Received: by 2002:a05:6520:2586:b029:fa:41f3:c225 with SMTP id u6csp22853lky;
        Wed, 9 Jun 2021 14:46:04 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwiEr88KRSekvYi3XSfdzx6VlbZQhS0P2KkEx0yp/Isq3+h7RFSRrhzQgyhbz6dqU7v7LDP
X-Received: by 2002:a17:906:530e:: with SMTP id h14mr1656961ejo.165.1623275164228;
        Wed, 09 Jun 2021 14:46:04 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1623275164; cv=none;
        d=google.com; s=arc-20160816;
        b=aDTUQjtnfXJp0QAXiccHJy53/CcetmCniGvk6GND7WHHENA36QXXXLU24s4N4iYo/l
         wTFIg/QA+IhnC3BfC62Nh+f1iJL0ohDuaG9zMnHf3g4d/gd6DOsNnePJnwoSPG+w/B54
         jJE0NmGGH+vQ5Sf9PInUujcHAv6bTTGtk1/mfeH9dgQ+Z4JsvXiYBKFokJ4hwJz9IVG5
         bxIW0CAs56QLtXXAULfy61smnpwgqUmAcOCgrABxGCJobQPDHuuMsMltXIqnv4CuPcsg
         bDJUI/PO09Tu8icZ85wjSxl++Z5JyapMI3Yzfhq2oSvtVclgzOEgMUF90NNboyzSE8w0
         P1sw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=aaXF2yQYlF3XaWxmnf9WH9rzEvbnGjon/80g8w4+GyI=;
        b=irkCdVJZsUc5bx/Y360KOL9RIJtT+AHo2VoEo7LoUAzwOkZ/JZiju4zwP5R/C/o0L3
         tLRgQnwwaXnDRmzPoPPEYeToZWiio98wCvH/hA+cO66i0o/TKgMJWBSi9oGWY9zGX3hG
         lNH2JUlG0Idl4DbEyk8Gx0NjYbK6ptg8fgASZQmqXqBAgxGuzDnE6JiMy57xXAJ2ou1J
         LyCAfBp4fRY/EG/UVhRiRYET4olEs5pDRSwtMB5DzNBoILamxYMdQZawqfqY18j+z/0+
         ZHsFxRuyK/Hx0Nc6YLfXd4VD55XoKoJXEv9O4UjqaicmYlQ3fQbQYJsrml/W/oBthL6z
         qrdg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linux-foundation.org header.s=google header.b="I0Uv1/Ob";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id m12si720373ejq.256.2021.06.09.14.45.40;
        Wed, 09 Jun 2021 14:46:04 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linux-foundation.org header.s=google header.b="I0Uv1/Ob";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229773AbhFIVqY (ORCPT <rfc822;ly15351151@gmail.com> + 99 others);
        Wed, 9 Jun 2021 17:46:24 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50394 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229517AbhFIVqW (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 9 Jun 2021 17:46:22 -0400
Received: from mail-lf1-x12b.google.com (mail-lf1-x12b.google.com [IPv6:2a00:1450:4864:20::12b])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DDF5AC061574
        for <linux-kernel@vger.kernel.org>; Wed,  9 Jun 2021 14:44:11 -0700 (PDT)
Received: by mail-lf1-x12b.google.com with SMTP id bp38so4818471lfb.0
        for <linux-kernel@vger.kernel.org>; Wed, 09 Jun 2021 14:44:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linux-foundation.org; s=google;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=aaXF2yQYlF3XaWxmnf9WH9rzEvbnGjon/80g8w4+GyI=;
        b=I0Uv1/Obcy6RZhS3152uYEHuLVSidy2Itl/6Pz8iSIW5HjbdZiHIic91RTMHJu5nBU
         W1zV/GRWkSf8fG3bTYSYA7A1IUfcQ7z+NLf6Pc+4PlIpLqHS3KhxsY5r4DnUxChi0o2U
         JGC6Ia6Pgrb6fYuxAFQpZcxJZ7vJMdjMpMdbA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=aaXF2yQYlF3XaWxmnf9WH9rzEvbnGjon/80g8w4+GyI=;
        b=tL1zjupJuugMqt+V3YbrFx5HtvBVqwNn9/KiyP+pHxskSlyEgfpf4GHAXDd8WZWoZ5
         7ZCCtjhhNfaQCJ1DOUkiw29YZ5C2r+oGBL5qZTzo1HdyFO5VxM0fknVC2rIqAZCgHbqM
         gc00DcN8wdv4P2Mv/911w/o/1U/3KYnbHOznw9XvqPlSv9QLQOY49HNNmWpVMCbWE533
         Z1M06M6G0AbKem71Edwh9FWIWlxSfstrNSs4gseh6ZkjfboHgIAl1J+BnvoiTZ1fsK/N
         vJOKbs5mAgKKjzEWqOWVQqUsbJCxlUzVEy/dI1H29p2QK8pQfUOmggoIdA8RceWRMTi6
         HCzA==
X-Gm-Message-State: AOAM532zJuNmdgj8FCb0/aiIs4erQoT/aGUEreDCJzh3nAPig98ObSLy
        AqF5kbcJ1Hxev2c/5uLGZ9vo54ipcLp07ejJum4=
X-Received: by 2002:ac2:5e3b:: with SMTP id o27mr941323lfg.241.1623275050046;
        Wed, 09 Jun 2021 14:44:10 -0700 (PDT)
Received: from mail-lj1-f169.google.com (mail-lj1-f169.google.com. [209.85.208.169])
        by smtp.gmail.com with ESMTPSA id g19sm100092lfu.274.2021.06.09.14.44.07
        for <linux-kernel@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Wed, 09 Jun 2021 14:44:08 -0700 (PDT)
Received: by mail-lj1-f169.google.com with SMTP id u18so1727441lju.12
        for <linux-kernel@vger.kernel.org>; Wed, 09 Jun 2021 14:44:07 -0700 (PDT)
X-Received: by 2002:a2e:8587:: with SMTP id b7mr1307218lji.465.1623275047231;
 Wed, 09 Jun 2021 14:44:07 -0700 (PDT)
MIME-Version: 1.0
References: <20210607125734.1770447-1-liangyan.peng@linux.alibaba.com>
 <71fa2e69-a60b-0795-5fef-31658f89591a@linux.alibaba.com> <CAHk-=whKbJkuVmzb0hD3N6q7veprUrSpiBHRxVY=AffWZPtxmg@mail.gmail.com>
 <20210609165154.3eab1749@oasis.local.home>
In-Reply-To: <20210609165154.3eab1749@oasis.local.home>
From:   Linus Torvalds <torvalds@linux-foundation.org>
Date:   Wed, 9 Jun 2021 14:43:51 -0700
X-Gmail-Original-Message-ID: <CAHk-=wiGWjxs7EVUpccZEi6esvjpHJdgHQ=vtUeJ5crL62hx9A@mail.gmail.com>
Message-ID: <CAHk-=wiGWjxs7EVUpccZEi6esvjpHJdgHQ=vtUeJ5crL62hx9A@mail.gmail.com>
Subject: Re: [PATCH] tracing: Correct the length check which causes memory corruption
To:     Steven Rostedt <rostedt@goodmis.org>
Cc:     James Wang <jnwang@linux.alibaba.com>,
        Liangyan <liangyan.peng@linux.alibaba.com>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Ingo Molnar <mingo@redhat.com>,
        Xunlei Pang <xlpang@linux.alibaba.com>,
        yinbinbin@alibabacloud.com, wetp <wetp.zy@linux.alibaba.com>,
        stable <stable@vger.kernel.org>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Jun 9, 2021 at 1:52 PM Steven Rostedt <rostedt@goodmis.org> wrote:
> >
> > That "sizeof(*entry)" is clearly wrong, because it doesn't take the
> > unsized array into account.
>
> Correct. That's because I forgot that the structure has that empty array :-(

Note that 'sparse' does have the option to warn about odd flexible
array uses. Including 'sizeof()'.

You can do something like

    CF='-Wflexible-array-sizeof' make C=2 kernel/trace/trace.o

and you'll see

  kernel/trace/trace.c:1022:17: warning: using sizeof on a flexible structure
  kernel/trace/trace.c:2645:17: warning: using sizeof on a flexible structure
  kernel/trace/trace.c:2739:41: warning: using sizeof on a flexible structure
  kernel/trace/trace.c:3290:16: warning: using sizeof on a flexible structure
  kernel/trace/trace.c:3350:16: warning: using sizeof on a flexible structure
  kernel/trace/trace.c:6989:16: warning: using sizeof on a flexible structure
  kernel/trace/trace.c:7070:16: warning: using sizeof on a flexible structure

and I suspect every single one of those should be using
'struct_size()' instead for a sizeof() on the base structure plus some
manual arithmetic (or, as in the case of this bug, _without_ the extra
arithmetic).

And yeah, it isn't just the tracing code that does this. We have it
all over, so that sparse check isn't on by default. Sparse is pretty
darn noisy even without it, but it can be worth using that
CF='-Wflexible-array-sizeof' on individual files that you want to
check.

               Linus