[1/3] tracing/user_events: Ensure write index cannot be negative

Message ID	20230411211709.15018-2-beaub@linux.microsoft.com (mailing list archive)
State	Superseded
Headers	show Return-Path: <linux-trace-kernel-owner@vger.kernel.org> From: Beau Belgrave <beaub@linux.microsoft.com> To: rostedt@goodmis.org, mhiramat@kernel.org, mathieu.desnoyers@efficios.com, dcook@linux.microsoft.com, alanau@linux.microsoft.com Cc: linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org Subject: [PATCH 1/3] tracing/user_events: Ensure write index cannot be negative Date: Tue, 11 Apr 2023 14:17:07 -0700 Message-Id: <20230411211709.15018-2-beaub@linux.microsoft.com> In-Reply-To: <20230411211709.15018-1-beaub@linux.microsoft.com> References: <20230411211709.15018-1-beaub@linux.microsoft.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	tracing/user_events: Fixes and improvements for 6.4 \| expand [0/3] tracing/user_events: Fixes and improvements for 6.4 [1/3] tracing/user_events: Ensure write index cannot be negative [2/3] tracing/user_events: Ensure bit is cleared on unregister [3/3] tracing/user_events: Prevent same address and bit per process

Message ID

20230411211709.15018-2-beaub@linux.microsoft.com (mailing list archive)

State

Superseded

Headers

From: Beau Belgrave <beaub@linux.microsoft.com>
To: rostedt@goodmis.org, mhiramat@kernel.org,
        mathieu.desnoyers@efficios.com, dcook@linux.microsoft.com,
        alanau@linux.microsoft.com
Cc: linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org
Subject: [PATCH 1/3] tracing/user_events: Ensure write index cannot be
 negative
Date: Tue, 11 Apr 2023 14:17:07 -0700
Message-Id: <20230411211709.15018-2-beaub@linux.microsoft.com>
In-Reply-To: <20230411211709.15018-1-beaub@linux.microsoft.com>
References: <20230411211709.15018-1-beaub@linux.microsoft.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

tracing/user_events: Fixes and improvements for 6.4 | expand

Commit Message

Beau Belgrave April 11, 2023, 9:17 p.m. UTC

The write index indicates which event the data is for and accesses a
per-file array. The index is passed by user processes during write()
calls as the first 4 bytes. Ensure that it cannot be negative by
returning -EINVAL to prevent out of bounds accesses.

Update ftrace self-test to ensure this occurs properly.

Fixes: 7f5a08c79df3 ("user_events: Add minimal support for trace_event into ftrace")
Reported-by: Doug Cook <dcook@linux.microsoft.com>
Signed-off-by: Beau Belgrave <beaub@linux.microsoft.com>
---
 kernel/trace/trace_events_user.c                  | 3 +++
 tools/testing/selftests/user_events/ftrace_test.c | 5 +++++
 2 files changed, 8 insertions(+)

Comments

Masami Hiramatsu (Google) April 25, 2023, 2:43 p.m. UTC | #1

On Tue, 11 Apr 2023 14:17:07 -0700
Beau Belgrave <beaub@linux.microsoft.com> wrote:

> The write index indicates which event the data is for and accesses a
> per-file array. The index is passed by user processes during write()
> calls as the first 4 bytes. Ensure that it cannot be negative by
> returning -EINVAL to prevent out of bounds accesses.
> 
> Update ftrace self-test to ensure this occurs properly.
> 
> Fixes: 7f5a08c79df3 ("user_events: Add minimal support for trace_event into ftrace")
> Reported-by: Doug Cook <dcook@linux.microsoft.com>
> Signed-off-by: Beau Belgrave <beaub@linux.microsoft.com>

Looks good to me.

Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>

Thanks!

> ---
>  kernel/trace/trace_events_user.c                  | 3 +++
>  tools/testing/selftests/user_events/ftrace_test.c | 5 +++++
>  2 files changed, 8 insertions(+)
> 
> diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c
> index cc8c6d8b69b5..e7dff24aa724 100644
> --- a/kernel/trace/trace_events_user.c
> +++ b/kernel/trace/trace_events_user.c
> @@ -1821,6 +1821,9 @@ static ssize_t user_events_write_core(struct file *file, struct iov_iter *i)
>  	if (unlikely(copy_from_iter(&idx, sizeof(idx), i) != sizeof(idx)))
>  		return -EFAULT;
>  
> +	if (idx < 0)
> +		return -EINVAL;
> +
>  	rcu_read_lock_sched();
>  
>  	refs = rcu_dereference_sched(info->refs);
> diff --git a/tools/testing/selftests/user_events/ftrace_test.c b/tools/testing/selftests/user_events/ftrace_test.c
> index aceafacfb126..91272f9d6fce 100644
> --- a/tools/testing/selftests/user_events/ftrace_test.c
> +++ b/tools/testing/selftests/user_events/ftrace_test.c
> @@ -296,6 +296,11 @@ TEST_F(user, write_events) {
>  	ASSERT_NE(-1, writev(self->data_fd, (const struct iovec *)io, 3));
>  	after = trace_bytes();
>  	ASSERT_GT(after, before);
> +
> +	/* Negative index should fail with EINVAL */
> +	reg.write_index = -1;
> +	ASSERT_EQ(-1, writev(self->data_fd, (const struct iovec *)io, 3));
> +	ASSERT_EQ(EINVAL, errno);
>  }
>  
>  TEST_F(user, write_fault) {
> -- 
> 2.25.1
>

diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c
index cc8c6d8b69b5..e7dff24aa724 100644
--- a/kernel/trace/trace_events_user.c
+++ b/kernel/trace/trace_events_user.c
@@ -1821,6 +1821,9 @@  static ssize_t user_events_write_core(struct file *file, struct iov_iter *i)
 	if (unlikely(copy_from_iter(&idx, sizeof(idx), i) != sizeof(idx)))
 		return -EFAULT;
 
+	if (idx < 0)
+		return -EINVAL;
+
 	rcu_read_lock_sched();
 
 	refs = rcu_dereference_sched(info->refs);
diff --git a/tools/testing/selftests/user_events/ftrace_test.c b/tools/testing/selftests/user_events/ftrace_test.c
index aceafacfb126..91272f9d6fce 100644
--- a/tools/testing/selftests/user_events/ftrace_test.c
+++ b/tools/testing/selftests/user_events/ftrace_test.c
@@ -296,6 +296,11 @@  TEST_F(user, write_events) {
 	ASSERT_NE(-1, writev(self->data_fd, (const struct iovec *)io, 3));
 	after = trace_bytes();
 	ASSERT_GT(after, before);
+
+	/* Negative index should fail with EINVAL */
+	reg.write_index = -1;
+	ASSERT_EQ(-1, writev(self->data_fd, (const struct iovec *)io, 3));
+	ASSERT_EQ(EINVAL, errno);
 }
 
 TEST_F(user, write_fault) {

[1/3] tracing/user_events: Ensure write index cannot be negative

Commit Message

Comments

Patch