summaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2021-07-17 12:36:51 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2021-07-17 12:36:51 -0700
commit3fdacf402bb2221c77940f68ef56a0214c098ee0 (patch)
tree4f30b1de7adce7bf043f7e24b71dd0feedfb0214 /kernel
parentd980cc0620ae77ab2572235a1300bf22519f2e86 (diff)
parent704adfb5a9978462cd861f170201ae2b5e3d3a80 (diff)
downloadlinux-3fdacf402bb2221c77940f68ef56a0214c098ee0.tar.gz
linux-3fdacf402bb2221c77940f68ef56a0214c098ee0.tar.bz2
linux-3fdacf402bb2221c77940f68ef56a0214c098ee0.zip
Merge tag 'trace-v5.14-5' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
Pull tracing fix from Steven Rostedt: "Fix the histogram logic from possibly crashing the kernel Working on the histogram code, I found that if you dereference a char pointer in a trace event that happens to point to user space, it can crash the kernel, as it does no checks of that pointer. I have code coming that will do this better, so just remove this ability to treat character pointers in trace events as stings in the histogram" * tag 'trace-v5.14-5' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: tracing: Do not reference char * as a string in histograms
Diffstat (limited to 'kernel')
-rw-r--r--kernel/trace/trace_events_hist.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c
index 0207aeed31e6..16a9dfc9fffc 100644
--- a/kernel/trace/trace_events_hist.c
+++ b/kernel/trace/trace_events_hist.c
@@ -1689,7 +1689,9 @@ static struct hist_field *create_hist_field(struct hist_trigger_data *hist_data,
if (WARN_ON_ONCE(!field))
goto out;
- if (is_string_field(field)) {
+ /* Pointers to strings are just pointers and dangerous to dereference */
+ if (is_string_field(field) &&
+ (field->filter_type != FILTER_PTR_STRING)) {
flags |= HIST_FIELD_FL_STRING;
hist_field->size = MAX_FILTER_STR_VAL;
@@ -4495,8 +4497,6 @@ static inline void add_to_key(char *compound_key, void *key,
field = key_field->field;
if (field->filter_type == FILTER_DYN_STRING)
size = *(u32 *)(rec + field->offset) >> 16;
- else if (field->filter_type == FILTER_PTR_STRING)
- size = strlen(key);
else if (field->filter_type == FILTER_STATIC_STRING)
size = field->size;