Re: [PATCH] tracing: Verify event formats that have "%*p.."
From: Steven Rostedt
Date: Thu Mar 27 2025 - 14:38:14 EST
On Thu, 27 Mar 2025 11:32:23 -0700
Libo Chen <libo.chen@xxxxxxxxxx> wrote:
> On 3/27/25 08:49, Steven Rostedt wrote:
> > From: Steven Rostedt <rostedt@xxxxxxxxxxx>
> >
> > The trace event verifier checks the formats of trace events to make sure
> > that they do not point at memory that is not in the trace event itself or
> > in data that will never be freed. If an event references data that was
> > allocated when the event triggered and that same data is freed before the
> > event is read, then the kernel can crash by reading freed memory.
> >
> > The verifier runs at boot up (or module load) and scans the print formats
> > of the events and checks their arguments to make sure that dereferenced
> > pointers are safe. If the format uses "%*p.." the verifier will ignore it,
> > and that could be dangerous. Cover this case as well.
> >
> > Also add to the sample code a use case of "%*pbl".
> >
> > Link: https://urldefense.com/v3/__https://lore.kernel.org/all/bcba4d76-2c3f-4d11-baf0-02905db953dd@xxxxxxxxxx/__;!!ACWV5N9M2RV99hQ!LTIVO1_O9wY2hBAnpNF5zcB1EFlC77zOnu4oVcM4DoD77p5ZO_m1LFZdPVJPj4spzye4JntXHOqOVxirPQ$
> >
> Thanks Steve, a minor style issue below, otherwise LGTM. I have tested it, it works.
>
> Reviewed-by: Libo Chen <libo.chen@xxxxxxxxxx>
> Tested-by: Libo Chen <libo.chen@xxxxxxxxxx>
Thanks for testing.
> > /*
> > * Notice here the use of some helper functions. This includes:
> > @@ -370,7 +371,10 @@ TRACE_EVENT(foo_bar,
> >
> > __get_str(str), __get_str(lstr),
> > __get_bitmask(cpus), __get_cpumask(cpum),
> > - __get_str(vstr))
> > + __get_str(vstr),
> > + __get_dynamic_array_len(cpus),
> > + __get_dynamic_array_len(cpus),
> > + __get_dynamic_array(cpus))
>
> __get_dynamic_array_len() calls don't seem to be aligned with the ones above
>
Ah yeah. I'll update. Note, this isn't going to go into the kernel until at
least 6.16.
-- Steve