Re: [PATCH] tracing/probes: fix traceprobe out-of-bounds argument allocation
From: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Date: 2024-08-25 07:41:35
Hi, On Tue, 13 Aug 2024 13:25:40 -0400 Fernando Fernandez Mancera [off-list ref] wrote:
When initializing trace_probes::nr_args, make sure the maximum number of probe arguments is honored. Oherwise, we can hit a NULL pointer dereferences in multiple situations like on traceprobe_set_print_fmt(). Link: https://bugzilla.redhat.com/2303876
Sorry for replying later. I'm not sure why but I did not found this in my mbox... Anyway, trace_probe_init() should return -E2BIG in this case because it is actuall wrong value. Can you update your patch? Thank you,
quoted hunk ↗ jump to hunk
Fixes: 035ba76014c0 ("tracing/probes: cleanup: Set trace_probe::nr_args at trace_probe_init") Signed-off-by: Fernando Fernandez Mancera <redacted> --- kernel/trace/trace_probe.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-)diff --git a/kernel/trace/trace_probe.c b/kernel/trace/trace_probe.c index 39877c80d6cb..f577b5e71026 100644 --- a/kernel/trace/trace_probe.c +++ b/kernel/trace/trace_probe.c@@ -2043,10 +2043,14 @@ int trace_probe_init(struct trace_probe *tp, const char *event, goto error; } - tp->nr_args = nargs; + if (nargs > MAX_TRACE_ARGS) + tp->nr_args = MAX_TRACE_ARGS; + else + tp->nr_args = nargs; + /* Make sure pointers in args[] are NULL */ if (nargs) - memset(tp->args, 0, sizeof(tp->args[0]) * nargs); + memset(tp->args, 0, sizeof(tp->args[0]) * tp->nr_args); return 0;
-- Masami Hiramatsu (Google) [off-list ref]