Commit 3fdacf40 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'trace-v5.14-5' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace

Pull tracing fix from Steven Rostedt:
 "Fix the histogram logic from possibly crashing the kernel

  Working on the histogram code, I found that if you dereference a char
  pointer in a trace event that happens to point to user space, it can
  crash the kernel, as it does no checks of that pointer. I have code
  coming that will do this better, so just remove this ability to treat
  character pointers in trace events as stings in the histogram"

* tag 'trace-v5.14-5' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
  tracing: Do not reference char * as a string in histograms
parents d980cc06 704adfb5
...@@ -1689,7 +1689,9 @@ static struct hist_field *create_hist_field(struct hist_trigger_data *hist_data, ...@@ -1689,7 +1689,9 @@ static struct hist_field *create_hist_field(struct hist_trigger_data *hist_data,
if (WARN_ON_ONCE(!field)) if (WARN_ON_ONCE(!field))
goto out; goto out;
if (is_string_field(field)) { /* Pointers to strings are just pointers and dangerous to dereference */
if (is_string_field(field) &&
(field->filter_type != FILTER_PTR_STRING)) {
flags |= HIST_FIELD_FL_STRING; flags |= HIST_FIELD_FL_STRING;
hist_field->size = MAX_FILTER_STR_VAL; hist_field->size = MAX_FILTER_STR_VAL;
...@@ -4495,8 +4497,6 @@ static inline void add_to_key(char *compound_key, void *key, ...@@ -4495,8 +4497,6 @@ static inline void add_to_key(char *compound_key, void *key,
field = key_field->field; field = key_field->field;
if (field->filter_type == FILTER_DYN_STRING) if (field->filter_type == FILTER_DYN_STRING)
size = *(u32 *)(rec + field->offset) >> 16; size = *(u32 *)(rec + field->offset) >> 16;
else if (field->filter_type == FILTER_PTR_STRING)
size = strlen(key);
else if (field->filter_type == FILTER_STATIC_STRING) else if (field->filter_type == FILTER_STATIC_STRING)
size = field->size; size = field->size;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment