From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CCAB8C282C2 for ; Wed, 13 Feb 2019 13:47:55 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 9D3DB222C2 for ; Wed, 13 Feb 2019 13:47:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1550065675; bh=f5+079+VIAW7E0pTG8Avv4XmJOlZBFMKRNLHMIjgP9Q=; h=Subject:To:Cc:From:Date:List-ID:From; b=qLFNDMPqbBHfqrOCGDqiNVUkl6APJiOvyT351uJFfxA2KQuFGuqEjBoVcfsTp5PnR hBiQe8h6Q12b2uMn90doxHhiLSzKFOMUz/3+acfggxauWGbIDxlefq2/iYIKmDbteU JVHixsQIqyjwj6joq50BW6qJSIViJ1OnK6x1u/7k= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729719AbfBMNrz (ORCPT ); Wed, 13 Feb 2019 08:47:55 -0500 Received: from wout2-smtp.messagingengine.com ([64.147.123.25]:50161 "EHLO wout2-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731143AbfBMNry (ORCPT ); Wed, 13 Feb 2019 08:47:54 -0500 Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.west.internal (Postfix) with ESMTP id 78A3A3551; Wed, 13 Feb 2019 08:47:53 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute6.internal (MEProxy); Wed, 13 Feb 2019 08:47:53 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=PnvF+7 yrLnFBJ9/FfzeuHhVPV6tBQJZEdgn9bwon9oo=; b=ZBOw13XH7GaqTiS7EvgdcY 2nFikQ0S5OGzyIJJX3Zki0ArP74udbdSTDmCv+De9d+rYOoWtHFsW+zcA5qXWUuD IoLBS7ZzoqQOmb9I23c/A6I3NEH1I7/ndXWf/ge67qz5yLzjTL5wCCGcWF6Ein93 kslSL/u77p7O//i8lEvweiV0HILOXFua3n4FiHwWx1puxnIq05Ky84ehPfcxc+l5 CmAfs8Li2hvIx7uq3pqkeOQRMY6Eqnp5qcQWvDGJnW0LcSdfe9XzncOHRp4YEXXk jHDve9VVkBBor6w8X6oIPk1qO5FGNT1CD3twKcUycxITGw887HgOoOLk9Lm6pVoA == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedtledruddtfedgheeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfquhhtnecuuegrihhlohhuthemucef tddtnecunecujfgurhepuffvhfffkfggtgfgsehtkeertddttdflnecuhfhrohhmpeeogh hrvghgkhhhsehlihhnuhigfhhouhhnuggrthhiohhnrdhorhhgqeenucffohhmrghinhep khgvrhhnvghlrdhorhhgnecukfhppeekfedrkeeirdekledruddtjeenucfrrghrrghmpe hmrghilhhfrhhomhepghhrvghgsehkrhhorghhrdgtohhmnecuvehluhhsthgvrhfuihii vgepfe X-ME-Proxy: Received: from localhost (5356596b.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) by mail.messagingengine.com (Postfix) with ESMTPA id 6DECEE423B; Wed, 13 Feb 2019 08:47:52 -0500 (EST) Subject: FAILED: patch "[PATCH] tracing/uprobes: Fix output for multiple string arguments" failed to apply to 4.4-stable tree To: andreas.ziegler@fau.de, mhiramat@kernel.org, mingo@redhat.com, rostedt@goodmis.org Cc: From: Date: Wed, 13 Feb 2019 14:47:45 +0100 Message-ID: <155006566521970@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to . thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 0722069a5374b904ec1a67f91249f90e1cfae259 Mon Sep 17 00:00:00 2001 From: Andreas Ziegler Date: Wed, 16 Jan 2019 15:16:29 +0100 Subject: [PATCH] tracing/uprobes: Fix output for multiple string arguments When printing multiple uprobe arguments as strings the output for the earlier arguments would also include all later string arguments. This is best explained in an example: Consider adding a uprobe to a function receiving two strings as parameters which is at offset 0xa0 in strlib.so and we want to print both parameters when the uprobe is hit (on x86_64): $ echo 'p:func /lib/strlib.so:0xa0 +0(%di):string +0(%si):string' > \ /sys/kernel/debug/tracing/uprobe_events When the function is called as func("foo", "bar") and we hit the probe, the trace file shows a line like the following: [...] func: (0x7f7e683706a0) arg1="foobar" arg2="bar" Note the extra "bar" printed as part of arg1. This behaviour stacks up for additional string arguments. The strings are stored in a dynamically growing part of the uprobe buffer by fetch_store_string() after copying them from userspace via strncpy_from_user(). The return value of strncpy_from_user() is then directly used as the required size for the string. However, this does not take the terminating null byte into account as the documentation for strncpy_from_user() cleary states that it "[...] returns the length of the string (not including the trailing NUL)" even though the null byte will be copied to the destination. Therefore, subsequent calls to fetch_store_string() will overwrite the terminating null byte of the most recently fetched string with the first character of the current string, leading to the "accumulation" of strings in earlier arguments in the output. Fix this by incrementing the return value of strncpy_from_user() by one if we did not hit the maximum buffer size. Link: http://lkml.kernel.org/r/20190116141629.5752-1-andreas.ziegler@fau.de Cc: Ingo Molnar Cc: stable@vger.kernel.org Fixes: 5baaa59ef09e ("tracing/probes: Implement 'memory' fetch method for uprobes") Acked-by: Masami Hiramatsu Signed-off-by: Andreas Ziegler Signed-off-by: Steven Rostedt (VMware) diff --git a/kernel/trace/trace_uprobe.c b/kernel/trace/trace_uprobe.c index 19a1a8e19062..9bde07c06362 100644 --- a/kernel/trace/trace_uprobe.c +++ b/kernel/trace/trace_uprobe.c @@ -160,6 +160,13 @@ fetch_store_string(unsigned long addr, void *dest, void *base) if (ret >= 0) { if (ret == maxlen) dst[ret - 1] = '\0'; + else + /* + * Include the terminating null byte. In this case it + * was copied by strncpy_from_user but not accounted + * for in ret. + */ + ret++; *(u32 *)dest = make_data_loc(ret, (void *)dst - base); }