MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-10-22 23:13:01 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
be15dab9a4
linux-yocto/kernel/trace
History
Pu Lehui 3079517a5b tracing: Limit access to parser->buffer when trace_get_user failed 
[ Upstream commit 6a909ea83f226803ea0e718f6e88613df9234d58 ]

When the length of the string written to set_ftrace_filter exceeds
FTRACE_BUFF_MAX, the following KASAN alarm will be triggered:

BUG: KASAN: slab-out-of-bounds in strsep+0x18c/0x1b0
Read of size 1 at addr ffff0000d00bd5ba by task ash/165

CPU: 1 UID: 0 PID: 165 Comm: ash Not tainted 6.16.0-g6bcdbd62bd56-dirty
Hardware name: linux,dummy-virt (DT)
Call trace:
 show_stack+0x34/0x50 (C)
 dump_stack_lvl+0xa0/0x158
 print_address_description.constprop.0+0x88/0x398
 print_report+0xb0/0x280
 kasan_report+0xa4/0xf0
 __asan_report_load1_noabort+0x20/0x30
 strsep+0x18c/0x1b0
 ftrace_process_regex.isra.0+0x100/0x2d8
 ftrace_regex_release+0x484/0x618
 __fput+0x364/0xa58
 ____fput+0x28/0x40
 task_work_run+0x154/0x278
 do_notify_resume+0x1f0/0x220
 el0_svc+0xec/0xf0
 el0t_64_sync_handler+0xa0/0xe8
 el0t_64_sync+0x1ac/0x1b0

The reason is that trace_get_user will fail when processing a string
longer than FTRACE_BUFF_MAX, but not set the end of parser->buffer to 0.
Then an OOB access will be triggered in ftrace_regex_release->
ftrace_process_regex->strsep->strpbrk. We can solve this problem by
limiting access to parser->buffer when trace_get_user failed.

Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/20250813040232.1344527-1-pulehui@huaweicloud.com
Fixes: 8c9af478c0 ("ftrace: Handle commands when closing set_ftrace_filter file")
Signed-off-by: Pu Lehui <pulehui@huawei.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-08-28 16:34:41 +02:00
..
rv rv: Add #undef TRACE_INCLUDE_FILE 2025-08-20 18:41:10 +02:00
blktrace.c traceevent/block: Add REQ_ATOMIC flag to block trace events 2025-05-23 09:18:48 -06:00
bpf_trace.c bpf: Fix error return value in bpf_copy_from_user_dynptr 2025-05-23 13:25:02 -07:00
bpf_trace.h
error_report-traces.c
fgraph.c ftrace: Show subops in enabled_functions 2025-05-08 09:36:08 -04:00
fprobe.c tracing: fprobe: Fix infinite recursion using preempt_*_notrace() 2025-08-20 18:41:42 +02:00
ftrace_internal.h
ftrace.c ftrace: Also allocate and copy hash for reading of filter files 2025-08-28 16:34:39 +02:00
Kconfig ftrace: Have tracing function args depend on PROBE_EVENTS_BTF_ARGS 2025-04-02 09:50:56 -04:00
kprobe_event_gen_test.c
Makefile
pid_list.c tracing: Cleanup upper_empty() in pid_list 2025-05-14 11:19:32 -04:00
pid_list.h
power-traces.c PM: cpufreq: powernv/tracing: Move powernv_throttle trace event 2025-08-15 16:38:50 +02:00
preemptirq_delay_test.c kernel: trace: preemptirq_delay_test: use offstack cpu mask 2025-08-15 16:39:06 +02:00
rethook.c
ring_buffer_benchmark.c
ring_buffer.c ring-buffer: Remove ring_buffer_read_prepare_sync() 2025-08-15 16:38:50 +02:00
rpm-traces.c
synth_event_gen_test.c
trace_benchmark.c
trace_benchmark.h
trace_boot.c
trace_branch.c tracing: branch: Use trace_tracing_is_on_cpu() instead of "disabled" field 2025-05-09 15:19:10 -04:00
trace_btf.c
trace_btf.h
trace_clock.c
trace_dynevent.c tracing: probes: Fix a possible race in trace_probe_log APIs 2025-05-13 22:23:34 +09:00
trace_dynevent.h tracing: probes: Fix a possible race in trace_probe_log APIs 2025-05-13 22:23:34 +09:00
trace_entries.h ftrace: Expose call graph depth as unsigned int 2025-05-08 09:36:08 -04:00
trace_eprobe.c tracing: add missing trace_probe_log_clear for eprobes 2025-05-10 08:44:50 +09:00
trace_event_perf.c perf: Remove unnecessary parameter of security check 2025-02-26 14:13:58 -05:00
trace_events_filter_test.h
trace_events_filter.c tracing: Use queue_rcu_work() to free filters 2025-08-15 16:39:06 +02:00
trace_events_hist.c tracing: Rename event_trigger_alloc() to trigger_data_alloc() 2025-05-09 15:19:11 -04:00
trace_events_inject.c
trace_events_synth.c tracing: Do not add length to print format in synthetic events 2025-04-09 11:34:21 -04:00
trace_events_trigger.c tracing updates for v6.16: 2025-05-29 21:04:36 -07:00
trace_events_user.c tracing/user_events: Slightly simplify user_seq_show() 2025-03-06 13:35:27 -05:00
trace_events.c tracing: Add down_write(trace_event_sem) when adding trace event 2025-07-19 13:54:59 -04:00
trace_export.c
trace_fprobe.c Probes fixes for v6.14: 2025-04-08 12:51:34 -07:00
trace_functions_graph.c fgraph: Do not enable function_graph tracer when setting funcgraph-args 2025-06-18 07:43:22 -04:00
trace_functions.c tracing updates for v6.16: 2025-05-29 21:04:36 -07:00
trace_hwlat.c
trace_irqsoff.c tracing: Use atomic_inc_return() for updating "disabled" counter in irqsoff tracer 2025-05-09 15:19:10 -04:00
trace_kdb.c ring-buffer: Remove ring_buffer_read_prepare_sync() 2025-08-15 16:38:50 +02:00
trace_kprobe_selftest.c
trace_kprobe_selftest.h
trace_kprobe.c tracing: probes: Fix a possible race in trace_probe_log APIs 2025-05-13 22:23:34 +09:00
trace_mmiotrace.c tracing/mmiotrace: Remove reference to unused per CPU data pointer 2025-05-08 09:36:09 -04:00
trace_nop.c
trace_osnoise.c tracing/osnoise: Fix crash in timerlat_dump_stack() 2025-07-18 15:51:35 -04:00
trace_output.c tracing: Show preempt and irq events callsites from the offsets in field print 2025-05-06 11:34:52 -04:00
trace_output.h ftrace: Add print_function_args() 2025-03-04 11:27:23 -05:00
trace_preemptirq.c tracing: Fix archs that still call tracepoints without RCU watching 2024-12-05 09:28:58 -05:00
trace_printk.c
trace_probe_kernel.h
trace_probe_tmpl.h tracing/fprobe: Enable fprobe events with CONFIG_DYNAMIC_FTRACE_WITH_ARGS 2024-12-26 10:50:04 -05:00
trace_probe.c tracing/probes: Avoid using params uninitialized in parse_btf_arg() 2025-07-16 14:01:54 +09:00
trace_probe.h tracing: probe-events: Log error for exceeding the number of arguments 2025-03-27 21:19:54 +09:00
trace_recursion_record.c
trace_sched_switch.c pid: allow pid_max to be set per pid namespace 2024-12-02 11:25:25 +01:00
trace_sched_wakeup.c tracing: Convert the per CPU "disabled" counter to local from atomic 2025-05-09 15:19:10 -04:00
trace_selftest_dynamic.c
trace_selftest.c fgraph: Pass ftrace_regs to retfunc 2024-12-26 10:50:03 -05:00
trace_seq.c
trace_stack.c tracing updates for v6.16: 2025-05-29 21:04:36 -07:00
trace_stat.c tracing: Switch trace_stat.c code over to use guard() 2024-12-26 10:38:37 -05:00
trace_stat.h
trace_synth.h
trace_syscalls.c
trace_uprobe.c bpf-next-6.16 2025-05-28 15:52:42 -07:00
trace.c tracing: Limit access to parser->buffer when trace_get_user failed 2025-08-28 16:34:41 +02:00
trace.h tracing: Limit access to parser->buffer when trace_get_user failed 2025-08-28 16:34:41 +02:00
tracing_map.c tracing: Fix cmp_entries_dup() to respect sort() comparison rules 2024-12-04 10:38:24 -05:00
tracing_map.h