From: Steven Rostedt <rostedt@goodmis.org>
To: "Jerome Marchand" <jmarchan@redhat.com>
Cc: Linux Trace Devel <linux-trace-devel@vger.kernel.org>
Subject: Re: [PATCH 33/38] trace-cmd record: prevent memory corruption in parse_record_options()
Date: Wed, 17 Jul 2024 21:50:50 -0400 [thread overview]
Message-ID: <20240717215050.07a16e34@gandalf.local.home> (raw)
In-Reply-To: <20240605134054.2626953-34-jmarchan@redhat.com>
On Wed, 5 Jun 2024 15:40:48 +0200
"Jerome Marchand" <jmarchan@redhat.com> wrote:
> In parse_record_options() we can end up using a deleted instance after
> options have been parsed. This can be triggered by the following
> command:
> $ trace-cmd record -v -e block -B foo ls
>
> We probably need a proper to avoid to end up in this situation, but in
> the mean time, check that the current instance isn't marked for
> deletion before calling remove_instances(). That at least prevent an
> hard to debug memory corruption bug.
>
> Fixes a USE_AFTER_FREE error (CWE-416)
>
> Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
> ---
> tracecmd/trace-record.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/tracecmd/trace-record.c b/tracecmd/trace-record.c
> index 770e775b..dc3e5285 100644
> --- a/tracecmd/trace-record.c
> +++ b/tracecmd/trace-record.c
> @@ -6909,6 +6909,8 @@ static void parse_record_options(int argc,
> }
> }
>
> + if (ctx->instance->delete)
> + die("Instance to be deleted is still used");
This looks to only be an issue for record. Deletion of instances should
only be for the trace-cmd set command.
> remove_instances(del_list);
>
> /* If --date is specified, prepend it to all guest VM flags */
I'll add this patch:
diff --git a/tracecmd/trace-record.c b/tracecmd/trace-record.c
index 4e9ac598..1527be11 100644
--- a/tracecmd/trace-record.c
+++ b/tracecmd/trace-record.c
@@ -6748,7 +6748,8 @@ static void parse_record_options(int argc,
ctx->instance = allocate_instance(optarg);
if (!ctx->instance)
die("Failed to create instance");
- ctx->instance->delete = negative;
+ if (IS_CMDSET(ctx))
+ ctx->instance->delete = negative;
negative = 0;
if (ctx->instance->delete) {
ctx->instance->next = del_list;
Which should fix the issue as well.
Thanks,
-- Steve
next prev parent reply other threads:[~2024-07-18 1:50 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-05 13:40 [PATCH 00/38] trace-cmd: fix misc issues found by static analysis Jerome Marchand
2024-06-05 13:40 ` [PATCH 01/38] trace-cmd listen: close ofd before exiting process_client() Jerome Marchand
2024-06-05 13:40 ` [PATCH 02/38] trace-cmd msg: prevent a memory leak in get_trace_req_args() Jerome Marchand
2024-06-05 13:40 ` [PATCH 03/38] trace-cmd lib: prevent a memory leak in read_header_files() Jerome Marchand
2024-06-05 13:40 ` [PATCH 04/38] trace-cmd: call dlclose() in the error path of load_plugin() Jerome Marchand
2024-06-05 13:40 ` [PATCH 05/38] trace-cmd lib: prevent possible memory coruption in add_plugin_file() Jerome Marchand
2024-06-05 13:40 ` [PATCH 06/38] trace-cmd lib: prevent a memory leak in handle_options() Jerome Marchand
2024-07-17 20:27 ` Steven Rostedt
2024-06-05 13:40 ` [PATCH 07/38] trace-cmd lib: prevent a memory leak in regex_event_buf() Jerome Marchand
2024-06-05 13:40 ` [PATCH 08/38] trace-cmd lib: prevent a memory leak in create_event_list_item() Jerome Marchand
2024-07-17 20:31 ` Steven Rostedt
2024-10-29 6:26 ` Jerome Marchand
2024-06-05 13:40 ` [PATCH 09/38] trace-cmd lib: prevent a memory leak in read_ftrace_printk() Jerome Marchand
2024-06-05 13:40 ` [PATCH 10/38] trace-cmd: don't print a NULL string in append_pid_filter() Jerome Marchand
2024-06-05 13:40 ` [PATCH 11/38] trace-cmd record: prevent possible memory coruption in get_pid_addr_maps() Jerome Marchand
2024-06-05 13:40 ` [PATCH 12/38] trace-cmd hist: close tracecmd handle when trace_hist() exits early Jerome Marchand
2024-06-05 13:40 ` [PATCH 13/38] trace-cmd record: prevent a memory leak in show_error() Jerome Marchand
2024-07-17 20:51 ` Steven Rostedt
2024-10-29 6:31 ` Jerome Marchand
2024-06-05 13:40 ` [PATCH 14/38] trace-cmd record: prevent memory leak in update_pid_filters() Jerome Marchand
2024-06-05 13:40 ` [PATCH 15/38] trace-cmd lib: check the return value of do_lssek() in trace_get_options() Jerome Marchand
2024-07-17 21:10 ` Steven Rostedt
2024-10-29 6:31 ` Jerome Marchand
2024-06-05 13:40 ` [PATCH 16/38] trace-cmd lib: don't double close a file descriptor in read_header_files() Jerome Marchand
2024-06-05 13:40 ` [PATCH 17/38] trace-cmd lib: prevent memory leak in ptp_clock_server() Jerome Marchand
2024-06-05 13:40 ` [PATCH 18/38] trace-cmd lib: remove useless code in tracecmd_plog() Jerome Marchand
2024-06-05 13:40 ` [PATCH 19/38] trace-cmd record: prevent memory leak in add_all_instances() Jerome Marchand
2024-06-05 13:40 ` [PATCH 20/38] trace-cmd lib: check for a negative return value of read in tracecmd_compress_copy_from() Jerome Marchand
2024-06-05 13:40 ` [PATCH 21/38] trace-cmd record: prevent memory leak in clear_func_filter() Jerome Marchand
2024-06-05 13:40 ` [PATCH 22/38] trace-cmd dump: prevent buffer overrun in dump_clock() Jerome Marchand
2024-07-17 22:55 ` Steven Rostedt
2024-10-29 6:31 ` Jerome Marchand
2024-06-05 13:40 ` [PATCH 23/38] trace-cmd lib: prevent buffer overrun in read_string() Jerome Marchand
2024-07-18 0:08 ` Steven Rostedt
2024-06-05 13:40 ` [PATCH 24/38] trace-cmd: close file descriptor in trace_vsock_make() Jerome Marchand
2024-06-05 13:40 ` [PATCH 25/38] trace-cmd lib: prevent memory leak in glob_events() Jerome Marchand
2024-06-05 13:40 ` [PATCH 26/38] trace-cmd record: don't print a NULL string in get_temp_file() Jerome Marchand
2024-06-05 13:40 ` [PATCH 27/38] trace-cmd lib: prevent a possible file descriptor leak in set_proc_kptr_restrict() Jerome Marchand
2024-06-05 13:40 ` [PATCH 28/38] trace-cmd lib: remove unused tracecmd_parse_cmdlines() function Jerome Marchand
2024-06-05 13:40 ` [PATCH 29/38] trace-cmd record: prevent memory leak in setup_network() Jerome Marchand
2024-07-18 0:25 ` Steven Rostedt
2024-10-29 6:34 ` Jerome Marchand
2024-06-05 13:40 ` [PATCH 30/38] trace-cmd listen: prevent memory leak in communicate_with_client() Jerome Marchand
2024-06-05 13:40 ` [PATCH 31/38] trace-cmd listen: prevent a infinite loop " Jerome Marchand
2024-06-05 13:40 ` [PATCH 32/38] trace-cmd lib: prevent memory leak in tracecmd_create_event_hook() Jerome Marchand
2024-07-18 1:16 ` Steven Rostedt
2024-10-29 6:36 ` Jerome Marchand
2024-06-05 13:40 ` [PATCH 33/38] trace-cmd record: prevent memory corruption in parse_record_options() Jerome Marchand
2024-07-18 1:50 ` Steven Rostedt [this message]
2024-06-05 13:40 ` [PATCH 34/38] trace-cmd mem: prevent a memory leak in trace_mem() Jerome Marchand
2024-07-18 1:53 ` Steven Rostedt
2024-10-29 6:38 ` Jerome Marchand
2024-06-05 13:40 ` [PATCH 35/38] trace-cmd: move the initialization of found_pid at the beginning of stop_trace_connect() Jerome Marchand
2024-06-05 13:40 ` [PATCH 36/38] trace-cmd record: check the length of the protocol version received Jerome Marchand
2024-07-18 2:11 ` Steven Rostedt
2024-10-29 6:40 ` Jerome Marchand
2024-06-05 13:40 ` [PATCH 37/38] trace-cmd record: close socket fd before retrying to connect Jerome Marchand
2024-06-05 13:40 ` [PATCH 38/38] trace-cmd lib: prevent a memory leak in tracecmd_tsync_proto_getall() Jerome Marchand
2024-06-05 16:17 ` [PATCH 00/38] trace-cmd: fix misc issues found by static analysis Steven Rostedt
2024-10-29 8:01 ` [PATCH 0/8 v2] " Jerome Marchand
2024-10-29 8:01 ` [PATCH 1/8] trace-cmd lib: Prevent a memory leak in handle_options() Jerome Marchand
2024-10-29 8:01 ` [PATCH 2/8] trace-cmd record: Prevent a memory leak in show_error() Jerome Marchand
2024-10-29 8:01 ` [PATCH 3/8] trace-cmd lib: Check the return value of do_lseek() in trace_get_options() Jerome Marchand
2024-10-29 8:01 ` [PATCH 4/8] trace-cmd dump: Prevent buffer overrun in dump_clock() Jerome Marchand
2024-10-29 8:01 ` [PATCH 5/8] trace-cmd record: Prevent memory leak in setup_network() Jerome Marchand
2024-10-29 8:01 ` [PATCH 6/8] trace-cmd lib: Prevent memory leak in tracecmd_create_event_hook() Jerome Marchand
2024-10-29 8:01 ` [PATCH 7/8] trace-cmd mem: Prevent a memory leak in trace_mem() Jerome Marchand
2024-10-29 8:01 ` [PATCH 8/8] trace-cmd record: Check the length of the protocol version received Jerome Marchand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240717215050.07a16e34@gandalf.local.home \
--to=rostedt@goodmis.org \
--cc=jmarchan@redhat.com \
--cc=linux-trace-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).