From: Masami Hiramatsu <mhiramat@kernel.org>
To: Beau Belgrave <beaub@linux.microsoft.com>
Cc: rostedt@goodmis.org, linux-trace-devel@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v4 02/10] user_events: Add minimal support for trace_event into ftrace
Date: Sun, 7 Nov 2021 23:31:15 +0900 [thread overview]
Message-ID: <20211107233115.1f77e93c4bdf3ff649be99c1@kernel.org> (raw)
In-Reply-To: <20211104170433.2206-3-beaub@linux.microsoft.com>
Hi Beau,
At first, thanks for breaking down your patch into this series!
Now I found that a suspicious security design issue in this patch.
On Thu, 4 Nov 2021 10:04:25 -0700
Beau Belgrave <beaub@linux.microsoft.com> wrote:
> +
> +static enum print_line_t user_event_print_trace(struct trace_iterator *iter,
> + int flags,
> + struct trace_event *event)
> +{
> + /* Unsafe to try to decode user provided print_fmt, use hex */
> + trace_print_hex_dump_seq(&iter->seq, "", DUMP_PREFIX_OFFSET, 16,
> + 1, iter->ent, iter->ent_size, true);
You said this is "Unsafe to try to decode user provided" here, because
this doesn't check the event data sanity, especially non-fixed size data.
However, it is not enough that you don't decode it here. Because synthetic
events (histograms) and event filters need to decode this recorded data entry
using the event format information.
This means this can cause a buffer overrun issue on the ring buffer, because
__data_loc (and __rel_loc too) can be compromised by the user.
If you want to just trace the user events with digit parameters, there is
a way to close this issue - support only the fixed size types (IOW, drop
__data_loc/rel_loc support) and always checks the 'length' of the written
data size. This ensures that those filters/synthetic events can access
those parameters as 'values'. Maybe eprobes still has to reject the user
events but the other parts will work well.
If you want to log some "string", it is hard. Maybe it needs a special
check when writing the event (address, length, and null termination.),
but it will increase the recording overhead.
Thank you,
--
Masami Hiramatsu <mhiramat@kernel.org>
next prev parent reply other threads:[~2021-11-07 14:31 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-04 17:04 [PATCH v4 00/10] user_events: Enable user processes to create and write to trace events Beau Belgrave
2021-11-04 17:04 ` [PATCH v4 01/10] user_events: Add UABI header for user access to user_events Beau Belgrave
2021-11-04 17:04 ` [PATCH v4 02/10] user_events: Add minimal support for trace_event into ftrace Beau Belgrave
2021-11-04 21:34 ` kernel test robot
2021-11-08 2:32 ` Masami Hiramatsu
2021-11-08 16:59 ` Beau Belgrave
2021-11-07 14:31 ` Masami Hiramatsu [this message]
2021-11-08 17:13 ` Beau Belgrave
2021-11-08 18:16 ` Steven Rostedt
2021-11-08 20:25 ` Beau Belgrave
2021-11-08 21:00 ` Steven Rostedt
2021-11-08 22:09 ` Beau Belgrave
2021-11-08 22:30 ` Steven Rostedt
2021-11-08 22:59 ` Beau Belgrave
2021-11-09 4:58 ` Masami Hiramatsu
2021-11-09 2:56 ` Masami Hiramatsu
2021-11-09 19:08 ` Beau Belgrave
2021-11-09 19:25 ` Steven Rostedt
2021-11-09 20:14 ` Beau Belgrave
2021-11-09 20:45 ` Steven Rostedt
2021-11-09 21:27 ` Beau Belgrave
2021-11-09 21:39 ` Steven Rostedt
2021-11-10 13:56 ` Masami Hiramatsu
2021-11-11 17:33 ` Beau Belgrave
2021-11-12 13:40 ` Masami Hiramatsu
2021-11-07 18:18 ` Steven Rostedt
2021-11-08 19:56 ` Beau Belgrave
2021-11-08 20:53 ` Steven Rostedt
2021-11-08 21:15 ` Beau Belgrave
2021-11-04 17:04 ` [PATCH v4 03/10] user_events: Add print_fmt generation support for basic types Beau Belgrave
2021-11-08 22:03 ` Steven Rostedt
2021-11-04 17:04 ` [PATCH v4 04/10] user_events: Handle matching arguments from dyn_events Beau Belgrave
2021-11-08 22:05 ` Steven Rostedt
2021-11-04 17:04 ` [PATCH v4 05/10] user_events: Add basic perf and eBPF support Beau Belgrave
2021-11-04 17:04 ` [PATCH v4 06/10] user_events: Add self-test for ftrace integration Beau Belgrave
2021-11-04 17:04 ` [PATCH v4 07/10] user_events: Add self-test for dynamic_events integration Beau Belgrave
2021-11-04 17:04 ` [PATCH v4 08/10] user_events: Add self-test for perf_event integration Beau Belgrave
2021-11-04 17:04 ` [PATCH v4 09/10] user_events: Optimize writing events by only copying data once Beau Belgrave
2021-11-08 22:45 ` Steven Rostedt
2021-11-08 23:00 ` Beau Belgrave
2021-11-08 23:04 ` Steven Rostedt
2021-11-08 23:17 ` Beau Belgrave
2021-11-08 23:20 ` Steven Rostedt
2021-11-04 17:04 ` [PATCH v4 10/10] user_events: Add documentation file Beau Belgrave
2021-11-04 19:05 ` Jonathan Corbet
2021-11-04 21:08 ` Beau Belgrave
2021-11-04 21:18 ` Jonathan Corbet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211107233115.1f77e93c4bdf3ff649be99c1@kernel.org \
--to=mhiramat@kernel.org \
--cc=beaub@linux.microsoft.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-trace-devel@vger.kernel.org \
--cc=rostedt@goodmis.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).