Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1172058imu; Wed, 16 Jan 2019 14:06:24 -0800 (PST) X-Google-Smtp-Source: ALg8bN7eXZDJZw/eDxPGYtOmJ+mVf2ny4gQBH93ojv14l5GOVm0wA6hMryDS4hbSBBO0oS6KfQb3 X-Received: by 2002:a62:5658:: with SMTP id k85mr12028288pfb.231.1547676384015; Wed, 16 Jan 2019 14:06:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547676384; cv=none; d=google.com; s=arc-20160816; b=z3hls61KACSLysljPyFyY/plC5vXMgOwncR5ZIqAXE/9LPQG3wZ1Muz0yJHplbLdS7 aAEIhguEPJgH+Kbf0B1rnxtiwxTpP0FkJHDYsLcR/Bq9+DuIcqF26so0FTuFNww947SJ 7WFuvEkpgwZyw2lp3fH8QbSRPeV4qkBwz4C2I4T5XRkm3xH3SgwdoUvvD1P+QGLjb6G4 QUWOHhxvaPCInp4y04aBSCW2YdFgs2DmLRDU5Ft/bWaJZ0qhLNckEwmRfQGGyceOD1wV 4/xRRQBR1ysUaAinlJWnIjOEARgCvLZ9sqR6t6pv1dqgWDIGlKIjwkQSj0pfLb/ZqZiR merg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date; bh=DPB12lqUMqVOdV1DHETgK6d4wugvJI0sZjhTIXpgD7s=; b=KrfPCnMW8nYFy33PfPdxCK7yuC7bMCIlRnYF6LjSl9FAW9MnuW5M++o31J9uMoBbpB Nz83uAHizQ5Z+Q0V9rbLMjpu8JMB7P8j9mj/XY6UN1m6OTKos1z4lRwmRy+UIrQ0E4Cm qVhtFLmLdDF5sBMz9nz9xdx+bxKfsMzzprVTj/iUDJPizrq+3Lb37IwwRc7NDF3eLOR0 Inhqo9IPe7qFpmC7lBZaC6MP+mLEpewbzh9mYErHya/6Nj/L4UJcL63HVOm6kVxPWU+9 T02e3IdWX9rKxVza6hQfix9lRsw0NrUfU+FTQkYz4+ZA9Zm6/iP/OESg/qgW59gO9Mdd Y4ww== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e188si7643572pfa.16.2019.01.16.14.06.08; Wed, 16 Jan 2019 14:06:24 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390624AbfAPNkX (ORCPT + 99 others); Wed, 16 Jan 2019 08:40:23 -0500 Received: from mail.kernel.org ([198.145.29.99]:44490 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730657AbfAPNkX (ORCPT ); Wed, 16 Jan 2019 08:40:23 -0500 Received: from gandalf.local.home (cpe-66-24-58-225.stny.res.rr.com [66.24.58.225]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id B83EA20675; Wed, 16 Jan 2019 13:40:22 +0000 (UTC) Date: Wed, 16 Jan 2019 08:40:21 -0500 From: Steven Rostedt To: Andreas Ziegler Cc: Ingo Molnar , Masami Hiramatsu , linux-kernel@vger.kernel.org Subject: Re: [PATCH] tracing/uprobes: Fix output for multiple string arguments Message-ID: <20190116084021.34b0beee@gandalf.local.home> In-Reply-To: <20190116094112.16043-1-andreas.ziegler@fau.de> References: <8b67136d-28d7-a734-6366-9511e30d66a7@fau.de> <20190116094112.16043-1-andreas.ziegler@fau.de> X-Mailer: Claws Mail 3.16.0 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 16 Jan 2019 10:41:12 +0100 Andreas Ziegler wrote: > When printing multiple uprobe arguments as strings the output for the > earlier arguments would also include all later string arguments. > > This is best explained in an example: > > Consider adding a uprobe to a function receiving two strings as > parameters which is at offset 0xa0 in strlib.so and we want to print > both parameters when the uprobe is hit (on x86_64): > > $ echo 'p:func /lib/strlib.so:0xa0 +0(%di):string +0(%si):string' > \ > /sys/kernel/debug/tracing/uprobe_events > > When the function is called as func("foo", "bar") and we hit the probe, > the trace file shows a line like the following: > > [...] func: (0x7f7e683706a0) arg1="foobar" arg2="bar" > > Note the extra "bar" printed as part of arg1. This behaviour stacks up > for additional string arguments. > > The strings are stored in a dynamically growing part of the uprobe > buffer by fetch_store_string() after copying them from userspace via > strncpy_from_user(). The return value of strncpy_from_user() is then > directly used as the required size for the string. However, this does > not take the terminating null byte into account as the documentation > for strncpy_from_user() cleary states that it "[...] returns the > length of the string (not including the trailing NUL)" even though the > null byte will be copied to the destination. > > Therefore, subsequent calls to fetch_store_string() will overwrite > the terminating null byte of the most recently fetched string with > the first character of the current string, leading to the > "accumulation" of strings in earlier arguments in the output. > > Fix this by incrementing the return value of strncpy_from_user() by > one if we did not hit the maximum buffer size. > > Signed-off-by: Andreas Ziegler > --- > kernel/trace/trace_uprobe.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/kernel/trace/trace_uprobe.c b/kernel/trace/trace_uprobe.c > index e335576b9411..dfb9bbc7fd82 100644 > --- a/kernel/trace/trace_uprobe.c > +++ b/kernel/trace/trace_uprobe.c > @@ -160,6 +160,13 @@ fetch_store_string(unsigned long addr, void *dest, void *base) > if (ret >= 0) { > if (ret == maxlen) > dst[ret - 1] = '\0'; > + else if (ret > 0) Do we need the ret > 0 check? What if the value is ""? Doesn't that cause the same issue? -- Steve > + /* > + * Include the terminating null byte. In this case it > + * was copied by strncpy_from_user but not accounted > + * for in ret. > + */ > + ret++; > *(u32 *)dest = make_data_loc(ret, (void *)dst - base); > } >