Re: [PATCH] trace: fix potenial dangerous pointer
From: Steven Rostedt
Date: Tue Nov 24 2020 - 12:05:29 EST
On Wed, 25 Nov 2020 00:52:05 +0800
Hui Su <sh_def@xxxxxxx> wrote:
> The bdi_dev_name() returns a char [64], and
> the __entry->name is a char [32].
>
> It maybe dangerous to TP_printk("%s", __entry->name)
> after the strncpy().
Acked-by: Steven Rostedt (VMware) <rostedt@xxxxxxxxxxx>
This should go through the tree that has the code that uses these
tracepoints.
-- Steve
>
> Signed-off-by: Hui Su <sh_def@xxxxxxx>
> ---
> include/trace/events/writeback.h | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/include/trace/events/writeback.h b/include/trace/events/writeback.h
> index e7cbccc7c14c..57d795365987 100644
> --- a/include/trace/events/writeback.h
> +++ b/include/trace/events/writeback.h
> @@ -190,7 +190,7 @@ TRACE_EVENT(inode_foreign_history,
> ),
>
> TP_fast_assign(
> - strncpy(__entry->name, bdi_dev_name(inode_to_bdi(inode)), 32);
> + strscpy_pad(__entry->name, bdi_dev_name(inode_to_bdi(inode)), 32);
> __entry->ino = inode->i_ino;
> __entry->cgroup_ino = __trace_wbc_assign_cgroup(wbc);
> __entry->history = history;
> @@ -219,7 +219,7 @@ TRACE_EVENT(inode_switch_wbs,
> ),
>
> TP_fast_assign(
> - strncpy(__entry->name, bdi_dev_name(old_wb->bdi), 32);
> + strscpy_pad(__entry->name, bdi_dev_name(old_wb->bdi), 32);
> __entry->ino = inode->i_ino;
> __entry->old_cgroup_ino = __trace_wb_assign_cgroup(old_wb);
> __entry->new_cgroup_ino = __trace_wb_assign_cgroup(new_wb);
> @@ -252,7 +252,7 @@ TRACE_EVENT(track_foreign_dirty,
> struct address_space *mapping = page_mapping(page);
> struct inode *inode = mapping ? mapping->host : NULL;
>
> - strncpy(__entry->name, bdi_dev_name(wb->bdi), 32);
> + strscpy_pad(__entry->name, bdi_dev_name(wb->bdi), 32);
> __entry->bdi_id = wb->bdi->id;
> __entry->ino = inode ? inode->i_ino : 0;
> __entry->memcg_id = wb->memcg_css->id;
> @@ -285,7 +285,7 @@ TRACE_EVENT(flush_foreign,
> ),
>
> TP_fast_assign(
> - strncpy(__entry->name, bdi_dev_name(wb->bdi), 32);
> + strscpy_pad(__entry->name, bdi_dev_name(wb->bdi), 32);
> __entry->cgroup_ino = __trace_wb_assign_cgroup(wb);
> __entry->frn_bdi_id = frn_bdi_id;
> __entry->frn_memcg_id = frn_memcg_id;