[PATCH 5.4 04/27] tracing: Reject string operand in the histogram expression

From: Greg Kroah-Hartman
Date: Fri Aug 13 2021 - 11:16:46 EST

Next message: Greg Kroah-Hartman: "[PATCH 5.4 03/27] media: v4l2-mem2mem: always consider OUTPUT queue during poll"
Previous message: Greg Kroah-Hartman: "[PATCH 5.4 26/27] btrfs: export and rename qgroup_reserve_meta"
In reply to: Greg Kroah-Hartman: "[PATCH 5.4 26/27] btrfs: export and rename qgroup_reserve_meta"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.4 03/27] media: v4l2-mem2mem: always consider OUTPUT queue during poll"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Masami Hiramatsu <mhiramat@xxxxxxxxxx>

commit a9d10ca4986571bffc19778742d508cc8dd13e02 upstream.

Since the string type can not be the target of the addition / subtraction
operation, it must be rejected. Without this fix, the string type silently
converted to digits.

Link: https://lkml.kernel.org/r/162742654278.290973.1523000673366456634.stgit@devnote2

Cc: stable@xxxxxxxxxxxxxxx
Fixes: 100719dcef447 ("tracing: Add simple expression support to hist triggers")
Signed-off-by: Masami Hiramatsu <mhiramat@xxxxxxxxxx>
Signed-off-by: Steven Rostedt (VMware) <rostedt@xxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
kernel/trace/trace_events_hist.c | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)

--- a/kernel/trace/trace_events_hist.c
+++ b/kernel/trace/trace_events_hist.c
@@ -66,7 +66,8 @@
C(INVALID_SUBSYS_EVENT, "Invalid subsystem or event name"), \
C(INVALID_REF_KEY, "Using variable references in keys not supported"), \
C(VAR_NOT_FOUND, "Couldn't find variable"), \
- C(FIELD_NOT_FOUND, "Couldn't find field"),
+ C(FIELD_NOT_FOUND, "Couldn't find field"), \
+ C(INVALID_STR_OPERAND, "String type can not be an operand in expression"),

#undef C
#define C(a, b) HIST_ERR_##a
@@ -3038,6 +3039,13 @@ static struct hist_field *parse_unary(st
ret = PTR_ERR(operand1);
goto free;
}
+ if (operand1->flags & HIST_FIELD_FL_STRING) {
+ /* String type can not be the operand of unary operator. */
+ hist_err(file->tr, HIST_ERR_INVALID_STR_OPERAND, errpos(str));
+ destroy_hist_field(operand1, 0);
+ ret = -EINVAL;
+ goto free;
+ }

expr->flags |= operand1->flags &
(HIST_FIELD_FL_TIMESTAMP | HIST_FIELD_FL_TIMESTAMP_USECS);
@@ -3139,6 +3147,11 @@ static struct hist_field *parse_expr(str
operand1 = NULL;
goto free;
}
+ if (operand1->flags & HIST_FIELD_FL_STRING) {
+ hist_err(file->tr, HIST_ERR_INVALID_STR_OPERAND, errpos(operand1_str));
+ ret = -EINVAL;
+ goto free;
+ }

/* rest of string could be another expression e.g. b+c in a+b+c */
operand_flags = 0;
@@ -3148,6 +3161,11 @@ static struct hist_field *parse_expr(str
operand2 = NULL;
goto free;
}
+ if (operand2->flags & HIST_FIELD_FL_STRING) {
+ hist_err(file->tr, HIST_ERR_INVALID_STR_OPERAND, errpos(str));
+ ret = -EINVAL;
+ goto free;
+ }

ret = check_expr_operands(file->tr, operand1, operand2);
if (ret)

Next message: Greg Kroah-Hartman: "[PATCH 5.4 03/27] media: v4l2-mem2mem: always consider OUTPUT queue during poll"
Previous message: Greg Kroah-Hartman: "[PATCH 5.4 26/27] btrfs: export and rename qgroup_reserve_meta"
In reply to: Greg Kroah-Hartman: "[PATCH 5.4 26/27] btrfs: export and rename qgroup_reserve_meta"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.4 03/27] media: v4l2-mem2mem: always consider OUTPUT queue during poll"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]