Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp960111pxb; Wed, 3 Mar 2021 22:35:18 -0800 (PST) X-Google-Smtp-Source: ABdhPJx4aSjj3Yw+Eh+Pd5qPL6zZM8jKxK6hEYk5g1SleqzUXLNzIa7Gj+AnOfbbJezwrKD/pL1O X-Received: by 2002:a17:906:d115:: with SMTP id b21mr2561278ejz.233.1614839718300; Wed, 03 Mar 2021 22:35:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614839718; cv=none; d=google.com; s=arc-20160816; b=MaS6nWOj7R66Wc9ThO+yWXCCJvyG6ZgqyV19CeGN4jzZHjRr58BZaoC9XlKT1H5T7K Jdi7ahjJLLIKaOtCUrtKNIE/f37ul5M0OdmU4WGsEL8QWo5mRxv/s3F6X0rWVivMKftB zoOHOC71rDpFDQirY/X5N3Be9N1JUld0DtKAlevJ9sF4P0CTs7Djt37eeCajpDIzFkTc oZYwhAH+7QX2mhxYq4nRc8/3V7N+sRLktPPqAB92j8BCG8AAvsHUyOGot5/aP5QQmsss oflt08Fs7bSmlu810MkYC5lE8KqF04SWnqbktJLjVpKR1061XM5klonI9Joe+qazyrNF 4QSw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date; bh=j2fDutSt8PndCNqu1cKdmQvqXedCgBl2y8GYl/yBPHw=; b=qV/nonYZXi5nQtHaU2tz7QCClzULh8yncOG83jivx36vb0Cx9BlQErrsNL36y956SM xACnzL3yAPSn5HP0s/an8Eldpr24pHOEBVAv4KwFqjFCpvl6WXmLuoYcN4ko21u+2lnK uZi+t9I8b3FJaj4o1W8w6fs6ftcSXaJqTrQ7DSGbAZstmzALpAYjoxTB5oQF3tTAgA7M 421KVLQ48nhM1Sc94oQejgaxIAVeUERNaCOvz8kO09CLI47Tr6U+Kr4BwFYkmWsCtE5p TH3ot3/ybpG+91a5TC66AHCwOwmwrj3rKxcbPq8rCuT8ZwkF4WzOz/0Vy1SsNlFtIqKR jjrA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id si28si12171756ejb.106.2021.03.03.22.34.56; Wed, 03 Mar 2021 22:35:18 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1835137AbhCBSWl (ORCPT + 99 others); Tue, 2 Mar 2021 13:22:41 -0500 Received: from mail.kernel.org ([198.145.29.99]:41060 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1447428AbhCBPdS (ORCPT ); Tue, 2 Mar 2021 10:33:18 -0500 Received: from gandalf.local.home (cpe-66-24-58-225.stny.res.rr.com [66.24.58.225]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id DDFE964F34; Tue, 2 Mar 2021 14:56:06 +0000 (UTC) Date: Tue, 2 Mar 2021 09:56:05 -0500 From: Steven Rostedt To: Peter Chen Cc: Pawel Laszczak , Linus Torvalds , Linux Kernel Mailing List , Ingo Molnar , Andrew Morton , Masami Hiramatsu , Jacob Wen , Felipe Balbi , Greg KH Subject: Re: [PATCH 0/2] tracing: Detect unsafe dereferencing of pointers from trace events Message-ID: <20210302095605.7b2881cd@gandalf.local.home> In-Reply-To: <20210302082355.GA8633@nchen> References: <20210226185909.100032746@goodmis.org> <20210227141802.5c9aca91@oasis.local.home> <20210227190831.56956c80@oasis.local.home> <20210302082355.GA8633@nchen> X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.33; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2 Mar 2021 16:23:55 +0800 Peter Chen wrote: s it looks like it uses %pa which IIUC from the printk code, it > > >> dereferences the pointer to find it's virtual address. The event has > > >> this as the field: > > >> > > >> __field(struct cdns3_trb *, start_trb_addr) > > >> > > >> Assigns it with: > > >> > > >> __entry->start_trb_addr = req->trb; > > >> > > >> And prints that with %pa, which will dereference pointer at the time of > > >> reading, where the address in question may no longer be around. That > > >> looks to me as a potential bug. > > Steven, thanks for reporting. Do you mind sending patch to fix it? > If you have no time to do it, I will do it later. > I would have already fixed it, but I wasn't exactly sure how this is used. In Documentation/core-api/printk-formats.rst we have: Physical address types phys_addr_t ---------------------------------- :: %pa[p] 0x01234567 or 0x0123456789abcdef For printing a phys_addr_t type (and its derivatives, such as resource_size_t) which can vary based on build options, regardless of the width of the CPU data path. So it only looks like it is used to for the size of the pointer. I guess something like this might work: diff --git a/drivers/usb/cdns3/cdns3-trace.h b/drivers/usb/cdns3/cdns3-trace.h index 8648c7a7a9dd..d3b8624fc427 100644 --- a/drivers/usb/cdns3/cdns3-trace.h +++ b/drivers/usb/cdns3/cdns3-trace.h @@ -214,7 +214,7 @@ DECLARE_EVENT_CLASS(cdns3_log_request, __field(int, no_interrupt) __field(int, start_trb) __field(int, end_trb) - __field(struct cdns3_trb *, start_trb_addr) + __field(phys_addr_t, start_trb_addr) __field(int, flags) __field(unsigned int, stream_id) ), @@ -230,7 +230,7 @@ DECLARE_EVENT_CLASS(cdns3_log_request, __entry->no_interrupt = req->request.no_interrupt; __entry->start_trb = req->start_trb; __entry->end_trb = req->end_trb; - __entry->start_trb_addr = req->trb; + __entry->start_trb_addr = *(const phys_addr_t *)req->trb; __entry->flags = req->flags; __entry->stream_id = req->request.stream_id; ), @@ -244,7 +244,7 @@ DECLARE_EVENT_CLASS(cdns3_log_request, __entry->status, __entry->start_trb, __entry->end_trb, - __entry->start_trb_addr, + /* %pa dereferences */ &__entry->start_trb_addr, __entry->flags, __entry->stream_id ) Can you please test it? I don't have the hardware, but I also want to make sure I don't break anything. Thanks, -- Steve