Skip to content

Commit c2cd8e4

Browse files
committed
Merge tag 'probes-fixes-v6.12-rc4.2' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace
Pull probes fixes from Masami Hiramatsu: - objpool: Fix choosing allocation for percpu slots Fixes to allocate objpool's percpu slots correctly according to the GFP flag. It checks whether "any bit" in GFP_ATOMIC is set to choose the vmalloc source, but it should check "all bits" in GFP_ATOMIC flag is set, because GFP_ATOMIC is a combined flag. - tracing/probes: Fix MAX_TRACE_ARGS limit handling If more than MAX_TRACE_ARGS are passed for creating a probe event, the entries over MAX_TRACE_ARG in trace_arg array are not initialized. Thus if the kernel accesses those entries, it crashes. This rejects creating event if the number of arguments is over MAX_TRACE_ARGS. - tracing: Consider the NUL character when validating the event length A strlen() is used when parsing the event name, and the original code does not consider the terminal null byte. Thus it can pass the name one byte longer than the buffer. This fixes to check it correctly. * tag 'probes-fixes-v6.12-rc4.2' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace: tracing: Consider the NULL character when validating the event length tracing/probes: Fix MAX_TRACE_ARGS limit handling objpool: fix choosing allocation for percpu slots
2 parents 4e46774 + 0b6e2e2 commit c2cd8e4

File tree

6 files changed

+21
-6
lines changed

6 files changed

+21
-6
lines changed

kernel/trace/trace_eprobe.c

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -912,6 +912,11 @@ static int __trace_eprobe_create(int argc, const char *argv[])
912912
}
913913
}
914914

915+
if (argc - 2 > MAX_TRACE_ARGS) {
916+
ret = -E2BIG;
917+
goto error;
918+
}
919+
915920
mutex_lock(&event_mutex);
916921
event_call = find_and_get_event(sys_name, sys_event);
917922
ep = alloc_event_probe(group, event, event_call, argc - 2);
@@ -937,7 +942,7 @@ static int __trace_eprobe_create(int argc, const char *argv[])
937942

938943
argc -= 2; argv += 2;
939944
/* parse arguments */
940-
for (i = 0; i < argc && i < MAX_TRACE_ARGS; i++) {
945+
for (i = 0; i < argc; i++) {
941946
trace_probe_log_set_index(i + 2);
942947
ret = trace_eprobe_tp_update_arg(ep, argv, i);
943948
if (ret)

kernel/trace/trace_fprobe.c

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1187,6 +1187,10 @@ static int __trace_fprobe_create(int argc, const char *argv[])
11871187
argc = new_argc;
11881188
argv = new_argv;
11891189
}
1190+
if (argc > MAX_TRACE_ARGS) {
1191+
ret = -E2BIG;
1192+
goto out;
1193+
}
11901194

11911195
ret = traceprobe_expand_dentry_args(argc, argv, &dbuf);
11921196
if (ret)
@@ -1203,7 +1207,7 @@ static int __trace_fprobe_create(int argc, const char *argv[])
12031207
}
12041208

12051209
/* parse arguments */
1206-
for (i = 0; i < argc && i < MAX_TRACE_ARGS; i++) {
1210+
for (i = 0; i < argc; i++) {
12071211
trace_probe_log_set_index(i + 2);
12081212
ctx.offset = 0;
12091213
ret = traceprobe_parse_probe_arg(&tf->tp, i, argv[i], &ctx);

kernel/trace/trace_kprobe.c

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1013,6 +1013,10 @@ static int __trace_kprobe_create(int argc, const char *argv[])
10131013
argc = new_argc;
10141014
argv = new_argv;
10151015
}
1016+
if (argc > MAX_TRACE_ARGS) {
1017+
ret = -E2BIG;
1018+
goto out;
1019+
}
10161020

10171021
ret = traceprobe_expand_dentry_args(argc, argv, &dbuf);
10181022
if (ret)
@@ -1029,7 +1033,7 @@ static int __trace_kprobe_create(int argc, const char *argv[])
10291033
}
10301034

10311035
/* parse arguments */
1032-
for (i = 0; i < argc && i < MAX_TRACE_ARGS; i++) {
1036+
for (i = 0; i < argc; i++) {
10331037
trace_probe_log_set_index(i + 2);
10341038
ctx.offset = 0;
10351039
ret = traceprobe_parse_probe_arg(&tk->tp, i, argv[i], &ctx);

kernel/trace/trace_probe.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -276,7 +276,7 @@ int traceprobe_parse_event_name(const char **pevent, const char **pgroup,
276276
}
277277
trace_probe_log_err(offset, NO_EVENT_NAME);
278278
return -EINVAL;
279-
} else if (len > MAX_EVENT_NAME_LEN) {
279+
} else if (len >= MAX_EVENT_NAME_LEN) {
280280
trace_probe_log_err(offset, EVENT_TOO_LONG);
281281
return -EINVAL;
282282
}

kernel/trace/trace_uprobe.c

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -565,6 +565,8 @@ static int __trace_uprobe_create(int argc, const char **argv)
565565

566566
if (argc < 2)
567567
return -ECANCELED;
568+
if (argc - 2 > MAX_TRACE_ARGS)
569+
return -E2BIG;
568570

569571
if (argv[0][1] == ':')
570572
event = &argv[0][2];
@@ -690,7 +692,7 @@ static int __trace_uprobe_create(int argc, const char **argv)
690692
tu->filename = filename;
691693

692694
/* parse arguments */
693-
for (i = 0; i < argc && i < MAX_TRACE_ARGS; i++) {
695+
for (i = 0; i < argc; i++) {
694696
struct traceprobe_parse_context ctx = {
695697
.flags = (is_return ? TPARG_FL_RETURN : 0) | TPARG_FL_USER,
696698
};

lib/objpool.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -76,7 +76,7 @@ objpool_init_percpu_slots(struct objpool_head *pool, int nr_objs,
7676
* mimimal size of vmalloc is one page since vmalloc would
7777
* always align the requested size to page size
7878
*/
79-
if (pool->gfp & GFP_ATOMIC)
79+
if ((pool->gfp & GFP_ATOMIC) == GFP_ATOMIC)
8080
slot = kmalloc_node(size, pool->gfp, cpu_to_node(i));
8181
else
8282
slot = __vmalloc_node(size, sizeof(void *), pool->gfp,

0 commit comments

Comments
 (0)