Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp4672758rdb; Tue, 12 Dec 2023 06:24:33 -0800 (PST) X-Google-Smtp-Source: AGHT+IFlHl/tE3QrfyFOzJUAQqHmbi9LnOjbM1z1Vl8UjVFPWFlnpB0b12Jje6wNvZ7/A1W+/ZG5 X-Received: by 2002:a05:6a20:13cc:b0:18b:3ec7:3a71 with SMTP id ho12-20020a056a2013cc00b0018b3ec73a71mr2858365pzc.52.1702391073215; Tue, 12 Dec 2023 06:24:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702391073; cv=none; d=google.com; s=arc-20160816; b=k2OPjTA/sI6RnTj9UUHbGVPMs3CXExZ6EXHdpWmZlHSRiGQ59p9plQEs2mOlPHDyP8 gt9yoO/8To/3tJDkl603P7221aHv2vsFplg/WfcU+4gIayW59Z6+EzgTVtDXkRC+BbVt +E5NRN2nHa9Vj3vs+8sbOKrA0MLlS6BltW+wN32NaqKwueUoREIMIjDaAdKdf6PSHcVr omOYAWlayOk+qutdGGOxFSdCG8lO2nFiQL8ehjkWvWHVfQaGHPQQQIMQ28b82V0PkLeJ r+ViWTsh++x249PB93Di5Yz6hjrzSf5y7M6cYiADQjaFNV0aFfKwWUpI9mZrQ1f13247 bpxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=6RsC/CjRyi9MBCDqruQKLN2abe83b1yPg+fiDJLvNqE=; fh=ApSZSMqk2cOXZBaXQhOniVNa7xwAQ0YLx1sKJGpf0is=; b=xryXhfpmuhXO063QeeDIbZejsAsXHhHKYPvIDSvjqeOhdQQr585adDGNKFbSCMCfDU 6zjXSntOnpHl5VfqWX/N2KsKvNaUq7qd8ZPSBd5ppkoqKj6zvQAC9rVNVpBBneTJaW51 lu2k2jqLlj3QyCXSnFt8fKnPFldljw7pOjneVfKFJ8/HMzePx+xcUeuXPj9jStbZaIgX zPpyvFaQ2mrStWkOnAgyEH/fEj7ik82xFqaNmj7on3upYOVnWvd/HpYWK8lZWz/9JOAe E4zTWmYhek5jvk1L1TqikHD8kaBfZdox3iMPnPuns6b1nk0gZ3wp3OHNL2g7GlItoF3t abOQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@efficios.com header.s=smtpout1 header.b=Aepfzeil; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=efficios.com Return-Path: Received: from fry.vger.email (fry.vger.email. [2620:137:e000::3:8]) by mx.google.com with ESMTPS id x20-20020a631714000000b005c6b59c91bcsi7822884pgl.651.2023.12.12.06.24.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Dec 2023 06:24:33 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) client-ip=2620:137:e000::3:8; Authentication-Results: mx.google.com; dkim=pass header.i=@efficios.com header.s=smtpout1 header.b=Aepfzeil; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=efficios.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id B073B80A1E33; Tue, 12 Dec 2023 06:24:30 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1376596AbjLLOXy (ORCPT + 99 others); Tue, 12 Dec 2023 09:23:54 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59380 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1376565AbjLLOXt (ORCPT ); Tue, 12 Dec 2023 09:23:49 -0500 Received: from smtpout.efficios.com (unknown [IPv6:2607:5300:203:b2ee::31e5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DA4BD99; Tue, 12 Dec 2023 06:23:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=efficios.com; s=smtpout1; t=1702391035; bh=USEuixjU2fIwlYaRovUecQIYEQq4YyOBnS594yyopqg=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=Aepfzeilvp/gNBYsgSBllAS2dR4H7lS0IsyIBuPRbqfGK0o8o6GXQIlxVuecPRHAb GcWH0w7cWxDQYb7UYhLodUFssnGMVTDF1i3TZEfRd7CInFC71BROE0Jy+JzU1AY7Vq OM1cIn3tztCpi6NE+veTJj8HpeWmN8kL5vdF/Pp7PYaGBWVoOBJKmoWbohAiGlx+Be ErUZPOQr9erPjyafiIv/DYC4phNjrfAUTKYyVeGsYzHRjtPMv0Edj+ZzheqL7lrm92 YwYPgw82jVimjyQusDBGSFO4E7zRuFh794i8xsxJDRdfRAJW1pB1v+dzjNp3oNFjeY JRosiQg5/UBaA== Received: from [172.16.0.134] (192-222-143-198.qc.cable.ebox.net [192.222.143.198]) by smtpout.efficios.com (Postfix) with ESMTPSA id 4SqLT70XlKzGGr; Tue, 12 Dec 2023 09:23:55 -0500 (EST) Message-ID: <148974c2-df17-4c71-a59a-6e056e10910e@efficios.com> Date: Tue, 12 Dec 2023 09:23:54 -0500 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH] tracing: Add size check when printing trace_marker output Content-Language: en-US To: Steven Rostedt , LKML , Linux Trace Kernel Cc: Masami Hiramatsu , Mark Rutland References: <20231212084444.4619b8ce@gandalf.local.home> From: Mathieu Desnoyers In-Reply-To: <20231212084444.4619b8ce@gandalf.local.home> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Tue, 12 Dec 2023 06:24:30 -0800 (PST) On 2023-12-12 08:44, Steven Rostedt wrote: > From: "Steven Rostedt (Google)" > > If for some reason the trace_marker write does not have a nul byte for the > string, it will overflow the print: Does this result in leaking kernel memory to userspace ? If so, it should state "Fixes..." and CC stable. Thanks, Mathieu > > trace_seq_printf(s, ": %s", field->buf); > > The field->buf could be missing the nul byte. To prevent overflow, add the > max size that the buf can be by using the event size and the field > location. > > int max = iter->ent_size - offsetof(struct print_entry, buf); > > trace_seq_printf(s, ": %*s", max, field->buf); > > Signed-off-by: Steven Rostedt (Google) > --- > kernel/trace/trace_output.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/kernel/trace/trace_output.c b/kernel/trace/trace_output.c > index d8b302d01083..e11fb8996286 100644 > --- a/kernel/trace/trace_output.c > +++ b/kernel/trace/trace_output.c > @@ -1587,11 +1587,12 @@ static enum print_line_t trace_print_print(struct trace_iterator *iter, > { > struct print_entry *field; > struct trace_seq *s = &iter->seq; > + int max = iter->ent_size - offsetof(struct print_entry, buf); > > trace_assign_type(field, iter->ent); > > seq_print_ip_sym(s, field->ip, flags); > - trace_seq_printf(s, ": %s", field->buf); > + trace_seq_printf(s, ": %*s", max, field->buf); > > return trace_handle_return(s); > } > @@ -1600,10 +1601,11 @@ static enum print_line_t trace_print_raw(struct trace_iterator *iter, int flags, > struct trace_event *event) > { > struct print_entry *field; > + int max = iter->ent_size - offsetof(struct print_entry, buf); > > trace_assign_type(field, iter->ent); > > - trace_seq_printf(&iter->seq, "# %lx %s", field->ip, field->buf); > + trace_seq_printf(&iter->seq, "# %lx %*s", field->ip, max, field->buf); > > return trace_handle_return(&iter->seq); > } -- Mathieu Desnoyers EfficiOS Inc. https://www.efficios.com