Home Home > GIT Browse > stable
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJiri Slaby <jslaby@suse.cz>2019-02-15 10:23:48 +0100
committerJiri Slaby <jslaby@suse.cz>2019-02-15 10:24:02 +0100
commitbecfbc0f4fb6048e318ac0a272f7d066f948c7d5 (patch)
treec121194b9d3000cb9516069ed08eee207ff1052d
parent9ed9fc3dcf64be72ee919226a7637bb9be83b9e6 (diff)
tracing/uprobes: Fix output for multiple string arguments
-rw-r--r--patches.kernel.org/4.20.9-021-tracing-uprobes-Fix-output-for-multiple-string.patch81
-rw-r--r--series.conf1
2 files changed, 82 insertions, 0 deletions
diff --git a/patches.kernel.org/4.20.9-021-tracing-uprobes-Fix-output-for-multiple-string.patch b/patches.kernel.org/4.20.9-021-tracing-uprobes-Fix-output-for-multiple-string.patch
new file mode 100644
index 0000000000..4e2ff492cb
--- /dev/null
+++ b/patches.kernel.org/4.20.9-021-tracing-uprobes-Fix-output-for-multiple-string.patch
@@ -0,0 +1,81 @@
+From: Andreas Ziegler <andreas.ziegler@fau.de>
+Date: Wed, 16 Jan 2019 15:16:29 +0100
+Subject: [PATCH] tracing/uprobes: Fix output for multiple string arguments
+References: bnc#1012628
+Patch-mainline: 4.20.9
+Git-commit: 0722069a5374b904ec1a67f91249f90e1cfae259
+
+commit 0722069a5374b904ec1a67f91249f90e1cfae259 upstream.
+
+When printing multiple uprobe arguments as strings the output for the
+earlier arguments would also include all later string arguments.
+
+This is best explained in an example:
+
+Consider adding a uprobe to a function receiving two strings as
+parameters which is at offset 0xa0 in strlib.so and we want to print
+both parameters when the uprobe is hit (on x86_64):
+
+$ echo 'p:func /lib/strlib.so:0xa0 +0(%di):string +0(%si):string' > \
+ /sys/kernel/debug/tracing/uprobe_events
+
+When the function is called as func("foo", "bar") and we hit the probe,
+the trace file shows a line like the following:
+
+ [...] func: (0x7f7e683706a0) arg1="foobar" arg2="bar"
+
+Note the extra "bar" printed as part of arg1. This behaviour stacks up
+for additional string arguments.
+
+The strings are stored in a dynamically growing part of the uprobe
+buffer by fetch_store_string() after copying them from userspace via
+strncpy_from_user(). The return value of strncpy_from_user() is then
+directly used as the required size for the string. However, this does
+not take the terminating null byte into account as the documentation
+for strncpy_from_user() cleary states that it "[...] returns the
+length of the string (not including the trailing NUL)" even though the
+null byte will be copied to the destination.
+
+Therefore, subsequent calls to fetch_store_string() will overwrite
+the terminating null byte of the most recently fetched string with
+the first character of the current string, leading to the
+"accumulation" of strings in earlier arguments in the output.
+
+Fix this by incrementing the return value of strncpy_from_user() by
+one if we did not hit the maximum buffer size.
+
+Link: http://lkml.kernel.org/r/20190116141629.5752-1-andreas.ziegler@fau.de
+
+Cc: Ingo Molnar <mingo@redhat.com>
+Cc: stable@vger.kernel.org
+Fixes: 5baaa59ef09e ("tracing/probes: Implement 'memory' fetch method for uprobes")
+Acked-by: Masami Hiramatsu <mhiramat@kernel.org>
+Signed-off-by: Andreas Ziegler <andreas.ziegler@fau.de>
+Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ kernel/trace/trace_uprobe.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/kernel/trace/trace_uprobe.c b/kernel/trace/trace_uprobe.c
+index 31ea48eceda1..f4d2252e087b 100644
+--- a/kernel/trace/trace_uprobe.c
++++ b/kernel/trace/trace_uprobe.c
+@@ -127,6 +127,13 @@ fetch_store_string(unsigned long addr, void *dest, void *base)
+ if (ret >= 0) {
+ if (ret == maxlen)
+ dst[ret - 1] = '\0';
++ else
++ /*
++ * Include the terminating null byte. In this case it
++ * was copied by strncpy_from_user but not accounted
++ * for in ret.
++ */
++ ret++;
+ *(u32 *)dest = make_data_loc(ret, (void *)dst - base);
+ }
+
+--
+2.20.1
+
diff --git a/series.conf b/series.conf
index 233a930106..5066595872 100644
--- a/series.conf
+++ b/series.conf
@@ -1103,6 +1103,7 @@
patches.kernel.org/4.20.9-018-svcrdma-Remove-max_sge-check-at-connect-time.patch
patches.kernel.org/4.20.9-019-pinctrl-sunxi-Correct-number-of-IRQ-banks-on-H.patch
patches.kernel.org/4.20.9-020-pinctrl-cherryview-fix-Strago-DMI-workaround.patch
+ patches.kernel.org/4.20.9-021-tracing-uprobes-Fix-output-for-multiple-string.patch
########################################################
# Build fixes that apply to the vanilla kernel too.