Maksytka/linux
1
1
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2025-12-01 07:26:02 +07:00
Code Issues Packages Projects Releases Wiki Activity

Merge tag 'trace-v6.17-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace

Browse Source 
Pull tracing fixes from Steven Rostedt:

 - Fix buffer overflow in osnoise_cpu_write()

   The allocated buffer to read user space did not add a nul terminating
   byte after copying from user the string. It then reads the string,
   and if user space did not add a nul byte, the read will continue
   beyond the string.

   Add a nul terminating byte after reading the string.

 - Fix missing check for lockdown on tracing

   There's a path from kprobe events or uprobe events that can update
   the tracing system even if lockdown on tracing is activate. Add a
   check in the dynamic event path.

 - Add a recursion check for the function graph return path

   Now that fprobes can hook to the function graph tracer and call
   different code between the entry and the exit, the exit code may now
   call functions that are not called in entry. This means that the exit
   handler can possibly trigger recursion that is not caught and cause
   the system to crash.

   Add the same recursion checks in the function exit handler as exists
   in the entry handler path.

* tag 'trace-v6.17-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
  tracing: fgraph: Protect return handler from recursion loop
  tracing: dynevent: Add a missing lockdown check on dynevent
  tracing/osnoise: Fix slab-out-of-bounds in _parse_integer_limit()
This commit is contained in:
Linus Torvalds
2025-09-28 10:26:35 -07:00
parent a5b2a9f505 0db0934e7f
commit 8f9736633f
2 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
kernel/trace/fgraph.c
View File

@@ -815,6 +815,7 @@ __ftrace_return_to_handler(struct ftrace_regs *fregs, unsigned long frame_pointe
unsigned long bitmap; unsigned long bitmap;
unsigned long ret; unsigned long ret;
int offset; int offset;
int bit;
int i; int i;
ret_stack = ftrace_pop_return_trace(&trace, &ret, frame_pointer, &offset); ret_stack = ftrace_pop_return_trace(&trace, &ret, frame_pointer, &offset);
@@ -829,6 +830,15 @@ __ftrace_return_to_handler(struct ftrace_regs *fregs, unsigned long frame_pointe
if (fregs) if (fregs)
ftrace_regs_set_instruction_pointer(fregs, ret); ftrace_regs_set_instruction_pointer(fregs, ret);
bit = ftrace_test_recursion_trylock(trace.func, ret);
/*
* This can fail because ftrace_test_recursion_trylock() allows one nest
* call. If we are already in a nested call, then we don't probe this and
* just return the original return address.
*/
if (unlikely(bit < 0))
goto out;
#ifdef CONFIG_FUNCTION_GRAPH_RETVAL #ifdef CONFIG_FUNCTION_GRAPH_RETVAL
trace.retval = ftrace_regs_get_return_value(fregs); trace.retval = ftrace_regs_get_return_value(fregs);
#endif #endif
@@ -852,6 +862,8 @@ __ftrace_return_to_handler(struct ftrace_regs *fregs, unsigned long frame_pointe
} }
} }
ftrace_test_recursion_unlock(bit);
out:
/* /*
* The ftrace_graph_return() may still access the current * The ftrace_graph_return() may still access the current
* ret_stack structure, we need to make sure the update of * ret_stack structure, we need to make sure the update of

3
kernel/trace/trace_osnoise.c
View File

@@ -2325,12 +2325,13 @@ osnoise_cpus_write(struct file *filp, const char __user *ubuf, size_t count,
if (count < 1) if (count < 1)
return 0; return 0;
buf = kmalloc(count, GFP_KERNEL); buf = kmalloc(count + 1, GFP_KERNEL);
if (!buf) if (!buf)
return -ENOMEM; return -ENOMEM;
if (copy_from_user(buf, ubuf, count)) if (copy_from_user(buf, ubuf, count))
return -EFAULT; return -EFAULT;
buf[count] = '\0';
if (!zalloc_cpumask_var(&osnoise_cpumask_new, GFP_KERNEL)) if (!zalloc_cpumask_var(&osnoise_cpumask_new, GFP_KERNEL))
return -ENOMEM; return -ENOMEM;