Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp5464703rwb; Wed, 17 Aug 2022 18:53:28 -0700 (PDT) X-Google-Smtp-Source: AA6agR7f81vjfnhVHY3owajxHU29FZ9abpFp43eyBq3kZjczIc8li8Xi/WoUEUFX4LDqPs7eRZf1 X-Received: by 2002:a05:6402:530f:b0:43e:43d7:91ca with SMTP id eo15-20020a056402530f00b0043e43d791camr572020edb.176.1660787608685; Wed, 17 Aug 2022 18:53:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1660787608; cv=none; d=google.com; s=arc-20160816; b=miSU9Qz/AAmiKOBK4Ni8gA2X2rLn8St9/wnkmBUFdmKEzJ4beAwCRpCJKw8t50OYBc EXIgRJQI7PKpwP2DYZma8e8Ns/9Xg82uDqum4nykuef4R8I1jMpH7nba0ZGIxeqGZitm cewIk0ZXeyyxwJsbuR0gg56sBYD2JDofA6upsoKTTMLk8CACtfL+rR4VJmWLtqAWk5Nx oQUqTwbfn/llqGxfkwPUIYtb9ciOhhIsfW4jn6bsnx2F1VCBS4flyGEQGfP9fj55ssb4 MKkv8nUpfNwle/j/TCBEYrAZhZKXJiBwCG+A1nVHihSpVHadxFBAd3RpueUa7UNF4ui3 WLvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=sLCQGc9ynaCQh+pwnSxVodtjMN/TsbcNkD2WfegUnQI=; b=zYgy+mOaKbEEZxF2EP9ZuxFGinbZI8qI2lrtnQgItQ905bWHfX2/GEKaXJZQK+TiJ8 44VYvN62B/RPJmT7h3iV+A/o22keFMTuq8bUYTPozNMKAdkKXNxAIMM100K2O8rkkPi/ /hK2E4dRfnrJjuY8AstykmzAeNATWLBjo8NBVy/lFVICvPyrFrWoAp1T81rCXhrFQjyc T67r8GByWPEJhIrjg48HEJosEf7g2ggVunvHKz6vxgRTaAx11twZ0yQrObbJ68Z2xGSc hRflr4GZ6uo1qB4uKRbaP3rzj+3T7T+3fb9MyWkPOshHEAI2fD3KLijwyLlyjHfZjPfr 4tjg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id nc3-20020a1709071c0300b00730d0b86b28si128388ejc.761.2022.08.17.18.53.03; Wed, 17 Aug 2022 18:53:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242630AbiHRBur (ORCPT + 99 others); Wed, 17 Aug 2022 21:50:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56472 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234003AbiHRBuq (ORCPT ); Wed, 17 Aug 2022 21:50:46 -0400 Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 16FFA9AFD6 for ; Wed, 17 Aug 2022 18:50:45 -0700 (PDT) Received: from dggemv704-chm.china.huawei.com (unknown [172.30.72.53]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4M7SRB5YLjzXdrZ; Thu, 18 Aug 2022 09:46:30 +0800 (CST) Received: from kwepemm600003.china.huawei.com (7.193.23.202) by dggemv704-chm.china.huawei.com (10.3.19.47) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Thu, 18 Aug 2022 09:50:41 +0800 Received: from [10.67.111.205] (10.67.111.205) by kwepemm600003.china.huawei.com (7.193.23.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Thu, 18 Aug 2022 09:50:40 +0800 Subject: Re: [PATCH] ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead To: Steven Rostedt CC: , References: <20220804021610.209791-1-yangjihong1@huawei.com> <20220817104115.0ec6b90b@gandalf.local.home> From: Yang Jihong Message-ID: Date: Thu, 18 Aug 2022 09:50:40 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.6.1 MIME-Version: 1.0 In-Reply-To: <20220817104115.0ec6b90b@gandalf.local.home> Content-Type: text/plain; charset="utf-8"; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [10.67.111.205] X-ClientProxiedBy: dggems701-chm.china.huawei.com (10.3.19.178) To kwepemm600003.china.huawei.com (7.193.23.202) X-CFilter-Loop: Reflected X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,NICE_REPLY_A, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello, On 2022/8/17 22:41, Steven Rostedt wrote: > On Thu, 4 Aug 2022 10:16:10 +0800 > Yang Jihong wrote: > >> @@ -2922,24 +2922,36 @@ int ftrace_startup(struct ftrace_ops *ops, int command) >> ops->flags |= FTRACE_OPS_FL_ENABLED | FTRACE_OPS_FL_ADDING; >> >> ret = ftrace_hash_ipmodify_enable(ops); >> - if (ret < 0) { >> - /* Rollback registration process */ >> - __unregister_ftrace_function(ops); >> - ftrace_start_up--; >> - ops->flags &= ~FTRACE_OPS_FL_ENABLED; >> - if (ops->flags & FTRACE_OPS_FL_DYNAMIC) >> - ftrace_trampoline_free(ops); >> - return ret; > > This should stay as is. > >> - } >> + if (ret < 0) >> + goto out_rollback_registration; >> >> if (ftrace_hash_rec_enable(ops, 1)) >> command |= FTRACE_UPDATE_CALLS; >> >> ftrace_startup_enable(command); >> >> + /* >> + * If ftrace_startup_enable fails, >> + * we need to rollback registration process. >> + */ >> + if (unlikely(ftrace_disabled)) { >> + ret = -ENODEV; >> + goto out_rollback_registration; > > The only thing to do here is the _unregister_ftrace_function(ops); > And that may not even be safe. > > >> + } >> + >> ops->flags &= ~FTRACE_OPS_FL_ADDING; >> >> return 0; >> + >> +out_rollback_registration: >> + /* Rollback registration process */ >> + __unregister_ftrace_function(ops); >> + ftrace_start_up--; >> + ops->flags &= ~FTRACE_OPS_FL_ENABLED; >> + if (ops->flags & FTRACE_OPS_FL_DYNAMIC) >> + ftrace_trampoline_free(ops); >> + > > When ftrace_disabled is set, ftrace is in an undefined state, and a reboot > should be done ASAP. Because we have no idea what went wrong. It means > something happened that ftrace was not designed for. > > That means, we do not know if the trampoline can still be called or not. > Maybe it enabled some of the functions, but not all. And maybe those > functions call the dynamic trampoline directly. > > Thus, on ftrace_disable being set, only do the bare minimum, as ftrace has > now "shutdown" and will not do any more work. > > Basically, this patch is trying to mitigate a kernel that broke and needs > a reboot immediately. > > -- Steve Thanks for the detailed explanation. If panic_on_warn is not set, FTRACE_WARN_ON{_ONCE} only sets ftrace_disabled, but will not reboot. I think this is to limit the problem to ftrace itself and not spread to other subsystems(I don't know if that's right. If it's not right, please correct it). Because is_ftrace_trampoline is a common and public interface (This interface is called in many places in the kernel). If is_ftrace_trampoline interface is not restricted (for example, just return true if ftrace_disabled is set), the preceding Syzkaller scenario may be triggered when this interface is called. Therefore, my idea is to restrict the is_ftrace_trampoline or roll back _unregister_ftrace_function when ftrace_disabled is set, so that the interface can be invoked normally. Or keep the current code and do not modify. Please give me some suggestions that you think are better. Thanks, Yang > > >> + return ret; >> } >> >> int ftrace_shutdown(struct ftrace_ops *ops, int command) >> -- > . >