Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp3946698rwi;
        Wed, 12 Oct 2022 08:41:00 -0700 (PDT)
X-Google-Smtp-Source: AMsMyM7X0+pPJfOh6qN0KVx7EiJ8ZDaS7BiLsI2lPCsACyAdocmNYftglogQ+5qWIo2gps7ijiXA
X-Received: by 2002:a17:907:320c:b0:77b:6f08:9870 with SMTP id xg12-20020a170907320c00b0077b6f089870mr22652413ejb.249.1665589260584;
        Wed, 12 Oct 2022 08:41:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1665589260; cv=none;
        d=google.com; s=arc-20160816;
        b=JBl+4hKUCzB3y55803l9E4hnGDLw0XlAlVyIrfJUaUjcMQ0CD85PtTc6EGhomm1/Vs
         yLV95wwqo+ilRNh+Y4yFrhDYBlmetR988bmPK3l8/f1jnzmWh+kSZyuRIcq4PmpctnKg
         olls5Qb3xYqrtfxRBRX13R+0gUjzWDT5jhtPwFlJ7t+/+BtJ3rKUUUHbcJqavxA2xBHO
         kzv6C96MDw0rDujGxpOWtuHbvAQjnbpf/ourRHHRRLVaIK99izOFvwyjbKbPR6y/0E/b
         Y0cz7w5T0U6hBUuC5eTW8OR6GAgFvIBOkZrY8Mx4kyWreAUwx9TNQmF7mDAYZEzYI82n
         gedA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:user-agent
         :content-transfer-encoding:references:in-reply-to:date:cc:to:from
         :subject:message-id:dkim-signature;
        bh=l4QcNmkxvk1IrzulV8Ga4EOMZ6Se2ic1mR58bl83hkE=;
        b=bWoACqg9AOGuxGoP9NV4vCyye8/MC+QO2koAZXRSKtuVvCjsM7aqvSmc34ZR9StMTw
         yCwH11ZVaaDPJgvGxyHdO42J0C296kERM6V6/paGVfIu6pHbkBb88+Af8ArKLu1mOdAR
         0YKSU2veOxY856/pW5HVrudGM63tWkT36Gg73TEPwFZ3dQ84Pr0ztREYqKDP8MhZLaIK
         TVDLIfp2JLMVI8fWbHDTqIwilS48Mwy//JtutLo0gvZ/PwMhiPmoK445EispAWf1x6gx
         8GfdLkpptgY3fs3/vA8SAEJEGBTpo8Ias6FTV+Eb3kSzkLAt96JoPxlEclBySBKhSfQu
         0JLA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=g8F072n5;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id hc20-20020a170907169400b0078dcaaa2638si7246557ejc.708.2022.10.12.08.40.34;
        Wed, 12 Oct 2022 08:41:00 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=g8F072n5;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229677AbiJLPG1 (ORCPT <rfc822;apalekar@gmail.com> + 99 others);
        Wed, 12 Oct 2022 11:06:27 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48532 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229619AbiJLPGZ (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 12 Oct 2022 11:06:25 -0400
Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 47920A7AB4
        for <linux-kernel@vger.kernel.org>; Wed, 12 Oct 2022 08:06:24 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id C727F6153E
        for <linux-kernel@vger.kernel.org>; Wed, 12 Oct 2022 15:06:23 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id AFCDEC433D6;
        Wed, 12 Oct 2022 15:06:22 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1665587183;
        bh=l4QcNmkxvk1IrzulV8Ga4EOMZ6Se2ic1mR58bl83hkE=;
        h=Subject:From:To:Cc:Date:In-Reply-To:References:From;
        b=g8F072n5cQz1Tr5cyfC2UD98sWYAFZo9lmb2mZ3Oq3aPMGhxnZGcp0bjIUeMpyjtt
         d7K1YXQhv9IDUQnlY5pQq+L8HJR1yxIoFstLA59z/8OsBBn3apnWXgvi9wPHngXrrQ
         SySDJA4DlDfonFSrB/qVzoU0vpNWei7acXHy3LR2neJw2bsJtaRrT0+S7CR9sXDkzO
         cK5NN72LwGQ6twa+I8DYQ2nMiX1Z/0rHp9rig7fP4YNhFi487qa8Or8XhGwUvbLaX0
         GGvyUTAzekNgYIwDoSFjeR8asEDdMx5sNS5m89LXE0qf4TX/lxtzfZcNd+YRgZWFzU
         OMEuFNXiCyQzQ==
Message-ID: <9cc1d42ab0495ff3f0113709966b47e8dab41266.camel@kernel.org>
Subject: Re: [PATCH v2 0/3] tracing: Fix synthetic event bug
From:   Tom Zanussi <zanussi@kernel.org>
To:     Steven Rostedt <rostedt@goodmis.org>, linux-kernel@vger.kernel.org
Cc:     Masami Hiramatsu <mhiramat@kernel.org>,
        Andrew Morton <akpm@linux-foundation.org>
Date:   Wed, 12 Oct 2022 10:06:21 -0500
In-Reply-To: <20221012104055.421393330@goodmis.org>
References: <20221012104055.421393330@goodmis.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
User-Agent: Evolution 3.44.1-0ubuntu1 
MIME-Version: 1.0
X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi Steve,

On Wed, 2022-10-12 at 06:40 -0400, Steven Rostedt wrote:
>=20
> The follow commands caused a crash:
>=20
> =C2=A0 # cd /sys/kernel/tracing
> =C2=A0 # echo 's:open char file[]' > dynamic_events
> =C2=A0 # echo
> 'hist:keys=3Dcommon_pid:file=3Dfilename:onchange($file).trace(open,$file)
> ' > events/syscalls/sys_enter_openat/trigger'
> =C2=A0 # echo 1 > events/synthetic/open/enable
>=20
> BOOM!
>=20
> The problem is that the synthetic event field "char file[]" will read
> the value given to it as a string without any memory checks to make
> sure
> the address is valid. The above example will pass in the user space
> address and the sythetic event code will happily call strlen() on it
> and then strscpy() where either one will cause an oops when accessing
> user space addresses.
>=20
> Changes since v1:
> https://lore.kernel.org/all/20221011212501.773319898@goodmis.org/
>=20
> =C2=A0- Handle "(fault)" printing when there's a fault


Thanks for fixing the synthetic event string tracing bug, along with
the other nice cleanup.

Reviewed-by: Tom Zanussi <zanussi@kernel.org>



>=20
> Steven Rostedt (Google) (3):
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 tracing: Move duplicate code of trace_kpro=
be/eprobe.c into
> header
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 tracing: Add "(fault)" name injection to k=
ernel probes
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 tracing: Fix reading strings from syntheti=
c events
>=20
> ----
> =C2=A0kernel/trace/trace_eprobe.c=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |=
=C2=A0 60 ++------------------
> =C2=A0kernel/trace/trace_events_synth.c |=C2=A0 23 ++++++--
> =C2=A0kernel/trace/trace_kprobe.c=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |=
=C2=A0 60 ++------------------
> =C2=A0kernel/trace/trace_probe_kernel.h | 115
> ++++++++++++++++++++++++++++++++++++++
> =C2=A04 files changed, 142 insertions(+), 116 deletions(-)
> =C2=A0create mode 100644 kernel/trace/trace_probe_kernel.h