From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-oo1-f45.google.com (mail-oo1-f45.google.com [209.85.161.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5122D390CB1 for ; Wed, 8 Apr 2026 20:02:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.161.45 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775678573; cv=none; b=be5Hk3ES4jA2Z6tdWG+AUu+cb0+NNZ1E0GTuLqyaiqpoKjHA5w3QMhLqlfSXwdLMz3spCPt5gjToGULFn1A5JMWL24YaTFyt7606iLjugI6W/vDdRLIXM/NFoiwnFi6Sg29erlW1Cq+VcSMtsKaCn2OPiBOoduPqmMEnrqIxA44= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775678573; c=relaxed/simple; bh=loQz+STp3wa7v9/r0rWlqL++qVZMQDCgMzGEqpUIZBE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=TS2YGH05QwmTstLdl2BiNjNwVrDSd4iNTWNLgXyo4WmR5lP38wlL8ADVB3omvuVQljUlHIW0hyrgFpzqEPPVtmGGk6NDRRk6bjp0d8xXdE77ZJhGLlG0ozKuC1kGHjFWS6wm53FWr6fOBkxIzuUXrZWSN5KzikU2yu0mcGMIF8E= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=FvoWHdnZ; arc=none smtp.client-ip=209.85.161.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="FvoWHdnZ" Received: by mail-oo1-f45.google.com with SMTP id 006d021491bc7-66ee7b9af94so63198eaf.0 for ; Wed, 08 Apr 2026 13:02:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775678569; x=1776283369; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=+oVkFpq55n+kC0Q5w6v7ajVoPipPUrDkhvMf2L9Tp2c=; b=FvoWHdnZUWhTs5orBsedh5M912yad4FKeHgNFv/QVvjUO3Q7MxGnTx23iYXj4hvCNt zW/1WPnUjsmVec7vy2P7uF657XsOWT6HhTPxrkYRsrXZZnwAAytKUHQ80vHdvOba4XGk s4tS7TlKWrr+nPbbugnlflqzH+fKYR0k+230lc9NwKVO/6OHRRierVOpzQN/ZZx78KSN fYcYRcmU2jzsFo97etywZRwuMDE66E878W/mc3osI7JsNafcin/sxC6s567NKnf0bxi6 CDfVzCVRy6Ty8yulnf16ywEy87O6HLkctrwjQoy7wfWY3ciKn6FMTP8NXzF83W9v7lhg /zSw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775678569; x=1776283369; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=+oVkFpq55n+kC0Q5w6v7ajVoPipPUrDkhvMf2L9Tp2c=; b=EeVDKx/CmxE61UMmGR2smVyV78Zzq3tFZzgxtfZc0QQn1XUCGLJ7yywDr0s1sSLF0O zmHKrAIDct2gFRdj6yQiF6YxiFCKpc36Iw2vH6UbzSfXe8xXJNPbfyxfBqRyVQRoVfGX /yROQkorU5+ANArNQMEW4Rm7UidfbyAp9HLlcv/yt4y6u7yXti3OV140XEmULSAbtwz6 kjRS0yqcnGa5q6z+mLXZz+9H60HuIFH8fqv45Jc7AX6AKSsqa6rALvRj8bB4likQpU0j QAGfThkPuM8u72wOH4LasGGsUrAJt38u/FCWXWWzh9tFGtPO9SklNqBMaGbOA6K5cDkB uYDQ== X-Gm-Message-State: AOJu0YzPVHTVhC66XN9bsVToZVzZFtOQni5Mlzu0jyPPc3ZBQCISFwUC bXaPcuXv7Kw06hggTPBNtiQ/x+ONP7mJvYdH54H/fO5me9AZomqxjyYwg/T0pQ== X-Gm-Gg: AeBDieuR+B7LtSxHWyavGl8u5KPPvX+aifqlDc68OUxu7XfN9+yzrWEPz65hif4ooFi JySdjuGChWyqpTtVbWIB7tmnEjRWGFmm/RRVVG8mibeD1i4AUmUtJKYhnNLVqiVtv+ekHVR6DjD H5BVIn+//W98a713MTyzTdXzLmuvFc5/LfbHmYkFb3e8SzFlNnomSFFgds3zpBY9Gqjl2lZ8eg5 OkAIx+u1Qo7yfIjx/XkEaAxMKtpvdiR6qkI2f2fe+YovXfPofymsJUp+IT1i0EcAF4Z0+vgsNGs 7pQYeHsK/K0a7eNuymlfvxNewExu+5HKP8UYanU8p6zNdGK3oAWVNcGSEP8KcllI+wmO1lmh+zD +W9Wy9PJ4dQtuyMQHdNMz/6rWUOWC0P0umEOju8/9AkS9YshB1AE1ZcAOCTCn3Ed7WNJgb/rj0S 4qfmLDrrArr0PaWchLkQZBiSos96kqyzlGRS5iuHmbII2fN5Do6GONF0YBTxqqnfV7CwNyW2Xw2 pE= X-Received: by 2002:a05:6820:2d4a:b0:67e:cf9:ea2a with SMTP id 006d021491bc7-6821ef801cfmr14200699eaf.17.1775678569059; Wed, 08 Apr 2026 13:02:49 -0700 (PDT) Received: from frodo.raven-morpho.ts.net (c-98-38-17-99.hsd1.co.comcast.net. [98.38.17.99]) by smtp.googlemail.com with ESMTPSA id 006d021491bc7-680a63c7fd1sm12254208eaf.8.2026.04.08.13.02.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Apr 2026 13:02:48 -0700 (PDT) From: Jim Cromie To: linux-kernel@vger.kernel.org Cc: gregkh@linuxfoundation.org, jbaron@akamai.com, louis.chauvet@bootlin.com, Jim Cromie Subject: [PATCH v13 34/36] dyndbg: harden classmap and descriptor validation Date: Wed, 8 Apr 2026 14:02:09 -0600 Message-ID: <20260408200211.43821-35-jim.cromie@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260408200211.43821-1-jim.cromie@gmail.com> References: <20260408200211.43821-1-jim.cromie@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Dynamic debug classmaps allow modules to _DEFINE and/or _USE multiple classmaps, but this requires coordination amongst the classmaps. Previously, class validation done by DYNAMIC_DEBUG_CLASSMAP_DEFINE at compile-time, and ddebug_class_range_overlap() at modprobe-time, was incomplete, and DYNAMIC_DEBUG_CLASSMAP_USE_ had no validation. This could allow broken classmaps, making them harder to use well. This commit improves classmap and descriptor validation: - Mirror the compile-time limits of _DEFINE by adding a static_assert to validate the _offset value passed to DYNAMIC_DEBUG_CLASSMAP_USE_. - Add run-time overlap checks for _USEd classmaps in ddebug_add_module() to prevent collisions between private maps and imported APIs. - Scan module descriptors at load time to print a single warning per missing class_id, rather than waiting for a user query to trip over it. - Downgrade the global WARN_ONCE in ddebug_match_desc() to a pr_warn_ratelimited, since orphaned class IDs are now tracked and warned about early at module load. Signed-off-by: Jim Cromie --- -v12 - squash several enhancments together drop run-time USE check, now done at compile-time s/WARN_ONCE/pr_err/, dont need stack trace for this, and do want multiple error reports, so dont quit on 1st err. Now that DYNAMIC_DEBUG_CLASSMAP_USE_() has an offset parameter, it is possible for a user to specify an illegal value - one that shifts the bit-range past the 64 bit max. The macro detects an offset > 63, but this isn't enough; the legal max is: map.length - 1 + map.base + user.offset < 64 Testing class-map vs class-user overlap is nonsense if the class-user range extends past the implemented limit. So check that 1st, before looking for map/user overlap. To validate this, add ifdef DD_RUNTIME_CLASS_CHECK code to test_dynamic_debug_submod.ko. When its enabled, it creates a bad class-user record via: DYNAMIC_DEBUG_CLASSMAP_USE_(map_level_num, 55); bash-5.3# modprobe test_dynamic_debug_submod [ 19.359818] dyndbg: 23 debug prints in module test_dynamic_debug [ 19.366239] dyndbg: module test_dynamic_debug_submod: base:16 + classes.len:8 + cli.offset:55 must be < 63 [ 19.366612] dyndbg: dyndbg multi-classmap conflict in test_dynamic_debug_submod [ 19.366945] dyndbg: dyndbg: failed to add module test_dynamic_debug_submod: -22 Finally, replace the misleading "Failed to allocate memory" WARN in the module notifier with a pr_err that reports the specific failure code without the stack-trace. Signed-off-by: Jim Cromie --- lib/dynamic_debug.c | 67 ++++++++++++++++++++++++++++++++++++---- lib/test_dynamic_debug.c | 9 +++++- 2 files changed, 69 insertions(+), 7 deletions(-) diff --git a/lib/dynamic_debug.c b/lib/dynamic_debug.c index 66879a40b822..3cd9b67bd995 100644 --- a/lib/dynamic_debug.c +++ b/lib/dynamic_debug.c @@ -320,7 +320,8 @@ static bool ddebug_match_desc(const struct ddebug_query *query, /* site is class'd */ site_map = ddebug_find_map_by_class_id(di, dp->class_id); if (!site_map) { - WARN_ONCE(1, "unknown class_id %d, check %s's CLASSMAP definitions", dp->class_id, di->mod_name); + pr_warn_ratelimited("unknown class_id %d, check %s's CLASSMAP definitions\n", + dp->class_id, di->mod_name); return false; } /* module(-param) decides protection */ @@ -1420,6 +1421,23 @@ static int ddebug_class_range_overlap(struct _ddebug_class_map *cm, u64 *reserve return 0; } +static int ddebug_class_user_overlap(struct _ddebug_class_user *cli, + u64 *reserved_ids) +{ + struct _ddebug_class_map *cm = cli->map; + int base = cm->base + cli->offset; + u64 range = (((1ULL << cm->length) - 1) << base); + + if (range & *reserved_ids) { + pr_err("module %s: [%d..%d] (from %s) conflicts with %llx\n", + cli->mod_name, base, base + cm->length - 1, + cm->class_names[0], *reserved_ids); + return -EINVAL; + } + *reserved_ids |= range; + return 0; +} + /* * Allocate a new ddebug_table for the given module * and add it to the global list. @@ -1430,7 +1448,8 @@ static int ddebug_add_module(struct _ddebug_info *di) struct _ddebug_class_map *cm; struct _ddebug_class_user *cli; u64 reserved_ids = 0; - int i; + u64 bad_ids = 0; + int i, err = 0; if (!di->descs.len) return 0; @@ -1454,10 +1473,46 @@ static int ddebug_add_module(struct _ddebug_info *di) dd_set_module_subrange(i, cli, &dt->info, users); /* now di is stale */ - /* insure 2+ classmaps share the per-module 0..62 class_id space */ + /* validate the per-module shared 0..62 class_id space */ for_subvec(i, cm, &dt->info, maps) if (ddebug_class_range_overlap(cm, &reserved_ids)) - goto cleanup; + err = -EINVAL; + + for_subvec(i, cli, &dt->info, users) { + cm = cli->map; + if (!cm) { + pr_err("module %s: classmap not found for user\n", di->mod_name); + err = -EINVAL; + continue; + } + + if (cm->base + cm->length + cli->offset >= _DPRINTK_CLASS_DFLT) { + pr_err("module %s: base:%d + classes.len:%d + cli.offset:%d must be < %d\n", + di->mod_name, cm->base, cm->length, cli->offset, _DPRINTK_CLASS_DFLT); + err = -EINVAL; + continue; + } + + if (ddebug_class_user_overlap(cli, &reserved_ids)) + err = -EINVAL; + } + if (err) + goto cleanup; + + /* validate all class_ids against module's classmaps/users */ + for (i = 0; i < dt->info.descs.len; i++) { + struct _ddebug *dp = &dt->info.descs.start[i]; + + if (dp->class_id == _DPRINTK_CLASS_DFLT) + continue; + if (bad_ids & (1ULL << dp->class_id)) + continue; + if (!ddebug_find_map_by_class_id(&dt->info, dp->class_id)) { + pr_warn("module %s uses unknown class_id %d\n", + dt->info.mod_name, dp->class_id); + bad_ids |= (1ULL << dp->class_id); + } + } mutex_lock(&ddebug_lock); list_add_tail(&dt->link, &ddebug_tables); @@ -1472,7 +1527,7 @@ static int ddebug_add_module(struct _ddebug_info *di) dt->info.descs.len, dt->info.mod_name); return 0; cleanup: - WARN_ONCE(1, "dyndbg multi-classmap conflict in %s\n", di->mod_name); + pr_err("dyndbg multi-classmap conflict in %s\n", di->mod_name); kfree(dt); return -EINVAL; } @@ -1559,7 +1614,7 @@ static int ddebug_module_notify(struct notifier_block *self, unsigned long val, mod->dyndbg_info.mod_name = mod->name; ret = ddebug_add_module(&mod->dyndbg_info); if (ret) - WARN(1, "Failed to allocate memory: dyndbg may not work properly.\n"); + pr_err("dyndbg: failed to add module %s: %d\n", mod->name, ret); break; case MODULE_STATE_GOING: ddebug_remove_module(mod->name); diff --git a/lib/test_dynamic_debug.c b/lib/test_dynamic_debug.c index d65fa3f3ef9e..3cb41a3a18e2 100644 --- a/lib/test_dynamic_debug.c +++ b/lib/test_dynamic_debug.c @@ -137,7 +137,14 @@ DYNAMIC_DEBUG_CLASSMAP_DEFINE(classid_range_conflict, 0, D2_CORE + 1, "D3_CORE") * DEFINEd (and exported) above. */ DYNAMIC_DEBUG_CLASSMAP_USE(map_disjoint_bits); -DYNAMIC_DEBUG_CLASSMAP_USE(map_level_num); +#if !defined(DD_RUNTIME_CLASS_CHECK) + DYNAMIC_DEBUG_CLASSMAP_USE(map_level_num); +#else +/* + * force failure of runtime sanity test of classmap.length + offset < 63 + */ +DYNAMIC_DEBUG_CLASSMAP_USE_(map_level_num, 55); +#endif #if defined(DD_MACRO_ARGCHECK) /* -- 2.53.0