Commit eb01f535 authored by Steven Rostedt (VMware)'s avatar Steven Rostedt (VMware)
Browse files

tracing: Handle %.*s in trace_check_vprintf() 

If a trace event uses the %*.s notation, the trace_check_vprintf() will
fail and will warn about a bad processing of strings, because it does not
take into account the length field when processing the star (*) part.
Have it handle this case as well.

Link: https://lore.kernel.org/linux-nfs/238C0E2D-C2A4-4578-ADD2-C565B3B99842@oracle.com/



Reported-by: default avatarChuck Lever III <chuck.lever@oracle.com>
Fixes: 9a6944fe ("tracing: Add a verifier to check string pointers for trace events")
Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
parent 6efb943b

kernel/trace/trace.c

+27 −4
Original line number Diff line number Diff line
@@ -3704,6 +3704,9 @@ void trace_check_vprintf(struct trace_iterator *iter, const char *fmt, 
		goto print;



	while (*p) {

		bool star = false;

		int len = 0;



		j = 0;



		/* We only care about %s and variants */
@@ -3725,13 +3728,17 @@ void trace_check_vprintf(struct trace_iterator *iter, const char *fmt, 
				/* Need to test cases like %08.*s */

				for (j = 1; p[i+j]; j++) {

					if (isdigit(p[i+j]) ||

					    p[i+j] == '*' ||

					    p[i+j] == '.')

						continue;

					if (p[i+j] == '*') {

						star = true;

						continue;

					}

					break;

				}

				if (p[i+j] == 's')

					break;

				star = false;

			}

			j = 0;

		}
@@ -3744,6 +3751,9 @@ void trace_check_vprintf(struct trace_iterator *iter, const char *fmt, 
		iter->fmt[i] = '\0';

		trace_seq_vprintf(&iter->seq, iter->fmt, ap);



		if (star)

			len = va_arg(ap, int);



		/* The ap now points to the string data of the %s */

		str = va_arg(ap, const char *);
@@ -3762,8 +3772,18 @@ void trace_check_vprintf(struct trace_iterator *iter, const char *fmt, 
			int ret;



			/* Try to safely read the string */

			if (star) {

				if (len + 1 > iter->fmt_size)

					len = iter->fmt_size - 1;

				if (len < 0)

					len = 0;

				ret = copy_from_kernel_nofault(iter->fmt, str, len);

				iter->fmt[len] = 0;

				star = false;

			} else {

				ret = strncpy_from_kernel_nofault(iter->fmt, str,

								  iter->fmt_size);

			}

			if (ret < 0)

				trace_seq_printf(&iter->seq, "(0x%px)", str);

			else
@@ -3775,6 +3795,9 @@ void trace_check_vprintf(struct trace_iterator *iter, const char *fmt, 
			strncpy(iter->fmt, p + i, j + 1);

			iter->fmt[j+1] = '\0';

		}

		if (star)

			trace_seq_printf(&iter->seq, iter->fmt, len, str);

		else

			trace_seq_printf(&iter->seq, iter->fmt, str);



		p += i + j + 1;