From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Andrii Nakryiko <andrii@kernel.org>,
Jiri Olsa <jolsa@kernel.org>,
"Masami Hiramatsu (Google)" <mhiramat@kernel.org>,
Sasha Levin <sashal@kernel.org>,
Vamsi Krishna Brahmajosyula
<vamsi-krishna.brahmajosyula@broadcom.com>
Subject: [PATCH 6.1 31/39] uprobes: encapsulate preparation of uprobe args buffer
Date: Fri, 15 Nov 2024 07:38:41 +0100 [thread overview]
Message-ID: <20241115063723.731582037@linuxfoundation.org> (raw)
In-Reply-To: <20241115063722.599985562@linuxfoundation.org>
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrii Nakryiko <andrii@kernel.org>
commit 3eaea21b4d27cff0017c20549aeb53034c58fc23 upstream.
Move the logic of fetching temporary per-CPU uprobe buffer and storing
uprobes args into it to a new helper function. Store data size as part
of this buffer, simplifying interfaces a bit, as now we only pass single
uprobe_cpu_buffer reference around, instead of pointer + dsize.
This logic was duplicated across uprobe_dispatcher and uretprobe_dispatcher,
and now will be centralized. All this is also in preparation to make
this uprobe_cpu_buffer handling logic optional in the next patch.
Link: https://lore.kernel.org/all/20240318181728.2795838-2-andrii@kernel.org/
[Masami: update for v6.9-rc3 kernel]
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Reviewed-by: Jiri Olsa <jolsa@kernel.org>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Stable-dep-of: 373b9338c972 ("uprobe: avoid out-of-bounds memory access of fetching args")
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Vamsi Krishna Brahmajosyula <vamsi-krishna.brahmajosyula@broadcom.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/trace_uprobe.c | 79 ++++++++++++++++++++++----------------------
1 file changed, 41 insertions(+), 38 deletions(-)
--- a/kernel/trace/trace_uprobe.c
+++ b/kernel/trace/trace_uprobe.c
@@ -858,6 +858,7 @@ static const struct file_operations upro
struct uprobe_cpu_buffer {
struct mutex mutex;
void *buf;
+ int dsize;
};
static struct uprobe_cpu_buffer __percpu *uprobe_cpu_buffer;
static int uprobe_buffer_refcnt;
@@ -947,9 +948,26 @@ static void uprobe_buffer_put(struct upr
mutex_unlock(&ucb->mutex);
}
+static struct uprobe_cpu_buffer *prepare_uprobe_buffer(struct trace_uprobe *tu,
+ struct pt_regs *regs)
+{
+ struct uprobe_cpu_buffer *ucb;
+ int dsize, esize;
+
+ esize = SIZEOF_TRACE_ENTRY(is_ret_probe(tu));
+ dsize = __get_data_size(&tu->tp, regs);
+
+ ucb = uprobe_buffer_get();
+ ucb->dsize = tu->tp.size + dsize;
+
+ store_trace_args(ucb->buf, &tu->tp, regs, esize, dsize);
+
+ return ucb;
+}
+
static void __uprobe_trace_func(struct trace_uprobe *tu,
unsigned long func, struct pt_regs *regs,
- struct uprobe_cpu_buffer *ucb, int dsize,
+ struct uprobe_cpu_buffer *ucb,
struct trace_event_file *trace_file)
{
struct uprobe_trace_entry_head *entry;
@@ -960,14 +978,14 @@ static void __uprobe_trace_func(struct t
WARN_ON(call != trace_file->event_call);
- if (WARN_ON_ONCE(tu->tp.size + dsize > PAGE_SIZE))
+ if (WARN_ON_ONCE(ucb->dsize > PAGE_SIZE))
return;
if (trace_trigger_soft_disabled(trace_file))
return;
esize = SIZEOF_TRACE_ENTRY(is_ret_probe(tu));
- size = esize + tu->tp.size + dsize;
+ size = esize + ucb->dsize;
entry = trace_event_buffer_reserve(&fbuffer, trace_file, size);
if (!entry)
return;
@@ -981,14 +999,14 @@ static void __uprobe_trace_func(struct t
data = DATAOF_TRACE_ENTRY(entry, false);
}
- memcpy(data, ucb->buf, tu->tp.size + dsize);
+ memcpy(data, ucb->buf, ucb->dsize);
trace_event_buffer_commit(&fbuffer);
}
/* uprobe handler */
static int uprobe_trace_func(struct trace_uprobe *tu, struct pt_regs *regs,
- struct uprobe_cpu_buffer *ucb, int dsize)
+ struct uprobe_cpu_buffer *ucb)
{
struct event_file_link *link;
@@ -997,7 +1015,7 @@ static int uprobe_trace_func(struct trac
rcu_read_lock();
trace_probe_for_each_link_rcu(link, &tu->tp)
- __uprobe_trace_func(tu, 0, regs, ucb, dsize, link->file);
+ __uprobe_trace_func(tu, 0, regs, ucb, link->file);
rcu_read_unlock();
return 0;
@@ -1005,13 +1023,13 @@ static int uprobe_trace_func(struct trac
static void uretprobe_trace_func(struct trace_uprobe *tu, unsigned long func,
struct pt_regs *regs,
- struct uprobe_cpu_buffer *ucb, int dsize)
+ struct uprobe_cpu_buffer *ucb)
{
struct event_file_link *link;
rcu_read_lock();
trace_probe_for_each_link_rcu(link, &tu->tp)
- __uprobe_trace_func(tu, func, regs, ucb, dsize, link->file);
+ __uprobe_trace_func(tu, func, regs, ucb, link->file);
rcu_read_unlock();
}
@@ -1339,7 +1357,7 @@ static bool uprobe_perf_filter(struct up
static void __uprobe_perf_func(struct trace_uprobe *tu,
unsigned long func, struct pt_regs *regs,
- struct uprobe_cpu_buffer *ucb, int dsize)
+ struct uprobe_cpu_buffer *ucb)
{
struct trace_event_call *call = trace_probe_event_call(&tu->tp);
struct uprobe_trace_entry_head *entry;
@@ -1360,7 +1378,7 @@ static void __uprobe_perf_func(struct tr
esize = SIZEOF_TRACE_ENTRY(is_ret_probe(tu));
- size = esize + tu->tp.size + dsize;
+ size = esize + ucb->dsize;
size = ALIGN(size + sizeof(u32), sizeof(u64)) - sizeof(u32);
if (WARN_ONCE(size > PERF_MAX_TRACE_SIZE, "profile buffer not large enough"))
return;
@@ -1383,13 +1401,10 @@ static void __uprobe_perf_func(struct tr
data = DATAOF_TRACE_ENTRY(entry, false);
}
- memcpy(data, ucb->buf, tu->tp.size + dsize);
-
- if (size - esize > tu->tp.size + dsize) {
- int len = tu->tp.size + dsize;
+ memcpy(data, ucb->buf, ucb->dsize);
- memset(data + len, 0, size - esize - len);
- }
+ if (size - esize > ucb->dsize)
+ memset(data + ucb->dsize, 0, size - esize - ucb->dsize);
perf_trace_buf_submit(entry, size, rctx, call->event.type, 1, regs,
head, NULL);
@@ -1399,21 +1414,21 @@ static void __uprobe_perf_func(struct tr
/* uprobe profile handler */
static int uprobe_perf_func(struct trace_uprobe *tu, struct pt_regs *regs,
- struct uprobe_cpu_buffer *ucb, int dsize)
+ struct uprobe_cpu_buffer *ucb)
{
if (!uprobe_perf_filter(&tu->consumer, 0, current->mm))
return UPROBE_HANDLER_REMOVE;
if (!is_ret_probe(tu))
- __uprobe_perf_func(tu, 0, regs, ucb, dsize);
+ __uprobe_perf_func(tu, 0, regs, ucb);
return 0;
}
static void uretprobe_perf_func(struct trace_uprobe *tu, unsigned long func,
struct pt_regs *regs,
- struct uprobe_cpu_buffer *ucb, int dsize)
+ struct uprobe_cpu_buffer *ucb)
{
- __uprobe_perf_func(tu, func, regs, ucb, dsize);
+ __uprobe_perf_func(tu, func, regs, ucb);
}
int bpf_get_uprobe_info(const struct perf_event *event, u32 *fd_type,
@@ -1479,10 +1494,8 @@ static int uprobe_dispatcher(struct upro
struct trace_uprobe *tu;
struct uprobe_dispatch_data udd;
struct uprobe_cpu_buffer *ucb;
- int dsize, esize;
int ret = 0;
-
tu = container_of(con, struct trace_uprobe, consumer);
tu->nhit++;
@@ -1494,18 +1507,14 @@ static int uprobe_dispatcher(struct upro
if (WARN_ON_ONCE(!uprobe_cpu_buffer))
return 0;
- dsize = __get_data_size(&tu->tp, regs);
- esize = SIZEOF_TRACE_ENTRY(is_ret_probe(tu));
-
- ucb = uprobe_buffer_get();
- store_trace_args(ucb->buf, &tu->tp, regs, esize, dsize);
+ ucb = prepare_uprobe_buffer(tu, regs);
if (trace_probe_test_flag(&tu->tp, TP_FLAG_TRACE))
- ret |= uprobe_trace_func(tu, regs, ucb, dsize);
+ ret |= uprobe_trace_func(tu, regs, ucb);
#ifdef CONFIG_PERF_EVENTS
if (trace_probe_test_flag(&tu->tp, TP_FLAG_PROFILE))
- ret |= uprobe_perf_func(tu, regs, ucb, dsize);
+ ret |= uprobe_perf_func(tu, regs, ucb);
#endif
uprobe_buffer_put(ucb);
return ret;
@@ -1517,7 +1526,6 @@ static int uretprobe_dispatcher(struct u
struct trace_uprobe *tu;
struct uprobe_dispatch_data udd;
struct uprobe_cpu_buffer *ucb;
- int dsize, esize;
tu = container_of(con, struct trace_uprobe, consumer);
@@ -1529,18 +1537,13 @@ static int uretprobe_dispatcher(struct u
if (WARN_ON_ONCE(!uprobe_cpu_buffer))
return 0;
- dsize = __get_data_size(&tu->tp, regs);
- esize = SIZEOF_TRACE_ENTRY(is_ret_probe(tu));
-
- ucb = uprobe_buffer_get();
- store_trace_args(ucb->buf, &tu->tp, regs, esize, dsize);
-
+ ucb = prepare_uprobe_buffer(tu, regs);
if (trace_probe_test_flag(&tu->tp, TP_FLAG_TRACE))
- uretprobe_trace_func(tu, func, regs, ucb, dsize);
+ uretprobe_trace_func(tu, func, regs, ucb);
#ifdef CONFIG_PERF_EVENTS
if (trace_probe_test_flag(&tu->tp, TP_FLAG_PROFILE))
- uretprobe_perf_func(tu, func, regs, ucb, dsize);
+ uretprobe_perf_func(tu, func, regs, ucb);
#endif
uprobe_buffer_put(ucb);
return 0;
next prev parent reply other threads:[~2024-11-15 6:54 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-15 6:38 [PATCH 6.1 00/39] 6.1.118-rc1 review Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 01/39] Revert "Bluetooth: fix use-after-free in accessing skb after sending it" Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 02/39] Revert "Bluetooth: hci_sync: Fix overwriting request callback" Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 03/39] Revert "Bluetooth: af_bluetooth: Fix deadlock" Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 04/39] Revert "Bluetooth: hci_core: Fix possible buffer overflow" Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 05/39] Revert "Bluetooth: hci_conn: Consolidate code for aborting connections" Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 06/39] 9p: Avoid creating multiple slab caches with the same name Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 07/39] irqchip/ocelot: Fix trigger register address Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 08/39] nvme: tcp: avoid race between queue_lock lock and destroy Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 09/39] block: Fix elevator_get_default() checking for NULL q->tag_set Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 10/39] HID: multitouch: Add support for B2402FVA track point Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 11/39] HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 12/39] nvme: disable CC.CRIME (NVME_CC_CRIME) Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 13/39] bpf: use kvzmalloc to allocate BPF verifier environment Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 14/39] crypto: api - Fix liveliness check in crypto_alg_tested Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 15/39] crypto: marvell/cesa - Disable hash algorithms Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 16/39] sound: Make CONFIG_SND depend on INDIRECT_IOMEM instead of UML Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 17/39] drm/vmwgfx: Limit display layout ioctl array size to VMWGFX_NUM_DISPLAY_UNITS Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 18/39] kasan: Disable Software Tag-Based KASAN with GCC Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 19/39] nvme-multipath: defer partition scanning Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 20/39] powerpc/powernv: Free name on error in opal_event_init() Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 21/39] nvme: make keep-alive synchronous operation Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 22/39] vDPA/ifcvf: Fix pci_read_config_byte() return code handling Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 23/39] bpf: Fix mismatched RCU unlock flavour in bpf_out_neigh_v6 Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 24/39] fs: Fix uninitialized value issue in from_kuid and from_kgid Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 25/39] HID: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 26/39] HID: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 27/39] LoongArch: Use "Exception return address" to comment ERA Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 28/39] net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 29/39] md/raid10: improve code of mrdev in raid10_sync_request Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 30/39] io_uring: fix possible deadlock in io_register_iowq_max_workers() Greg Kroah-Hartman
2024-11-15 6:38 ` Greg Kroah-Hartman [this message]
2024-11-15 6:38 ` [PATCH 6.1 32/39] uprobe: avoid out-of-bounds memory access of fetching args Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 33/39] drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 34/39] ext4: fix timer use-after-free on failed mount Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 35/39] Bluetooth: L2CAP: Fix uaf in l2cap_connect Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 36/39] mm: krealloc: Fix MTE false alarm in __do_krealloc Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 37/39] platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 38/39] fs/ntfs3: Fix general protection fault in run_is_mapped_full Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 39/39] 9p: fix slab cache name creation for real Greg Kroah-Hartman
2024-11-15 12:43 ` [PATCH 6.1 00/39] 6.1.118-rc1 review Peter Schneider
2024-11-15 18:11 ` Jon Hunter
2024-11-15 18:26 ` SeongJae Park
2024-11-15 19:14 ` Florian Fainelli
2024-11-15 21:26 ` Mark Brown
2024-11-16 0:04 ` Ron Economos
2024-11-16 12:24 ` Naresh Kamboju
2024-11-16 17:20 ` [PATCH 6.1] " Hardik Garg
2024-11-16 21:10 ` [PATCH 6.1 00/39] " Shuah Khan
2024-11-17 13:27 ` Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241115063723.731582037@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=andrii@kernel.org \
--cc=jolsa@kernel.org \
--cc=mhiramat@kernel.org \
--cc=patches@lists.linux.dev \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=vamsi-krishna.brahmajosyula@broadcom.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.