Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp2237362pxb; Sat, 27 Feb 2021 16:10:44 -0800 (PST) X-Google-Smtp-Source: ABdhPJwPlF8lDgmzm8kj+9shJmeNRxKRTHwH4SXfqGaNEGGuMEikcnnnoXBNua9gl5e3Eii+fHg1 X-Received: by 2002:a17:906:2ed7:: with SMTP id s23mr3163271eji.363.1614471043910; Sat, 27 Feb 2021 16:10:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614471043; cv=none; d=google.com; s=arc-20160816; b=rBwGYCs2qXD88vdVyNFL/Osb8MIdckdfz9770Zp8yfOrrwd/NCeHes3nxt7o+KCJgi 7T7Kg7mQxsOIGBbrEJkpW/sUNYzqu7r0COsQFsnp4nENC63RLlQZQphSeHzAcgEx1ZLe ZmJ36xNQ1gNfPsHNvBRKMfiL5gm5ucVZ506hOsaDsmhUFKbHLbctLyI4/l+pekwN/1dl SslGOyIGLCrrrV23Kvs7/NDkV41Hg7w867D0UBpRSejRPM7bjU/F4ooce9eQ0tP370z6 Gv1tC05YpvHdD4ioA+N8VN3CoIcieRrSJNw13DZLPkABkFwmHzksahlNAS8msQHZ3ODb 1g8w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date; bh=Zwj2czE3DH0owrYq6E9v03j3eVkF6fVa1dMIXuQqpnI=; b=CQS+HJSb0cT/Bx2B53M4PAZ9QmCQskYMWPLIR4B4OCD/DAccsHMTza/x8LBDt1b1gf fib9E6RHg0+tFpOEAQbR/UiZSn0OiwiLhS/KfSb7ln9mcieMlddZu0R3HBus1RRkrQcf FNwHqraMqlQM6cs1ZoYvaAJlQIOLk226+1yD6fcXW05sBJsXICKg8jfzradTSr0hjFVt QgT2Gs3WZcFTogLyfL27EKpmBAnA/fWDliykjx5PHsOeuKgq5UFLvKscfXW6s+O2AnW9 YKYPgEoVI4kgCcAeQmkUuKnHbutZNqT/0OfeBP41xQw5icUO+ShydjuONjhrfwcGwCT6 G0Ww== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y15si8563957edc.57.2021.02.27.16.10.08; Sat, 27 Feb 2021 16:10:43 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230079AbhB1AJP (ORCPT + 99 others); Sat, 27 Feb 2021 19:09:15 -0500 Received: from mail.kernel.org ([198.145.29.99]:41620 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230008AbhB1AJO (ORCPT ); Sat, 27 Feb 2021 19:09:14 -0500 Received: from oasis.local.home (cpe-66-24-58-225.stny.res.rr.com [66.24.58.225]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 2A1E364DBA; Sun, 28 Feb 2021 00:08:33 +0000 (UTC) Date: Sat, 27 Feb 2021 19:08:31 -0500 From: Steven Rostedt To: Linus Torvalds Cc: Linux Kernel Mailing List , Ingo Molnar , Andrew Morton , Masami Hiramatsu , Jacob Wen , Pawel Laszczak , Felipe Balbi , Greg KH Subject: Re: [PATCH 0/2] tracing: Detect unsafe dereferencing of pointers from trace events Message-ID: <20210227190831.56956c80@oasis.local.home> In-Reply-To: <20210227141802.5c9aca91@oasis.local.home> References: <20210226185909.100032746@goodmis.org> <20210227141802.5c9aca91@oasis.local.home> X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.33; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org [ Resending with an address that should work for Felipe ] On Sat, 27 Feb 2021 14:18:02 -0500 Steven Rostedt wrote: > On Fri, 26 Feb 2021 14:21:00 -0800 > Linus Torvalds wrote: > > > On Fri, Feb 26, 2021 at 11:07 AM Steven Rostedt wrote: > > > > > > The first patch scans the print fmts of the trace events looking for > > > dereferencing pointers from %p*, and making sure that they refer back > > > to the trace event itself. > > > > > > The second patch handles strings "%s" [..] > > > > Doing this at runtime really feels like the wrong thing to do. > > > > It won't even protect us from what happened - people like me and > > Andrew won't even run those tracepoints in the first place, so we > > won't notice. > > > > It really would be much better in every respect to have this done by > > checkpatch, I think. > > And after fixing the parsing to not trigger false positives, an > allyesconfig boot found this: > > event cdns3_gadget_giveback has unsafe dereference of argument 11 > print_fmt: "%s: req: %p, req buff %p, length: %u/%u %s%s%s, status: %d, trb: [start:%d, end:%d: virt addr %pa], flags:%x SID: %u", __get_str(name), REC->req, REC->buf, > REC->actual, REC->length, REC->zero ? "Z" : "z", REC->short_not_ok ? "S" : "s", REC->no_interrupt ? "I" : "i", REC->status, REC->start_trb, REC->end_trb, REC->start_trb_addr, REC->flags, RE > C->stream_id > > (as the above is from a trace event class, it triggered for every event > in that class). > > As it looks like it uses %pa which IIUC from the printk code, it > dereferences the pointer to find it's virtual address. The event has > this as the field: > > __field(struct cdns3_trb *, start_trb_addr) > > Assigns it with: > > __entry->start_trb_addr = req->trb; > > And prints that with %pa, which will dereference pointer at the time of > reading, where the address in question may no longer be around. That > looks to me as a potential bug. > > [ Cc'd the people responsible for that code. ] > > -- Steve