From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Andrii Nakryiko <andrii@kernel.org>,
Jiri Olsa <jolsa@kernel.org>,
"Masami Hiramatsu (Google)" <mhiramat@kernel.org>,
Sasha Levin <sashal@kernel.org>,
Vamsi Krishna Brahmajosyula
<vamsi-krishna.brahmajosyula@broadcom.com>
Subject: [PATCH 6.1 31/39] uprobes: encapsulate preparation of uprobe args buffer
Date: Fri, 15 Nov 2024 07:38:41 +0100 [thread overview]
Message-ID: <20241115063723.731582037@linuxfoundation.org> (raw)
In-Reply-To: <20241115063722.599985562@linuxfoundation.org>
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrii Nakryiko <andrii@kernel.org>
commit 3eaea21b4d27cff0017c20549aeb53034c58fc23 upstream.
Move the logic of fetching temporary per-CPU uprobe buffer and storing
uprobes args into it to a new helper function. Store data size as part
of this buffer, simplifying interfaces a bit, as now we only pass single
uprobe_cpu_buffer reference around, instead of pointer + dsize.
This logic was duplicated across uprobe_dispatcher and uretprobe_dispatcher,
and now will be centralized. All this is also in preparation to make
this uprobe_cpu_buffer handling logic optional in the next patch.
Link: https://lore.kernel.org/all/20240318181728.2795838-2-andrii@kernel.org/
[Masami: update for v6.9-rc3 kernel]
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Reviewed-by: Jiri Olsa <jolsa@kernel.org>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Stable-dep-of: 373b9338c972 ("uprobe: avoid out-of-bounds memory access of fetching args")
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Vamsi Krishna Brahmajosyula <vamsi-krishna.brahmajosyula@broadcom.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/trace_uprobe.c | 79 ++++++++++++++++++++++----------------------
1 file changed, 41 insertions(+), 38 deletions(-)
--- a/kernel/trace/trace_uprobe.c
+++ b/kernel/trace/trace_uprobe.c
@@ -858,6 +858,7 @@ static const struct file_operations upro
struct uprobe_cpu_buffer {
struct mutex mutex;
void *buf;
+ int dsize;
};
static struct uprobe_cpu_buffer __percpu *uprobe_cpu_buffer;
static int uprobe_buffer_refcnt;
@@ -947,9 +948,26 @@ static void uprobe_buffer_put(struct upr
mutex_unlock(&ucb->mutex);
}
+static struct uprobe_cpu_buffer *prepare_uprobe_buffer(struct trace_uprobe *tu,
+ struct pt_regs *regs)
+{
+ struct uprobe_cpu_buffer *ucb;
+ int dsize, esize;
+
+ esize = SIZEOF_TRACE_ENTRY(is_ret_probe(tu));
+ dsize = __get_data_size(&tu->tp, regs);
+
+ ucb = uprobe_buffer_get();
+ ucb->dsize = tu->tp.size + dsize;
+
+ store_trace_args(ucb->buf, &tu->tp, regs, esize, dsize);
+
+ return ucb;
+}
+
static void __uprobe_trace_func(struct trace_uprobe *tu,
unsigned long func, struct pt_regs *regs,
- struct uprobe_cpu_buffer *ucb, int dsize,
+ struct uprobe_cpu_buffer *ucb,
struct trace_event_file *trace_file)
{
struct uprobe_trace_entry_head *entry;
@@ -960,14 +978,14 @@ static void __uprobe_trace_func(struct t
WARN_ON(call != trace_file->event_call);
- if (WARN_ON_ONCE(tu->tp.size + dsize > PAGE_SIZE))
+ if (WARN_ON_ONCE(ucb->dsize > PAGE_SIZE))
return;
if (trace_trigger_soft_disabled(trace_file))
return;
esize = SIZEOF_TRACE_ENTRY(is_ret_probe(tu));
- size = esize + tu->tp.size + dsize;
+ size = esize + ucb->dsize;
entry = trace_event_buffer_reserve(&fbuffer, trace_file, size);
if (!entry)
return;
@@ -981,14 +999,14 @@ static void __uprobe_trace_func(struct t
data = DATAOF_TRACE_ENTRY(entry, false);
}
- memcpy(data, ucb->buf, tu->tp.size + dsize);
+ memcpy(data, ucb->buf, ucb->dsize);
trace_event_buffer_commit(&fbuffer);
}
/* uprobe handler */
static int uprobe_trace_func(struct trace_uprobe *tu, struct pt_regs *regs,
- struct uprobe_cpu_buffer *ucb, int dsize)
+ struct uprobe_cpu_buffer *ucb)
{
struct event_file_link *link;
@@ -997,7 +1015,7 @@ static int uprobe_trace_func(struct trac
rcu_read_lock();
trace_probe_for_each_link_rcu(link, &tu->tp)
- __uprobe_trace_func(tu, 0, regs, ucb, dsize, link->file);
+ __uprobe_trace_func(tu, 0, regs, ucb, link->file);
rcu_read_unlock();
return 0;
@@ -1005,13 +1023,13 @@ static int uprobe_trace_func(struct trac
static void uretprobe_trace_func(struct trace_uprobe *tu, unsigned long func,
struct pt_regs *regs,
- struct uprobe_cpu_buffer *ucb, int dsize)
+ struct uprobe_cpu_buffer *ucb)
{
struct event_file_link *link;
rcu_read_lock();
trace_probe_for_each_link_rcu(link, &tu->tp)
- __uprobe_trace_func(tu, func, regs, ucb, dsize, link->file);
+ __uprobe_trace_func(tu, func, regs, ucb, link->file);
rcu_read_unlock();
}
@@ -1339,7 +1357,7 @@ static bool uprobe_perf_filter(struct up
static void __uprobe_perf_func(struct trace_uprobe *tu,
unsigned long func, struct pt_regs *regs,
- struct uprobe_cpu_buffer *ucb, int dsize)
+ struct uprobe_cpu_buffer *ucb)
{
struct trace_event_call *call = trace_probe_event_call(&tu->tp);
struct uprobe_trace_entry_head *entry;
@@ -1360,7 +1378,7 @@ static void __uprobe_perf_func(struct tr
esize = SIZEOF_TRACE_ENTRY(is_ret_probe(tu));
- size = esize + tu->tp.size + dsize;
+ size = esize + ucb->dsize;
size = ALIGN(size + sizeof(u32), sizeof(u64)) - sizeof(u32);
if (WARN_ONCE(size > PERF_MAX_TRACE_SIZE, "profile buffer not large enough"))
return;
@@ -1383,13 +1401,10 @@ static void __uprobe_perf_func(struct tr
data = DATAOF_TRACE_ENTRY(entry, false);
}
- memcpy(data, ucb->buf, tu->tp.size + dsize);
-
- if (size - esize > tu->tp.size + dsize) {
- int len = tu->tp.size + dsize;
+ memcpy(data, ucb->buf, ucb->dsize);
- memset(data + len, 0, size - esize - len);
- }
+ if (size - esize > ucb->dsize)
+ memset(data + ucb->dsize, 0, size - esize - ucb->dsize);
perf_trace_buf_submit(entry, size, rctx, call->event.type, 1, regs,
head, NULL);
@@ -1399,21 +1414,21 @@ static void __uprobe_perf_func(struct tr
/* uprobe profile handler */
static int uprobe_perf_func(struct trace_uprobe *tu, struct pt_regs *regs,
- struct uprobe_cpu_buffer *ucb, int dsize)
+ struct uprobe_cpu_buffer *ucb)
{
if (!uprobe_perf_filter(&tu->consumer, 0, current->mm))
return UPROBE_HANDLER_REMOVE;
if (!is_ret_probe(tu))
- __uprobe_perf_func(tu, 0, regs, ucb, dsize);
+ __uprobe_perf_func(tu, 0, regs, ucb);
return 0;
}
static void uretprobe_perf_func(struct trace_uprobe *tu, unsigned long func,
struct pt_regs *regs,
- struct uprobe_cpu_buffer *ucb, int dsize)
+ struct uprobe_cpu_buffer *ucb)
{
- __uprobe_perf_func(tu, func, regs, ucb, dsize);
+ __uprobe_perf_func(tu, func, regs, ucb);
}
int bpf_get_uprobe_info(const struct perf_event *event, u32 *fd_type,
@@ -1479,10 +1494,8 @@ static int uprobe_dispatcher(struct upro
struct trace_uprobe *tu;
struct uprobe_dispatch_data udd;
struct uprobe_cpu_buffer *ucb;
- int dsize, esize;
int ret = 0;
-
tu = container_of(con, struct trace_uprobe, consumer);
tu->nhit++;
@@ -1494,18 +1507,14 @@ static int uprobe_dispatcher(struct upro
if (WARN_ON_ONCE(!uprobe_cpu_buffer))
return 0;
- dsize = __get_data_size(&tu->tp, regs);
- esize = SIZEOF_TRACE_ENTRY(is_ret_probe(tu));
-
- ucb = uprobe_buffer_get();
- store_trace_args(ucb->buf, &tu->tp, regs, esize, dsize);
+ ucb = prepare_uprobe_buffer(tu, regs);
if (trace_probe_test_flag(&tu->tp, TP_FLAG_TRACE))
- ret |= uprobe_trace_func(tu, regs, ucb, dsize);
+ ret |= uprobe_trace_func(tu, regs, ucb);
#ifdef CONFIG_PERF_EVENTS
if (trace_probe_test_flag(&tu->tp, TP_FLAG_PROFILE))
- ret |= uprobe_perf_func(tu, regs, ucb, dsize);
+ ret |= uprobe_perf_func(tu, regs, ucb);
#endif
uprobe_buffer_put(ucb);
return ret;
@@ -1517,7 +1526,6 @@ static int uretprobe_dispatcher(struct u
struct trace_uprobe *tu;
struct uprobe_dispatch_data udd;
struct uprobe_cpu_buffer *ucb;
- int dsize, esize;
tu = container_of(con, struct trace_uprobe, consumer);
@@ -1529,18 +1537,13 @@ static int uretprobe_dispatcher(struct u
if (WARN_ON_ONCE(!uprobe_cpu_buffer))
return 0;
- dsize = __get_data_size(&tu->tp, regs);
- esize = SIZEOF_TRACE_ENTRY(is_ret_probe(tu));
-
- ucb = uprobe_buffer_get();
- store_trace_args(ucb->buf, &tu->tp, regs, esize, dsize);
-
+ ucb = prepare_uprobe_buffer(tu, regs);
if (trace_probe_test_flag(&tu->tp, TP_FLAG_TRACE))
- uretprobe_trace_func(tu, func, regs, ucb, dsize);
+ uretprobe_trace_func(tu, func, regs, ucb);
#ifdef CONFIG_PERF_EVENTS
if (trace_probe_test_flag(&tu->tp, TP_FLAG_PROFILE))
- uretprobe_perf_func(tu, func, regs, ucb, dsize);
+ uretprobe_perf_func(tu, func, regs, ucb);
#endif
uprobe_buffer_put(ucb);
return 0;
next prev parent reply other threads:[~2024-11-15 6:54 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-15 6:38 [PATCH 6.1 00/39] 6.1.118-rc1 review Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 01/39] Revert "Bluetooth: fix use-after-free in accessing skb after sending it" Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 02/39] Revert "Bluetooth: hci_sync: Fix overwriting request callback" Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 03/39] Revert "Bluetooth: af_bluetooth: Fix deadlock" Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 04/39] Revert "Bluetooth: hci_core: Fix possible buffer overflow" Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 05/39] Revert "Bluetooth: hci_conn: Consolidate code for aborting connections" Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 06/39] 9p: Avoid creating multiple slab caches with the same name Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 07/39] irqchip/ocelot: Fix trigger register address Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 08/39] nvme: tcp: avoid race between queue_lock lock and destroy Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 09/39] block: Fix elevator_get_default() checking for NULL q->tag_set Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 10/39] HID: multitouch: Add support for B2402FVA track point Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 11/39] HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 12/39] nvme: disable CC.CRIME (NVME_CC_CRIME) Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 13/39] bpf: use kvzmalloc to allocate BPF verifier environment Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 14/39] crypto: api - Fix liveliness check in crypto_alg_tested Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 15/39] crypto: marvell/cesa - Disable hash algorithms Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 16/39] sound: Make CONFIG_SND depend on INDIRECT_IOMEM instead of UML Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 17/39] drm/vmwgfx: Limit display layout ioctl array size to VMWGFX_NUM_DISPLAY_UNITS Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 18/39] kasan: Disable Software Tag-Based KASAN with GCC Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 19/39] nvme-multipath: defer partition scanning Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 20/39] powerpc/powernv: Free name on error in opal_event_init() Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 21/39] nvme: make keep-alive synchronous operation Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 22/39] vDPA/ifcvf: Fix pci_read_config_byte() return code handling Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 23/39] bpf: Fix mismatched RCU unlock flavour in bpf_out_neigh_v6 Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 24/39] fs: Fix uninitialized value issue in from_kuid and from_kgid Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 25/39] HID: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 26/39] HID: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 27/39] LoongArch: Use "Exception return address" to comment ERA Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 28/39] net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 29/39] md/raid10: improve code of mrdev in raid10_sync_request Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 30/39] io_uring: fix possible deadlock in io_register_iowq_max_workers() Greg Kroah-Hartman
2024-11-15 6:38 ` Greg Kroah-Hartman [this message]
2024-11-15 6:38 ` [PATCH 6.1 32/39] uprobe: avoid out-of-bounds memory access of fetching args Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 33/39] drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 34/39] ext4: fix timer use-after-free on failed mount Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 35/39] Bluetooth: L2CAP: Fix uaf in l2cap_connect Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 36/39] mm: krealloc: Fix MTE false alarm in __do_krealloc Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 37/39] platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 38/39] fs/ntfs3: Fix general protection fault in run_is_mapped_full Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 39/39] 9p: fix slab cache name creation for real Greg Kroah-Hartman
2024-11-15 12:43 ` [PATCH 6.1 00/39] 6.1.118-rc1 review Peter Schneider
2024-11-15 18:11 ` Jon Hunter
2024-11-15 18:26 ` SeongJae Park
2024-11-15 19:14 ` Florian Fainelli
2024-11-15 21:26 ` Mark Brown
2024-11-16 0:04 ` Ron Economos
2024-11-16 12:24 ` Naresh Kamboju
2024-11-16 17:20 ` [PATCH 6.1] " Hardik Garg
2024-11-16 21:10 ` [PATCH 6.1 00/39] " Shuah Khan
2024-11-17 13:27 ` Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241115063723.731582037@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=andrii@kernel.org \
--cc=jolsa@kernel.org \
--cc=mhiramat@kernel.org \
--cc=patches@lists.linux.dev \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=vamsi-krishna.brahmajosyula@broadcom.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox