Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1459016pxb; Fri, 26 Feb 2021 11:10:42 -0800 (PST) X-Google-Smtp-Source: ABdhPJwdcbLNGsa8bOB0f4WNWVd3mVFPIu95P7gweMJXu0ff9H2iPPcwj4wHPmroerWm3BDZSKu/ X-Received: by 2002:a05:6402:b70:: with SMTP id cb16mr3792455edb.11.1614366641949; Fri, 26 Feb 2021 11:10:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614366641; cv=none; d=google.com; s=arc-20160816; b=XhgMKlHxXiYSrzYEEwjXgsUsMeFHZkqYFPWADCAp2qccPIEOtE3RETfM1yIw3fDjjs BIexjUf5/3H78fHuLEwOvx70KOJPC/Zoqz2BfDrMb5v6F2Ml8H16+2uj6/9gTMjQcT+g yNeGsgHBMv4PfEAxqn9bZZdYfRBzCi4CkhCKI9D4GjtXDsKWTIp9wF5smTv3lcVeaHtJ BipzQBXXSU5Q3vHs6r1i0WtFp7U1xJ5CcRgA5iDgkbxLGGRFrROAYHzvsL0WbvkolRgS E1GwNeNBlAuLulGEepszvSMoFr4BYvrvm/0gO6lfaiMWvmtmZFo7GUZWKXEU2kKgP9lS Pb5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:subject:cc:to:from:date:user-agent:message-id; bh=9RvRegH0wbVn2CBG4nsbsTQMeTnnTnutHNR1SwgYOKU=; b=IfNUb8imk2YRt30jLlX1TcNIM/wNVuoCqr5ECw1vduqcQK0BC05EXJD/ChsJzBW0Lw SEWV3ORbujuP26SE87BfYHFNa0nIduL1aLDsLSSKLryUhPHDrTtmsuNknp4n052owOKO Vu117I9M9z0mMMYYkm9Eeb5KxoD1J5Nbm9jr/w4A6ANsO1vlrAFlVAuXdO1WMuo311H1 1KbL/Aje8MSuRC2OdKwnVLt2PmKHliwBwL5vAqj039dgun9r0PRmoRTA/fll6OcY4Ty5 /9PAoPt1IY+lUrke7meAFMprFOZ7zOhm/ysayBEeWhKz57dipesleiYvfdp/0Xr7W5SW tCRA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v13si6232426edl.450.2021.02.26.11.10.18; Fri, 26 Feb 2021 11:10:41 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230179AbhBZTHt (ORCPT + 99 others); Fri, 26 Feb 2021 14:07:49 -0500 Received: from mail.kernel.org ([198.145.29.99]:39004 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230131AbhBZTHr (ORCPT ); Fri, 26 Feb 2021 14:07:47 -0500 Received: from gandalf.local.home (cpe-66-24-58-225.stny.res.rr.com [66.24.58.225]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 23E5D64F2B; Fri, 26 Feb 2021 19:07:07 +0000 (UTC) Received: from rostedt by gandalf.local.home with local (Exim 4.94) (envelope-from ) id 1lFiS9-0017WS-Ls; Fri, 26 Feb 2021 14:07:05 -0500 Message-ID: <20210226185909.100032746@goodmis.org> User-Agent: quilt/0.66 Date: Fri, 26 Feb 2021 13:59:09 -0500 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Ingo Molnar , Andrew Morton , Masami Hiramatsu , Linus Torvalds , Jacob Wen Subject: [PATCH 0/2] tracing: Detect unsafe dereferencing of pointers from trace events Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org After seeing that an unsafe string dereference in a trace event made it into the kernel, I decided it's time to add some sanity checks to catch these cases without needing me to supervise. The first patch scans the print fmts of the trace events looking for dereferencing pointers from %p*, and making sure that they refer back to the trace event itself. The second patch handles strings "%s", as there are cases that are fine with dereferencing the string outside the trace event. On reading of the trace file, the %s is looked for and when found, the logic checks the pointer that it is about to be dereferenced to see if it is a valid location. This check would have caught the last unsafe dereference committed into the kernel. Steven Rostedt (VMware) (2): tracing: Add check of trace event print fmts for dereferencing pointers tracing: Add a verifier to check string pointers for trace events ---- kernel/trace/trace.c | 148 +++++++++++++++++++++++++++++++++ kernel/trace/trace.h | 2 + kernel/trace/trace_events.c | 198 ++++++++++++++++++++++++++++++++++++++++++++ kernel/trace/trace_output.c | 2 +- 4 files changed, 349 insertions(+), 1 deletion(-)