From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=l45o=QU=vger.kernel.org=stable-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.0 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,
	DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,
	SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no
	version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 34769C282CE
	for <stable@archiver.kernel.org>; Wed, 13 Feb 2019 13:47:57 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 0574C222C1
	for <stable@archiver.kernel.org>; Wed, 13 Feb 2019 13:47:57 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=default; t=1550065677;
	bh=wrn/RKh700IfD4c7wsICySpfnOv3/JgsVfb2Btp5nrs=;
	h=Subject:To:Cc:From:Date:List-ID:From;
	b=dLV7jpfBYaBcVF0Gnrsd2hpb2dUcU/GX+Gi7nxgtad0LxVN/rleI0M5iTnaEruJPH
	 4kLJpamU0PD/RkSYEsQfBG9uUEg54V9P0HsVuMfxJFkJ0W8U2jeVCidw1+I0naC+gd
	 pFrQyybq+FuYGbYkqwIuE59qUsUfds1Pwo57H55w=
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1732851AbfBMNr4 (ORCPT <rfc822;stable@archiver.kernel.org>);
        Wed, 13 Feb 2019 08:47:56 -0500
Received: from wout2-smtp.messagingengine.com ([64.147.123.25]:57041 "EHLO
        wout2-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1731143AbfBMNr4 (ORCPT
        <rfc822;stable@vger.kernel.org>); Wed, 13 Feb 2019 08:47:56 -0500
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46])
        by mailout.west.internal (Postfix) with ESMTP id 5FBC63575;
        Wed, 13 Feb 2019 08:47:55 -0500 (EST)
Received: from mailfrontend1 ([10.202.2.162])
  by compute6.internal (MEProxy); Wed, 13 Feb 2019 08:47:55 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
        messagingengine.com; h=cc:content-transfer-encoding:content-type
        :date:from:message-id:mime-version:subject:to:x-me-proxy
        :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=HxufE5
        fugk7+9TSz1umXl4svB31NjogRsiQ0j+rBRuo=; b=Oi6ok3lEDocNo3GMs9LlXm
        iC5Xb0/QGj5xiiOt90ox5nrpQj9adK6i24jKir+DWOicZsBg/jJG4yKW0Tjj5mnw
        bVPyWWNSQFNiwGd3NzmnLTnL/CQWTstSkgl2uwUELtUyXPzcgSMV8CSAv8HjmruN
        ly2vodLHqVRmv0ItNv9oTdRvFAC60DccHfVJJi2eARtOjLWGsFLC0hShQ8xguE1H
        w3gbamEc4Wnl7DFyy3UMonp8c0RwfO8UZOgV+FOjk2ElAM8FK1gVqlvOUvnFY3rO
        jjz8nNgXul2dXZyRCxNza1KqQCwgK4w8+GayEGzO01rgYDN5rGidmDTKo6F5htvg
        ==
X-ME-Sender: <xms:CiBkXEDPQomLZ6t3DY67dPKIzrAOxWklhQHyzldaRoGzy6c88-0YLg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedtledruddtfedgheeiucetufdoteggodetrfdotf
    fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfquhhtnecuuegrihhlohhuthemucef
    tddtnecunecujfgurhepuffvhfffkfggtgfgsehtkeertddttdflnecuhfhrohhmpeeogh
    hrvghgkhhhsehlihhnuhigfhhouhhnuggrthhiohhnrdhorhhgqeenucffohhmrghinhep
    khgvrhhnvghlrdhorhhgnecukfhppeekfedrkeeirdekledruddtjeenucfrrghrrghmpe
    hmrghilhhfrhhomhepghhrvghgsehkrhhorghhrdgtohhmnecuvehluhhsthgvrhfuihii
    vgepfe
X-ME-Proxy: <xmx:CiBkXKyzyqfC0AggcCpzrdbWrOU0hpcOiGD7XhRdxXNa6wTk-LXzJQ>
    <xmx:CiBkXCn19RpbaFERPoooZt2o6hWkufxae7tjCkTetk1AX_Nkeq3SLg>
    <xmx:CiBkXPFBxxOeWRiIGNiqdmES3j88ZoWdTHujPVpVcaXOvorfo41THQ>
    <xmx:CyBkXBAp9uKn-TGOjuD5jZf7Y2BPNZteg0CE3BAK7ujRl0bwjfgNxw>
Received: from localhost (5356596b.cm-6-7b.dynamic.ziggo.nl [83.86.89.107])
        by mail.messagingengine.com (Postfix) with ESMTPA id 576FEE423B;
        Wed, 13 Feb 2019 08:47:54 -0500 (EST)
Subject: FAILED: patch "[PATCH] tracing/uprobes: Fix output for multiple string arguments" failed to apply to 3.18-stable tree
To:     andreas.ziegler@fau.de, mhiramat@kernel.org, mingo@redhat.com,
        rostedt@goodmis.org
Cc:     <stable@vger.kernel.org>
From:   <gregkh@linuxfoundation.org>
Date:   Wed, 13 Feb 2019 14:47:46 +0100
Message-ID: <15500656661454@kroah.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ANSI_X3.4-1968
Content-Transfer-Encoding: 8bit
Sender: stable-owner@vger.kernel.org
Precedence: bulk
List-ID: <stable.vger.kernel.org>
X-Mailing-List: stable@vger.kernel.org


The patch below does not apply to the 3.18-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable@vger.kernel.org>.

thanks,

greg k-h

------------------ original commit in Linus's tree ------------------

>From 0722069a5374b904ec1a67f91249f90e1cfae259 Mon Sep 17 00:00:00 2001
From: Andreas Ziegler <andreas.ziegler@fau.de>
Date: Wed, 16 Jan 2019 15:16:29 +0100
Subject: [PATCH] tracing/uprobes: Fix output for multiple string arguments

When printing multiple uprobe arguments as strings the output for the
earlier arguments would also include all later string arguments.

This is best explained in an example:

Consider adding a uprobe to a function receiving two strings as
parameters which is at offset 0xa0 in strlib.so and we want to print
both parameters when the uprobe is hit (on x86_64):

$ echo 'p:func /lib/strlib.so:0xa0 +0(%di):string +0(%si):string' > \
    /sys/kernel/debug/tracing/uprobe_events

When the function is called as func("foo", "bar") and we hit the probe,
the trace file shows a line like the following:

  [...] func: (0x7f7e683706a0) arg1="foobar" arg2="bar"

Note the extra "bar" printed as part of arg1. This behaviour stacks up
for additional string arguments.

The strings are stored in a dynamically growing part of the uprobe
buffer by fetch_store_string() after copying them from userspace via
strncpy_from_user(). The return value of strncpy_from_user() is then
directly used as the required size for the string. However, this does
not take the terminating null byte into account as the documentation
for strncpy_from_user() cleary states that it "[...] returns the
length of the string (not including the trailing NUL)" even though the
null byte will be copied to the destination.

Therefore, subsequent calls to fetch_store_string() will overwrite
the terminating null byte of the most recently fetched string with
the first character of the current string, leading to the
"accumulation" of strings in earlier arguments in the output.

Fix this by incrementing the return value of strncpy_from_user() by
one if we did not hit the maximum buffer size.

Link: http://lkml.kernel.org/r/20190116141629.5752-1-andreas.ziegler@fau.de

Cc: Ingo Molnar <mingo@redhat.com>
Cc: stable@vger.kernel.org
Fixes: 5baaa59ef09e ("tracing/probes: Implement 'memory' fetch method for uprobes")
Acked-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Andreas Ziegler <andreas.ziegler@fau.de>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>

diff --git a/kernel/trace/trace_uprobe.c b/kernel/trace/trace_uprobe.c
index 19a1a8e19062..9bde07c06362 100644
--- a/kernel/trace/trace_uprobe.c
+++ b/kernel/trace/trace_uprobe.c
@@ -160,6 +160,13 @@ fetch_store_string(unsigned long addr, void *dest, void *base)
 	if (ret >= 0) {
 		if (ret == maxlen)
 			dst[ret - 1] = '\0';
+		else
+			/*
+			 * Include the terminating null byte. In this case it
+			 * was copied by strncpy_from_user but not accounted
+			 * for in ret.
+			 */
+			ret++;
 		*(u32 *)dest = make_data_loc(ret, (void *)dst - base);
 	}