From: Yordan Karadzhov <ykaradzhov@vmware.com>
To: "rostedt@goodmis.org" <rostedt@goodmis.org>
Cc: "linux-trace-devel@vger.kernel.org" <linux-trace-devel@vger.kernel.org>
Subject: [PATCH 01/11] kernel-shark-qt: Protect all calls of tep_read_number_field()
Date: Wed, 21 Nov 2018 15:14:19 +0000 [thread overview]
Message-ID: <20181121151356.16901-3-ykaradzhov@vmware.com> (raw)
In-Reply-To: <20181121151356.16901-1-ykaradzhov@vmware.com>
tep_read_number_field() is being used to retrieve the value of a data
field and this value has being used without checking if the function
succeeded. This is a potential bug because tep_read_number_field() may
fail and in such a case the retrieved field value will be arbitrary.
Signed-off-by: Yordan Karadzhov <ykaradzhov@vmware.com>
---
kernel-shark-qt/src/plugins/sched_events.c | 52 +++++++++++++---------
1 file changed, 30 insertions(+), 22 deletions(-)
diff --git a/kernel-shark-qt/src/plugins/sched_events.c b/kernel-shark-qt/src/plugins/sched_events.c
index 1851569..c22e198 100644
--- a/kernel-shark-qt/src/plugins/sched_events.c
+++ b/kernel-shark-qt/src/plugins/sched_events.c
@@ -97,10 +97,12 @@ int plugin_get_next_pid(struct tep_record *record)
struct plugin_sched_context *plugin_ctx =
plugin_sched_context_handler;
unsigned long long val;
+ int ret;
- tep_read_number_field(plugin_ctx->sched_switch_next_field,
- record->data, &val);
- return val;
+ ret = tep_read_number_field(plugin_ctx->sched_switch_next_field,
+ record->data, &val);
+
+ return (ret == 0) ? val : ret;
}
/**
@@ -113,10 +115,12 @@ int plugin_get_rec_wakeup_pid(struct tep_record *record)
struct plugin_sched_context *plugin_ctx =
plugin_sched_context_handler;
unsigned long long val;
+ int ret;
+
+ ret = tep_read_number_field(plugin_ctx->sched_wakeup_pid_field,
+ record->data, &val);
- tep_read_number_field(plugin_ctx->sched_wakeup_pid_field,
- record->data, &val);
- return val;
+ return (ret == 0) ? val : ret;
}
static void plugin_register_command(struct kshark_context *kshark_ctx,
@@ -145,11 +149,12 @@ static int plugin_get_rec_wakeup_new_pid(struct tep_record *record)
struct plugin_sched_context *plugin_ctx =
plugin_sched_context_handler;
unsigned long long val;
+ int ret;
- tep_read_number_field(plugin_ctx->sched_wakeup_new_pid_field,
- record->data, &val);
+ ret = tep_read_number_field(plugin_ctx->sched_wakeup_new_pid_field,
+ record->data, &val);
- return val;
+ return (ret == 0) ? val : ret;
}
/**
@@ -170,7 +175,7 @@ bool plugin_wakeup_match_rec_pid(struct kshark_context *kshark_ctx,
struct plugin_sched_context *plugin_ctx;
struct tep_record *record = NULL;
unsigned long long val;
- int wakeup_pid = -1;
+ int ret, wakeup_pid = -1;
plugin_ctx = plugin_sched_context_handler;
if (!plugin_ctx)
@@ -181,10 +186,10 @@ bool plugin_wakeup_match_rec_pid(struct kshark_context *kshark_ctx,
record = kshark_read_at(kshark_ctx, e->offset);
/* We only want those that actually woke up the task. */
- tep_read_number_field(plugin_ctx->sched_wakeup_success_field,
- record->data, &val);
+ ret = tep_read_number_field(plugin_ctx->sched_wakeup_success_field,
+ record->data, &val);
- if (val)
+ if (ret == 0 && val)
wakeup_pid = plugin_get_rec_wakeup_pid(record);
}
@@ -193,10 +198,10 @@ bool plugin_wakeup_match_rec_pid(struct kshark_context *kshark_ctx,
record = kshark_read_at(kshark_ctx, e->offset);
/* We only want those that actually woke up the task. */
- tep_read_number_field(plugin_ctx->sched_wakeup_new_success_field,
- record->data, &val);
+ ret = tep_read_number_field(plugin_ctx->sched_wakeup_new_success_field,
+ record->data, &val);
- if (val)
+ if (ret == 0 && val)
wakeup_pid = plugin_get_rec_wakeup_new_pid(record);
}
@@ -224,7 +229,7 @@ bool plugin_switch_match_rec_pid(struct kshark_context *kshark_ctx,
{
struct plugin_sched_context *plugin_ctx;
unsigned long long val;
- int switch_pid = -1;
+ int ret, switch_pid = -1;
plugin_ctx = plugin_sched_context_handler;
@@ -233,10 +238,10 @@ bool plugin_switch_match_rec_pid(struct kshark_context *kshark_ctx,
struct tep_record *record;
record = kshark_read_at(kshark_ctx, e->offset);
- tep_read_number_field(plugin_ctx->sched_switch_prev_state_field,
- record->data, &val);
+ ret = tep_read_number_field(plugin_ctx->sched_switch_prev_state_field,
+ record->data, &val);
- if (!(val & 0x7f))
+ if (ret == 0 && !(val & 0x7f))
switch_pid = tep_data_pid(plugin_ctx->pevent, record);
free_record(record);
@@ -278,8 +283,11 @@ static void plugin_sched_action(struct kshark_context *kshark_ctx,
struct tep_record *rec,
struct kshark_entry *entry)
{
- entry->pid = plugin_get_next_pid(rec);
- plugin_register_command(kshark_ctx, rec, entry->pid);
+ int pid = plugin_get_next_pid(rec);
+ if (pid >= 0) {
+ entry->pid = pid;
+ plugin_register_command(kshark_ctx, rec, entry->pid);
+ }
}
static int plugin_sched_init(struct kshark_context *kshark_ctx)
--
2.17.1
next prev parent reply other threads:[~2018-11-22 1:49 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-21 15:14 [PATCH 00/11] Small modifications and bug fixes toward KS 1.0 Yordan Karadzhov
2018-11-21 15:14 ` [PATCH 01/11] kernel-shark-qt: protect all calls of tep_read_number_field() Yordan Karadzhov
2018-11-21 15:14 ` Yordan Karadzhov [this message]
2018-11-27 20:34 ` [PATCH 01/11] kernel-shark-qt: Protect " Steven Rostedt
2018-11-21 15:14 ` [PATCH 02/11] kernel-shark-qt: Fix the returned error value of kshark_get_event_id_easy() Yordan Karadzhov
2018-11-21 15:14 ` [PATCH 03/11] kernel-shark-qt: Avoid race condition in kshark_get_event_name_easy() Yordan Karadzhov
2018-11-27 20:37 ` Steven Rostedt
2018-11-21 15:14 ` [PATCH 04/11] kernel-shark-qt: Optimize the search in the text data Yordan Karadzhov
2018-11-21 15:14 ` [PATCH 05/11] kernel-shark-qt: Add iterator index to the search panel Yordan Karadzhov
2018-11-21 15:14 ` [PATCH 06/11] kernel-shark-qt: Update search iterator when marker is changed Yordan Karadzhov
2018-11-21 15:14 ` [PATCH 07/11] kernel-shark-qt: Optimize the search in a case of a small data-set Yordan Karadzhov
2018-11-21 15:14 ` [PATCH 08/11] kernel-shark qt: No error when Record authentication dialog is closed Yordan Karadzhov
2018-11-27 20:45 ` Steven Rostedt
2018-11-21 15:14 ` [PATCH 09/11] kernel-shark-qt: Remove all system=ftrace events from Record dialog Yordan Karadzhov
2018-11-27 23:02 ` [PATCH 00/11] Small modifications and bug fixes toward KS 1.0 Steven Rostedt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181121151356.16901-3-ykaradzhov@vmware.com \
--to=ykaradzhov@vmware.com \
--cc=linux-trace-devel@vger.kernel.org \
--cc=rostedt@goodmis.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).