• Andreas Ziegler's avatar
    tracing/uprobes: Fix output for multiple string arguments · 137f4db1
    Andreas Ziegler authored
    commit 0722069a5374b904ec1a67f91249f90e1cfae259 upstream.
    
    When printing multiple uprobe arguments as strings the output for the
    earlier arguments would also include all later string arguments.
    
    This is best explained in an example:
    
    Consider adding a uprobe to a function receiving two strings as
    parameters which is at offset 0xa0 in strlib.so and we want to print
    both parameters when the uprobe is hit (on x86_64):
    
    $ echo 'p:func /lib/strlib.so:0xa0 +0(%di):string +0(%si):string' > \
        /sys/kernel/debug/tracing/uprobe_events
    
    When the function is called as func("foo", "bar") and we hit the probe,
    the trace file shows a line like the following:
    
      [...] func: (0x7f7e683706a0) arg1="foobar" arg2="bar"
    
    Note the extra "bar" printed as part of arg1. This behaviour stacks up
    for additional string arguments.
    
    The strings are stored in a dynamically growing part of the uprobe
    buffer by fetch_store_string() after copying them from userspace via
    strncpy_from_user(). The return value of strncpy_from_user() is then
    directly used as the required size for the string. However, this does
    not take the terminating null byte into account as the documentation
    for strncpy_from_user() cleary states that it "[...] returns the
    length of the string (not including the trailing NUL)" even though the
    null byte will be copied to the destination.
    
    Therefore, subsequent calls to fetch_store_string() will overwrite
    the terminating null byte of the most recently fetched string with
    the first character of the current string, leading to the
    "accumulation" of strings in earlier arguments in the output.
    
    Fix this by incrementing the return value of strncpy_from_user() by
    one if we did not hit the maximum buffer size.
    
    Link: http://lkml.kernel.org/r/20190116141629.5752-1-andreas.ziegler@fau.de
    
    Cc: Ingo Molnar <mingo@redhat.com>
    Cc: stable@vger.kernel.org
    Fixes: 5baaa59e ("tracing/probes: Implement 'memory' fetch method for uprobes")
    Acked-by: 's avatarMasami Hiramatsu <mhiramat@kernel.org>
    Signed-off-by: 's avatarAndreas Ziegler <andreas.ziegler@fau.de>
    Signed-off-by: 's avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
    Signed-off-by: 's avatarMasami Hiramatsu <mhiramat@kernel.org>
    Signed-off-by: 's avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    137f4db1
Name
Last commit
Last update
Documentation Loading commit data...
arch Loading commit data...
block Loading commit data...
certs Loading commit data...
crypto Loading commit data...
drivers Loading commit data...
firmware Loading commit data...
fs Loading commit data...
include Loading commit data...
init Loading commit data...
ipc Loading commit data...
kernel Loading commit data...
lib Loading commit data...
mm Loading commit data...
net Loading commit data...
samples Loading commit data...
scripts Loading commit data...
security Loading commit data...
sound Loading commit data...
tools Loading commit data...
usr Loading commit data...
virt Loading commit data...
.get_maintainer.ignore Loading commit data...
.gitignore Loading commit data...
.mailmap Loading commit data...
COPYING Loading commit data...
CREDITS Loading commit data...
Kbuild Loading commit data...
Kconfig Loading commit data...
MAINTAINERS Loading commit data...
Makefile Loading commit data...
README Loading commit data...
REPORTING-BUGS Loading commit data...