tracing: Fix the histogram logic from possibly crashing the kernel
Working on the histogram code, I found that if you dereference a char pointer in a trace event that happens to point to user space, it can crash the kernel, as it does no checks of that pointer. I have code coming that will do this better, so just remove this ability to treat character pointers in trace events as stings in the histogram. -----BEGIN PGP SIGNATURE----- iIoEABYIADIWIQRRSw7ePDh/lE+zeZMp5XQQmuv6qgUCYPH9FRQccm9zdGVkdEBn b29kbWlzLm9yZwAKCRAp5XQQmuv6qsyhAQDKiQzVJtjfsNbIWliDQOaUwJMO9tNl Qu5TUDmPbAA4fwD+MgYsnITPL+o/YcKQ+aMdj/wLLMKfIjhNkFY8wqdLvwg= =CN97 -----END PGP SIGNATURE----- Merge tag 'trace-v5.14-5' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace Pull tracing fix from Steven Rostedt: "Fix the histogram logic from possibly crashing the kernel Working on the histogram code, I found that if you dereference a char pointer in a trace event that happens to point to user space, it can crash the kernel, as it does no checks of that pointer. I have code coming that will do this better, so just remove this ability to treat character pointers in trace events as stings in the histogram" * tag 'trace-v5.14-5' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: tracing: Do not reference char * as a string in histograms
This commit is contained in:
commit
3fdacf402b
|
@ -1689,7 +1689,9 @@ static struct hist_field *create_hist_field(struct hist_trigger_data *hist_data,
|
|||
if (WARN_ON_ONCE(!field))
|
||||
goto out;
|
||||
|
||||
if (is_string_field(field)) {
|
||||
/* Pointers to strings are just pointers and dangerous to dereference */
|
||||
if (is_string_field(field) &&
|
||||
(field->filter_type != FILTER_PTR_STRING)) {
|
||||
flags |= HIST_FIELD_FL_STRING;
|
||||
|
||||
hist_field->size = MAX_FILTER_STR_VAL;
|
||||
|
@ -4495,8 +4497,6 @@ static inline void add_to_key(char *compound_key, void *key,
|
|||
field = key_field->field;
|
||||
if (field->filter_type == FILTER_DYN_STRING)
|
||||
size = *(u32 *)(rec + field->offset) >> 16;
|
||||
else if (field->filter_type == FILTER_PTR_STRING)
|
||||
size = strlen(key);
|
||||
else if (field->filter_type == FILTER_STATIC_STRING)
|
||||
size = field->size;
|
||||
|
||||
|
|
Loading…
Reference in New Issue