mirror/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
2673c60ee67e71f2ebe34386e62d348f71edee47
linux/kernel
History
Steven Rostedt (Google) 2673c60ee6 tracing/eprobes: Do not allow eprobes to use $stack, or % for regs 
While playing with event probes (eprobes), I tried to see what would
happen if I attempted to retrieve the instruction pointer (%rip) knowing
that event probes do not use pt_regs. The result was:

 BUG: kernel NULL pointer dereference, address: 0000000000000024
 #PF: supervisor read access in kernel mode
 #PF: error_code(0x0000) - not-present page
 PGD 0 P4D 0
 Oops: 0000 [#1] PREEMPT SMP PTI
 CPU: 1 PID: 1847 Comm: trace-cmd Not tainted 5.19.0-rc5-test+ #309
 Hardware name: Hewlett-Packard HP Compaq Pro 6300 SFF/339A, BIOS K01
v03.03 07/14/2016
 RIP: 0010:get_event_field.isra.0+0x0/0x50
 Code: ff 48 c7 c7 c0 8f 74 a1 e8 3d 8b f5 ff e8 88 09 f6 ff 4c 89 e7 e8
50 6a 13 00 48 89 ef 5b 5d 41 5c 41 5d e9 42 6a 13 00 66 90 <48> 63 47 24
8b 57 2c 48 01 c6 8b 47 28 83 f8 02 74 0e 83 f8 04 74
 RSP: 0018:ffff916c394bbaf0 EFLAGS: 00010086
 RAX: ffff916c854041d8 RBX: ffff916c8d9fbf50 RCX: ffff916c255d2000
 RDX: 0000000000000000 RSI: ffff916c255d2008 RDI: 0000000000000000
 RBP: 0000000000000000 R08: ffff916c3a2a0c08 R09: ffff916c394bbda8
 R10: 0000000000000000 R11: 0000000000000000 R12: ffff916c854041d8
 R13: ffff916c854041b0 R14: 0000000000000000 R15: 0000000000000000
 FS:  0000000000000000(0000) GS:ffff916c9ea40000(0000)
knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 0000000000000024 CR3: 000000011b60a002 CR4: 00000000001706e0
 Call Trace:
  <TASK>
  get_eprobe_size+0xb4/0x640
  ? __mod_node_page_state+0x72/0xc0
  __eprobe_trace_func+0x59/0x1a0
  ? __mod_lruvec_page_state+0xaa/0x1b0
  ? page_remove_file_rmap+0x14/0x230
  ? page_remove_rmap+0xda/0x170
  event_triggers_call+0x52/0xe0
  trace_event_buffer_commit+0x18f/0x240
  trace_event_raw_event_sched_wakeup_template+0x7a/0xb0
  try_to_wake_up+0x260/0x4c0
  __wake_up_common+0x80/0x180
  __wake_up_common_lock+0x7c/0xc0
  do_notify_parent+0x1c9/0x2a0
  exit_notify+0x1a9/0x220
  do_exit+0x2ba/0x450
  do_group_exit+0x2d/0x90
  __x64_sys_exit_group+0x14/0x20
  do_syscall_64+0x3b/0x90
  entry_SYSCALL_64_after_hwframe+0x46/0xb0

Obviously this is not the desired result.

Move the testing for TPARG_FL_TPOINT which is only used for event probes
to the top of the "$" variable check, as all the other variables are not
used for event probes. Also add a check in the register parsing "%" to
fail if an event probe is used.

Link: https://lkml.kernel.org/r/20220820134400.564426983@goodmis.org

Cc: stable@vger.kernel.org
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Tzvetomir Stoyanov <tz.stoyanov@gmail.com>
Cc: Tom Zanussi <zanussi@kernel.org>
Fixes: 7491e2c442 ("tracing: Add a probe that attaches to trace events")
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
2022-08-21 15:56:08 -04:00
..
bpf
bpf: Limit maximum modifier chain length in btf_check_type_tags
2022-06-15 19:32:12 +02:00
cgroup
Merge branch 'for-5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup
2022-05-25 11:47:25 -07:00
configs
x86/configs: Add x86 debugging Kconfig fragment plus docs
2022-04-06 19:56:29 +02:00
debug
Merge tag 'modules-5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux
2022-05-26 17:13:43 -07:00
dma
dma-direct: use the correct size for dma_set_encrypted()
2022-06-23 15:26:59 +02:00
entry
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
2022-06-08 09:16:31 -07:00
events
Merge tag 'perf-urgent-2022-06-05' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2022-06-05 10:40:31 -07:00
futex
Merge tag 'drm-next-2022-05-25' of git://anongit.freedesktop.org/drm/drm
2022-05-25 16:18:27 -07:00
gcov
gcov: Remove compiler version check
2021-12-02 17:25:21 +09:00
irq
genirq: PM: Use runtime PM for chained interrupts
2022-06-09 15:58:13 +01:00
kcsan
Merge tag 'linux-kselftest-kunit-5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest
2022-05-25 11:32:53 -07:00
livepatch
Merge tag 'livepatching-for-5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/livepatching/livepatching
2022-06-02 08:55:01 -07:00
locking
locking/lockdep: Use sched_clock() for random numbers
2022-06-13 10:29:57 +02:00
module
module: Fix prefix for module.sig_enforce module param
2022-06-02 12:44:33 -07:00
power
PM: hibernate: Use kernel_can_power_off()
2022-06-21 20:57:30 +02:00
printk
Revert "printk: add functions to prefer direct printing"
2022-06-23 18:41:40 +02:00
rcu
Merge branch 'rework/kthreads' into for-linus
2022-06-23 19:11:28 +02:00
sched
sched: Fix balance_push() vs __sched_setscheduler()
2022-06-13 10:15:07 +02:00
time
tick/nohz: unexport __init-annotated tick_nohz_full_setup()
2022-06-27 10:43:12 -07:00
trace
tracing/eprobes: Do not allow eprobes to use $stack, or % for regs
2022-08-21 15:56:08 -04:00
.gitignore
acct.c
kernel/acct: move acct sysctls to its own file
2022-04-06 13:43:44 -07:00
async.c
Revert "module, async: async_synchronize_full() on module init iff async is used"
2022-02-03 11:20:34 -08:00
audit_fsnotify.c
fsnotify: make allow_dups a property of the group
2022-04-25 14:37:18 +02:00
audit_tree.c
audit: use fsnotify group lock helpers
2022-04-25 14:37:28 +02:00
audit_watch.c
fsnotify: pass flags argument to fsnotify_alloc_group()
2022-04-25 14:37:12 +02:00
audit.c
audit: improve audit queue handling when "audit=1" on cmdline
2022-01-25 13:22:51 -05:00
audit.h
audit: log AUDIT_TIME_* records only from rules
2022-02-22 13:51:40 -05:00
auditfilter.c
Merge tag 'audit-pr-20220110' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit
2022-01-11 13:08:21 -08:00
auditsc.c
audit: free module name
2022-06-15 19:28:44 -04:00
backtracetest.c
bounds.c
capability.c
xfs: don't generate selinux audit messages for capability testing
2022-03-09 10:32:06 -08:00
cfi.c
cfi: Fix __cfi_slowpath_diag RCU usage with cpuidle
2022-06-13 09:18:46 -07:00
compat.c
configs.c
context_tracking.c
cpu_pm.c
cpu.c
Merge tag 'x86_tdx_for_v5.19_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2022-05-23 17:51:12 -07:00
crash_core.c
Merge tag 'mm-nonmm-stable-2022-05-26' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2022-05-27 11:22:03 -07:00
crash_dump.c
cred.c
x86: Mark __invalid_creds() __noreturn
2022-03-15 10:32:44 +01:00
delayacct.c
delayacct: track delays from write-protect copy
2022-06-01 15:55:25 -07:00
dma.c
exec_domain.c
exit.c
Merge tag 'ptrace-cleanups-for-v5.18' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2022-03-28 17:29:53 -07:00
extable.c
lkdtm: Really write into kernel text in WRITE_KERN
2022-02-16 23:25:12 +11:00
fail_function.c
fork.c
rv/include: Add deterministic automata monitor definition via C macros
2022-07-30 14:01:28 -04:00
freezer.c
gen_kheaders.sh
kheaders: Have cpio unconditionally replace files
2022-05-08 03:16:59 +09:00
groups.c
hung_task.c
Merge branch 'rework/kthreads' into for-linus
2022-06-23 19:11:28 +02:00
iomem.c
irq_work.c
irq_work: use kasan_record_aux_stack_noalloc() record callstack
2022-04-15 14:49:55 -07:00
jump_label.c
kallsyms.c
ftrace: Add ftrace_lookup_symbols function
2022-05-10 14:42:06 -07:00
kcmp.c
Kconfig.freezer
Kconfig.hz
Kconfig.locks
Kconfig.preempt
Revert "signal, x86: Delay calling signals in atomic on RT enabled kernels"
2022-03-31 10:36:55 +02:00
kcov.c
kcov: update pos before writing pc in trace function
2022-05-25 13:05:42 -07:00
kexec_core.c
Merge tag 'mm-nonmm-stable-2022-05-26' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2022-05-27 11:22:03 -07:00
kexec_elf.c
kexec_file.c
Merge tag 'riscv-for-linus-5.19-mw0' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux
2022-05-31 14:10:54 -07:00
kexec_internal.h
kexec.c
kheaders.c
kmod.c
kprobes.c
Merge tag 'trace-v5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
2022-05-29 10:31:36 -07:00
ksysfs.c
kernel/ksysfs.c: use helper macro __ATTR_RW
2022-03-23 19:00:33 -07:00
kthread.c
kthread: make it clear that kthread_create_on_node() might be terminated by any fatal signal
2022-06-16 19:11:30 -07:00
latencytop.c
latencytop: move sysctl to its own file
2022-04-21 11:40:59 -07:00
Makefile
kernel: add platform_has() infrastructure
2022-06-06 08:06:00 +02:00
module_signature.c
notifier.c
notifier: Add blocking/atomic_notifier_chain_register_unique_prio()
2022-05-19 19:30:30 +02:00
nsproxy.c
padata.c
padata: replace cpumask_weight with cpumask_empty in padata.c
2022-01-31 11:21:46 +11:00
panic.c
Merge branch 'rework/kthreads' into for-linus
2022-06-23 19:11:28 +02:00
params.c
kobject: remove kset from struct kset_uevent_ops callbacks
2021-12-28 11:26:18 +01:00
pid_namespace.c
kernel: pid_namespace: use NULL instead of using plain integer as pointer
2022-04-29 14:38:00 -07:00
pid.c
platform-feature.c
kernel: add platform_has() infrastructure
2022-06-06 08:06:00 +02:00
profile.c
exit: Remove profile_handoff_task
2022-01-08 12:43:57 -06:00
ptrace.c
Merge tag 'ptrace_stop-cleanup-for-v5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2022-06-03 16:13:25 -07:00
range.c
reboot.c
Merge branch 'rework/kthreads' into for-linus
2022-06-23 19:11:28 +02:00
regset.c
relay.c
relay: remove redundant assignment to pointer buf
2022-05-12 20:38:37 -07:00
resource_kunit.c
resource.c
kernel/resource: fix kfree() of bootmem memory again
2022-03-23 19:00:35 -07:00
rseq.c
rseq: Remove broken uapi field layout on 32-bit little endian
2022-02-02 13:11:34 +01:00
scftorture.c
scftorture: Fix distribution of short handler delays
2022-04-11 17:07:29 -07:00
scs.c
kasan, vmalloc: only tag normal vmalloc allocations
2022-03-24 19:06:48 -07:00
seccomp.c
seccomp: Add wait_killable semantic to seccomp user notifier
2022-05-03 14:11:58 -07:00
signal.c
Merge tag 'ptrace_stop-cleanup-for-v5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2022-06-03 16:13:25 -07:00
smp.c
Merge tag 'sched-core-2022-05-23' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2022-05-24 11:11:13 -07:00
smpboot.c
cpu/hotplug: Allow the CPU in CPU_UP_PREPARE state to be brought up again.
2022-04-12 14:13:01 +02:00
smpboot.h
softirq.c
smp: Make softirq handling RT safe in flush_smp_call_function_queue()
2022-05-01 10:03:43 +02:00
stackleak.c
stackleak: add on/off stack variants
2022-05-08 01:33:09 -07:00
stacktrace.c
uaccess: remove CONFIG_SET_FS
2022-02-25 09:36:06 +01:00
static_call_inline.c
static_call: Don't make __static_call_return0 static
2022-04-05 09:59:38 +02:00
static_call.c
static_call: Don't make __static_call_return0 static
2022-04-05 09:59:38 +02:00
stop_machine.c
Merge tag 'sched-core-2022-05-23' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2022-05-24 11:11:13 -07:00
sys_ni.c
mm/mempolicy: wire up syscall set_mempolicy_home_node
2022-01-15 16:30:30 +02:00
sys.c
arm64/sme: Implement vector length configuration prctl()s
2022-04-22 18:50:54 +01:00
sysctl-test.c
sysctl.c
Merge tag 'sysctl-5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux
2022-05-26 16:57:20 -07:00
task_work.c
task_work: allow TWA_SIGNAL without a rescheduling IPI
2022-04-30 08:39:32 -06:00
taskstats.c
kernel: make taskstats available from all net namespaces
2022-04-29 14:38:03 -07:00
torture.c
torture: Wake up kthreads after storing task_struct pointer
2022-02-01 17:24:39 -08:00
tracepoint.c
tsacct.c
taskstats: version 12 with thread group and exe info
2022-04-29 14:38:03 -07:00
ucount.c
ucounts: Handle wrapping in is_ucounts_overlimit
2022-02-17 09:11:57 -06:00
uid16.c
uid16.h
umh.c
kthread: Don't allocate kthread_struct for init and umh
2022-05-06 14:49:44 -05:00
up.c
user_namespace.c
ucounts: Fix systemd LimitNPROC with private users regression
2022-02-25 10:40:14 -06:00
user-return-notifier.c
user.c
usermode_driver.c
blob_to_mnt(): kern_unmount() is needed to undo kern_mount()
2022-05-19 23:25:47 -04:00
utsname_sysctl.c
utsname.c
watch_queue.c
watch_queue: Free the page array when watch_queue is dismantled
2022-04-02 10:37:39 -07:00
watchdog_hld.c
Revert "printk: add functions to prefer direct printing"
2022-06-23 18:41:40 +02:00
watchdog.c
Merge branch 'rework/kthreads' into for-linus
2022-06-23 19:11:28 +02:00
workqueue_internal.h
workqueue.c
workqueue: Wrap flush_workqueue() using a macro
2022-06-07 07:07:14 -10:00