mirror of https://gitee.com/openkylin/linux.git
tracing: Fix trace_check_vprintf() for %.*s
The sanity check of all strings being read from the ring buffer to make sure they are in safe memory space did not account for the %.*s notation having another parameter to process (the length). Add that to the check. -----BEGIN PGP SIGNATURE----- iIoEABYIADIWIQRRSw7ePDh/lE+zeZMp5XQQmuv6qgUCYJ7e5xQccm9zdGVkdEBn b29kbWlzLm9yZwAKCRAp5XQQmuv6qm/IAPwJfjbQb6quaF1PMTY/pOEby5wIvv4c TZxFGN03FgzYRgD8CSUvB/L0gDs56oL5X6gw0Fs/9CJ2cVUo1bCPHEj4LgY= =3v5m -----END PGP SIGNATURE----- Merge tag 'trace-v5.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace Pull tracing fix from Steven Rostedt: "Fix trace_check_vprintf() for %.*s The sanity check of all strings being read from the ring buffer to make sure they are in safe memory space did not account for the %.*s notation having another parameter to process (the length). Add that to the check" * tag 'trace-v5.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: tracing: Handle %.*s in trace_check_vprintf()
This commit is contained in:
commit
25a1298726
|
@ -3704,6 +3704,9 @@ void trace_check_vprintf(struct trace_iterator *iter, const char *fmt,
|
||||||
goto print;
|
goto print;
|
||||||
|
|
||||||
while (*p) {
|
while (*p) {
|
||||||
|
bool star = false;
|
||||||
|
int len = 0;
|
||||||
|
|
||||||
j = 0;
|
j = 0;
|
||||||
|
|
||||||
/* We only care about %s and variants */
|
/* We only care about %s and variants */
|
||||||
|
@ -3725,13 +3728,17 @@ void trace_check_vprintf(struct trace_iterator *iter, const char *fmt,
|
||||||
/* Need to test cases like %08.*s */
|
/* Need to test cases like %08.*s */
|
||||||
for (j = 1; p[i+j]; j++) {
|
for (j = 1; p[i+j]; j++) {
|
||||||
if (isdigit(p[i+j]) ||
|
if (isdigit(p[i+j]) ||
|
||||||
p[i+j] == '*' ||
|
|
||||||
p[i+j] == '.')
|
p[i+j] == '.')
|
||||||
continue;
|
continue;
|
||||||
|
if (p[i+j] == '*') {
|
||||||
|
star = true;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if (p[i+j] == 's')
|
if (p[i+j] == 's')
|
||||||
break;
|
break;
|
||||||
|
star = false;
|
||||||
}
|
}
|
||||||
j = 0;
|
j = 0;
|
||||||
}
|
}
|
||||||
|
@ -3744,6 +3751,9 @@ void trace_check_vprintf(struct trace_iterator *iter, const char *fmt,
|
||||||
iter->fmt[i] = '\0';
|
iter->fmt[i] = '\0';
|
||||||
trace_seq_vprintf(&iter->seq, iter->fmt, ap);
|
trace_seq_vprintf(&iter->seq, iter->fmt, ap);
|
||||||
|
|
||||||
|
if (star)
|
||||||
|
len = va_arg(ap, int);
|
||||||
|
|
||||||
/* The ap now points to the string data of the %s */
|
/* The ap now points to the string data of the %s */
|
||||||
str = va_arg(ap, const char *);
|
str = va_arg(ap, const char *);
|
||||||
|
|
||||||
|
@ -3762,8 +3772,18 @@ void trace_check_vprintf(struct trace_iterator *iter, const char *fmt,
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
/* Try to safely read the string */
|
/* Try to safely read the string */
|
||||||
ret = strncpy_from_kernel_nofault(iter->fmt, str,
|
if (star) {
|
||||||
iter->fmt_size);
|
if (len + 1 > iter->fmt_size)
|
||||||
|
len = iter->fmt_size - 1;
|
||||||
|
if (len < 0)
|
||||||
|
len = 0;
|
||||||
|
ret = copy_from_kernel_nofault(iter->fmt, str, len);
|
||||||
|
iter->fmt[len] = 0;
|
||||||
|
star = false;
|
||||||
|
} else {
|
||||||
|
ret = strncpy_from_kernel_nofault(iter->fmt, str,
|
||||||
|
iter->fmt_size);
|
||||||
|
}
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
trace_seq_printf(&iter->seq, "(0x%px)", str);
|
trace_seq_printf(&iter->seq, "(0x%px)", str);
|
||||||
else
|
else
|
||||||
|
@ -3775,7 +3795,10 @@ void trace_check_vprintf(struct trace_iterator *iter, const char *fmt,
|
||||||
strncpy(iter->fmt, p + i, j + 1);
|
strncpy(iter->fmt, p + i, j + 1);
|
||||||
iter->fmt[j+1] = '\0';
|
iter->fmt[j+1] = '\0';
|
||||||
}
|
}
|
||||||
trace_seq_printf(&iter->seq, iter->fmt, str);
|
if (star)
|
||||||
|
trace_seq_printf(&iter->seq, iter->fmt, len, str);
|
||||||
|
else
|
||||||
|
trace_seq_printf(&iter->seq, iter->fmt, str);
|
||||||
|
|
||||||
p += i + j + 1;
|
p += i + j + 1;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue