qiurui
/
linux-kernelorg-stable
mirror of https://kernel.googlesource.com/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux-kernelorg-stable/kernel
History
Steven Rostedt ea8d7647f9 tracing: Verify event formats that have "%*p.." 
The trace event verifier checks the formats of trace events to make sure
that they do not point at memory that is not in the trace event itself or
in data that will never be freed. If an event references data that was
allocated when the event triggered and that same data is freed before the
event is read, then the kernel can crash by reading freed memory.

The verifier runs at boot up (or module load) and scans the print formats
of the events and checks their arguments to make sure that dereferenced
pointers are safe. If the format uses "%*p.." the verifier will ignore it,
and that could be dangerous. Cover this case as well.

Also add to the sample code a use case of "%*pbl".

Link: https://lore.kernel.org/all/bcba4d76-2c3f-4d11-baf0-02905db953dd@oracle.com/

Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Fixes: 5013f454a3 ("tracing: Add check of trace event print fmts for dereferencing pointers")
Link: https://lore.kernel.org/20250327195311.2d89ec66@gandalf.local.home
Reported-by: Libo Chen <libo.chen@oracle.com>
Reviewed-by: Libo Chen <libo.chen@oracle.com>
Tested-by: Libo Chen <libo.chen@oracle.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
 		2025-04-02 09:51:26 -04:00
..
bpf bpf_try_alloc_pages 2025-03-30 13:45:28 -07:00
cgroup Scheduler updates for v6.15: 2025-03-24 21:28:12 -07:00
configs ubsan/overflow: Rework integer overflow sanitizer option to turn on everything 2025-03-07 19:58:05 -08:00
debug
dma dma-mapping: fix missing clear bdr in check_ram_in_range_map() 2025-03-12 13:41:44 +01:00
entry Objtool changes for v6.15: 2025-03-24 21:18:05 -07:00
events lsm/stable-6.15 PR 20250323 2025-03-25 15:44:19 -07:00
futex futex: Use a hashmask instead of hashsize 2025-02-26 16:07:59 +01:00
gcov
irq Revert "Merge tag 'irq-msi-2025-03-23' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip" 2025-03-28 11:22:54 -07:00
kcsan
livepatch Modules changes for 6.15-rc1 2025-03-30 15:44:36 -07:00
locking Miscellaneous locking fixes and updates: 2025-03-30 15:18:36 -07:00
module ring-buffer updates for v6.15 2025-03-31 13:37:22 -07:00
power This update includes the following changes: 2025-03-29 10:01:55 -07:00
printk printk changes for 6.15 2025-03-27 19:22:24 -07:00
rcu RCU pull request for v6.15 2025-03-24 19:41:37 -07:00
sched Latency tracing changes for v6.15: 2025-03-27 16:03:52 -07:00
time Networking changes for 6.15. 2025-03-26 21:48:21 -07:00
trace tracing: Verify event formats that have "%*p.." 2025-04-02 09:51:26 -04:00
.gitignore
Kconfig.freezer
Kconfig.hz
Kconfig.kexec
Kconfig.locks
Kconfig.preempt
Makefile tracing: Disable branch profiling in noinstr code 2025-03-22 09:49:26 +01:00
acct.c acct: block access to kernel internal filesystems 2025-02-12 12:24:16 +01:00
async.c
audit.c
audit.h
audit_fsnotify.c
audit_tree.c
audit_watch.c VFS: change kern_path_locked() and user_path_locked_at() to never return negative dentry 2025-02-19 14:08:41 +01:00
auditfilter.c
auditsc.c fs: dedup handling of struct filename init and refcounts bumps 2025-03-18 15:34:27 +01:00
backtracetest.c
bounds.c
capability.c capability: Remove unused has_capability 2025-03-07 22:03:09 -06:00
cfi.c Modules changes for 6.15-rc1 2025-03-30 15:44:36 -07:00
compat.c
configs.c
context_tracking.c context_tracking: Make RCU watch ct_kernel_exit_state() warning 2025-03-04 18:44:29 -08:00
cpu.c hyperv-next for 6.15 2025-03-25 14:47:04 -07:00
cpu_pm.c
crash_core.c crash: Use note name macros 2025-02-10 16:56:58 -08:00
crash_reserve.c
cred.c
delayacct.c
dma.c
elfcorehdr.c
exec_domain.c
exit.c kernel-6.15-rc1.tasklist_lock 2025-03-24 13:39:27 -07:00
exit.h
extable.c
fail_function.c
fork.c Miscellaneous x86 fixes and updates: 2025-03-30 15:25:15 -07:00
freezer.c
gen_kheaders.sh
groups.c
hung_task.c
iomem.c mm/memremap: Pass down MEMREMAP_* flags to arch_memremap_wb() 2025-02-21 15:05:38 +01:00
irq_work.c
jump_label.c jump_label: Use RCU in all users of __module_text_address(). 2025-03-10 11:54:46 +01:00
kallsyms.c kallsyms: Remove KALLSYMS_ABSOLUTE_PERCPU 2025-02-18 10:16:04 +01:00
kallsyms_internal.h
kallsyms_selftest.c
kallsyms_selftest.h
kcmp.c kcmp: improve performance adding an unlikely hint to task comparisons 2025-02-21 10:25:33 +01:00
kcov.c
kexec.c
kexec_core.c printk changes for 6.15 2025-03-27 19:22:24 -07:00
kexec_elf.c
kexec_file.c
kexec_internal.h
kheaders.c
kprobes.c kprobes: Use RCU in all users of __module_text_address(). 2025-03-10 11:54:46 +01:00
ksyms_common.c
ksysfs.c
kthread.c kthread: Fix return value on kzalloc() failure in kthread_affine_preferred() 2025-02-04 01:42:27 +01:00
latencytop.c
module_signature.c
notifier.c
nsproxy.c
padata.c padata: switch padata_find_next() to using cpumask_next_wrap() 2025-02-24 16:37:23 -05:00
panic.c taint: Add TAINT_FWCTL 2025-03-06 15:13:13 -04:00
params.c params: Annotate struct module_param_attrs with __counted_by() 2025-03-10 11:54:46 +01:00
pid.c kernel-6.15-rc1.tasklist_lock 2025-03-24 13:39:27 -07:00
pid_namespace.c pid: Do not set pid_max in new pid namespaces 2025-03-06 10:18:36 +01:00
pid_sysctl.h
profile.c
ptrace.c
range.c
reboot.c Flush console log from kernel_power_off() 2025-03-04 18:44:29 -08:00
regset.c
relay.c
resource.c
resource_kunit.c
rseq.c rseq: Fix segfault on registration when rseq_cs is non-zero 2025-03-06 22:26:49 +01:00
scftorture.c
scs.c
seccomp.c seccomp: avoid the lock trip seccomp_filter_release in common case 2025-02-24 11:17:10 -08:00
signal.c Updates for the core time/timer subsystem: 2025-03-25 10:33:23 -07:00
smp.c
smpboot.c
smpboot.h
softirq.c lockdep: Fix wait context check on softirq for PREEMPT_RT 2025-03-25 10:46:44 +01:00
stackleak.c
stacktrace.c
static_call.c
static_call_inline.c Modules changes for 6.15-rc1 2025-03-30 15:44:36 -07:00
stop_machine.c stop-machine: Add comment for rcu_momentary_eqs() 2025-03-11 10:15:52 -07:00
sys.c Updates for the core time/timer subsystem: 2025-03-25 10:33:23 -07:00
sys_ni.c
sysctl-test.c
sysctl.c s390 updates for 6.15 merge window 2025-03-29 11:59:43 -07:00
task_work.c
taskstats.c
torture.c torture: Add get_torture_init_jiffies() for test-start time 2025-02-05 07:14:24 -08:00
tracepoint.c tracepoint: Print the function symbol when tracepoint_debug is set 2025-03-21 15:30:10 -04:00
tsacct.c
ucount.c
uid16.c
uid16.h
umh.c
up.c
user-return-notifier.c
user.c
user_namespace.c uidgid: add map_id_range_up() 2025-02-12 12:12:27 +01:00
usermode_driver.c
utsname.c
utsname_sysctl.c
vhost_task.c vhost: return task creation error instead of NULL 2025-03-01 02:52:52 -05:00
vmcore_info.c
watch_queue.c vfs-6.15-rc1.pipe 2025-03-24 09:52:37 -07:00
watchdog.c A treewide hrtimer timer cleanup 2025-03-25 10:54:15 -07:00
watchdog_buddy.c
watchdog_perf.c watchdog/hardlockup/perf: Warn if watchdog_ev is leaked 2025-03-06 12:07:39 +01:00
workqueue.c workqueue: An update for v6.14-rc4 2025-02-26 14:22:47 -08:00
workqueue_internal.h