>
 #include <linux/rbtree_latch.h>
 #include <linux/error-injection.h>
+#include <linux/tracepoint-defs.h>

 #include <linux/percpu.h>
 #include <asm/module.h>





>> ---
>>  include/linux/module.h          |  2 +-
>>  include/linux/tracepoint-defs.h |  6 ++++++
>>  include/linux/tracepoint.h      | 36 +++++++++++++++++++++------------
>>  kernel/tracepoint.c             | 24 ++++++++--------------
>>  4 files changed, 38 insertions(+), 30 deletions(-)
>>
>> diff --git a/include/linux/module.h b/include/linux/module.h
>> index f807f15bebbe..cdab2451d6be 100644
>> --- a/include/linux/module.h
>> +++ b/include/linux/module.h
>> @@ -430,7 +430,7 @@ struct module {
>>
>>  #ifdef CONFIG_TRACEPOINTS
>>         unsigned int num_tracepoints;
>> -       struct tracepoint * const *tracepoints_ptrs;
>> +       tracepoint_ptr_t *tracepoints_ptrs;
>>  #endif
>>  #ifdef HAVE_JUMP_LABEL
>>         struct jump_entry *jump_entries;
>> diff --git a/include/linux/tracepoint-defs.h b/include/linux/tracepoint-defs.h
>> index 22c5a46e9693..49ba9cde7e4b 100644
>> --- a/include/linux/tracepoint-defs.h
>> +++ b/include/linux/tracepoint-defs.h
>> @@ -35,6 +35,12 @@ struct tracepoint {
>>         struct tracepoint_func __rcu *funcs;
>>  };
>>
>> +#ifdef CONFIG_HAVE_ARCH_PREL32_RELOCATIONS
>> +typedef const int tracepoint_ptr_t;
>> +#else
>> +typedef struct tracepoint * const tracepoint_ptr_t;
>> +#endif
>> +
>>  struct bpf_raw_event_map {
>>         struct tracepoint       *tp;
>>         void                    *bpf_func;
>> diff --git a/include/linux/tracepoint.h b/include/linux/tracepoint.h
>> index 041f7e56a289..538ba1a58f5b 100644
>> --- a/include/linux/tracepoint.h
>> +++ b/include/linux/tracepoint.h
>> @@ -99,6 +99,29 @@ extern void syscall_unregfunc(void);
>>  #define TRACE_DEFINE_ENUM(x)
>>  #define TRACE_DEFINE_SIZEOF(x)
>>
>> +#ifdef CONFIG_HAVE_ARCH_PREL32_RELOCATIONS
>> +static inline struct tracepoint *tracepoint_ptr_deref(tracepoint_ptr_t *p)
>> +{
>> +       return offset_to_ptr(p);
>> +}
>> +
>> +#define __TRACEPOINT_ENTRY(name)                                       \
>> +       asm("   .section \"__tracepoints_ptrs\", \"a\"          \n"     \
>> +           "   .balign 4                                       \n"     \
>> +           "   .long   __tracepoint_" #name " - .              \n"     \
>> +           "   .previous                                       \n")
>> +#else
>> +static inline struct tracepoint *tracepoint_ptr_deref(tracepoint_ptr_t *p)
>> +{
>> +       return *p;
>> +}
>> +
>> +#define __TRACEPOINT_ENTRY(name)                                        \
>> +       static tracepoint_ptr_t __tracepoint_ptr_##name __used           \
>> +       __attribute__((section("__tracepoints_ptrs"))) =                 \
>> +               &__tracepoint_##name
>> +#endif
>> +
>>  #endif /* _LINUX_TRACEPOINT_H */
>>
>>  /*
>> @@ -253,19 +276,6 @@ extern void syscall_unregfunc(void);
>>                 return static_key_false(&__tracepoint_##name.key);      \
>>         }
>>
>> -#ifdef CONFIG_HAVE_ARCH_PREL32_RELOCATIONS
>> -#define __TRACEPOINT_ENTRY(name)                                       \
>> -       asm("   .section \"__tracepoints_ptrs\", \"a\"          \n"     \
>> -           "   .balign 4                                       \n"     \
>> -           "   .long   __tracepoint_" #name " - .              \n"     \
>> -           "   .previous                                       \n")
>> -#else
>> -#define __TRACEPOINT_ENTRY(name)                                        \
>> -       static struct tracepoint * const __tracepoint_ptr_##name __used  \
>> -       __attribute__((section("__tracepoints_ptrs"))) =                 \
>> -               &__tracepoint_##name
>> -#endif
>> -
>>  /*
>>   * We have no guarantee that gcc and the linker won't up-align the tracepoint
>>   * structures, so we create an array of pointers that will be used for iteration
>> diff --git a/kernel/tracepoint.c b/kernel/tracepoint.c
>> index bf2c06ef9afc..a3be42304485 100644
>> --- a/kernel/tracepoint.c
>> +++ b/kernel/tracepoint.c
>> @@ -28,8 +28,8 @@
>>  #include <linux/sched/task.h>
>>  #include <linux/static_key.h>
>>
>> -extern struct tracepoint * const __start___tracepoints_ptrs[];
>> -extern struct tracepoint * const __stop___tracepoints_ptrs[];
>> +extern tracepoint_ptr_t __start___tracepoints_ptrs[];
>> +extern tracepoint_ptr_t __stop___tracepoints_ptrs[];
>>
>>  DEFINE_SRCU(tracepoint_srcu);
>>  EXPORT_SYMBOL_GPL(tracepoint_srcu);
>> @@ -371,25 +371,17 @@ int tracepoint_probe_unregister(struct tracepoint *tp, void *probe, void *data)
>>  }
>>  EXPORT_SYMBOL_GPL(tracepoint_probe_unregister);
>>
>> -static void for_each_tracepoint_range(struct tracepoint * const *begin,
>> -               struct tracepoint * const *end,
>> +static void for_each_tracepoint_range(
>> +               tracepoint_ptr_t *begin, tracepoint_ptr_t *end,
>>                 void (*fct)(struct tracepoint *tp, void *priv),
>>                 void *priv)
>>  {
>> +       tracepoint_ptr_t *iter;
>> +
>>         if (!begin)
>>                 return;
>> -
>> -       if (IS_ENABLED(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS)) {
>> -               const int *iter;
>> -
>> -               for (iter = (const int *)begin; iter < (const int *)end; iter++)
>> -                       fct(offset_to_ptr(iter), priv);
>> -       } else {
>> -               struct tracepoint * const *iter;
>> -
>> -               for (iter = begin; iter < end; iter++)
>> -                       fct(*iter, priv);
>> -       }
>> +       for (iter = begin; iter < end; iter++)
>> +               fct(tracepoint_ptr_deref(iter), priv);
>>  }
>>
>>  #ifdef CONFIG_MODULES
>> --
>> 2.17.1
>>