From cc584d6692836e86ca05df7cf58a1873b11fca56 Mon Sep 17 00:00:00 2001 From: Mathieu Desnoyers Date: Fri, 5 Feb 2021 16:21:47 -0500 Subject: [PATCH] Fix: writeback: out-of-bound reads Use ctf_string rather than ctf_array_text for name fields, because the source strings are not guaranteed to be at least 32 bytes. Signed-off-by: Mathieu Desnoyers --- include/instrumentation/events/writeback.h | 76 +++++++++++----------- 1 file changed, 38 insertions(+), 38 deletions(-) diff --git a/include/instrumentation/events/writeback.h b/include/instrumentation/events/writeback.h index b6dfd4c0..3d5df91f 100644 --- a/include/instrumentation/events/writeback.h +++ b/include/instrumentation/events/writeback.h @@ -96,8 +96,8 @@ LTTNG_TRACEPOINT_EVENT(writeback_dirty_page, TP_PROTO(struct page *page, struct address_space *mapping), TP_ARGS(page, mapping), TP_FIELDS( - ctf_array_text(char, name, - mapping ? dev_name(lttng_inode_to_bdi(mapping->host)->dev) : "(unknown)", 32) + ctf_string(name, + mapping ? dev_name(lttng_inode_to_bdi(mapping->host)->dev) : "(unknown)") ctf_integer(unsigned long, ino, mapping ? mapping->host->i_ino : 0) ctf_integer(pgoff_t, index, page->index) ) @@ -108,9 +108,9 @@ LTTNG_TRACEPOINT_EVENT_CLASS(writeback_dirty_inode_template, TP_ARGS(inode, flags), TP_FIELDS( /* may be called for files on pseudo FSes w/ unregistered bdi */ - ctf_array_text(char, name, + ctf_string(name, lttng_inode_to_bdi(inode)->dev ? - dev_name(lttng_inode_to_bdi(inode)->dev) : "(unknown)", 32) + dev_name(lttng_inode_to_bdi(inode)->dev) : "(unknown)") ctf_integer(unsigned long, ino, inode->i_ino) ctf_integer(unsigned long, state, inode->i_state) ctf_integer(unsigned long, flags, flags) @@ -128,8 +128,8 @@ LTTNG_TRACEPOINT_EVENT_CLASS(writeback_write_inode_template, TP_PROTO(struct inode *inode, struct writeback_control *wbc), TP_ARGS(inode, wbc), TP_FIELDS( - ctf_array_text(char, name, - dev_name(lttng_inode_to_bdi(inode)->dev), 32) + ctf_string(name, + dev_name(lttng_inode_to_bdi(inode)->dev)) ctf_integer(unsigned long, ino, inode->i_ino) ctf_integer(int, sync_mode, wbc->sync_mode) ) @@ -148,8 +148,8 @@ LTTNG_TRACEPOINT_EVENT(writeback_dirty_page, TP_PROTO(struct page *page, struct address_space *mapping), TP_ARGS(page, mapping), TP_FIELDS( - ctf_array_text(char, name, - mapping ? dev_name(mapping->backing_dev_info->dev) : "(unknown)", 32) + ctf_string(name, + mapping ? dev_name(mapping->backing_dev_info->dev) : "(unknown)") ctf_integer(unsigned long, ino, mapping ? mapping->host->i_ino : 0) ctf_integer(pgoff_t, index, page->index) ) @@ -160,10 +160,10 @@ LTTNG_TRACEPOINT_EVENT_CLASS(writeback_dirty_inode_template, TP_ARGS(inode, flags), TP_FIELDS( /* may be called for files on pseudo FSes w/ unregistered bdi */ - ctf_array_text(char, name, + ctf_string(name, inode->i_mapping->backing_dev_info->dev ? dev_name(inode->i_mapping->backing_dev_info->dev) - : "(unknown)", 32) + : "(unknown)") ctf_integer(unsigned long, ino, inode->i_ino) ctf_integer(unsigned long, flags, flags) ) @@ -179,8 +179,8 @@ LTTNG_TRACEPOINT_EVENT_CLASS(writeback_write_inode_template, TP_PROTO(struct inode *inode, struct writeback_control *wbc), TP_ARGS(inode, wbc), TP_FIELDS( - ctf_array_text(char, name, - dev_name(inode->i_mapping->backing_dev_info->dev), 32) + ctf_string(name, + dev_name(inode->i_mapping->backing_dev_info->dev)) ctf_integer(unsigned long, ino, inode->i_ino) ctf_integer(int, sync_mode, wbc->sync_mode) ) @@ -201,8 +201,8 @@ LTTNG_TRACEPOINT_EVENT_CLASS(writeback_work_class, TP_PROTO(struct bdi_writeback *wb, struct wb_writeback_work *work), TP_ARGS(wb, work), TP_FIELDS( - ctf_array_text(char, name, wb->bdi->dev ? dev_name(wb->bdi->dev) : - "(unknown)", 32) + ctf_string(name, wb->bdi->dev ? dev_name(wb->bdi->dev) : + "(unknown)") ) ) @@ -212,8 +212,8 @@ LTTNG_TRACEPOINT_EVENT_CLASS(writeback_work_class, TP_PROTO(struct backing_dev_info *bdi, struct wb_writeback_work *work), TP_ARGS(bdi, work), TP_FIELDS( - ctf_array_text(char, name, bdi->dev ? dev_name(bdi->dev) : - "(unknown)", 32) + ctf_string(name, bdi->dev ? dev_name(bdi->dev) : + "(unknown)") ) ) @@ -223,9 +223,9 @@ LTTNG_TRACEPOINT_EVENT_CLASS(writeback_work_class, TP_PROTO(struct backing_dev_info *bdi, struct wb_writeback_work *work), TP_ARGS(bdi, work), TP_FIELDS( - ctf_array_text(char, name, + ctf_string(name, dev_name(bdi->dev ? bdi->dev : - default_backing_dev_info.dev), 32) + default_backing_dev_info.dev)) ) ) @@ -270,8 +270,8 @@ LTTNG_TRACEPOINT_EVENT_CLASS(writeback_class, TP_PROTO(struct bdi_writeback *wb), TP_ARGS(wb), TP_FIELDS( - ctf_array_text(char, name, - dev_name(wb->bdi->dev), 32) + ctf_string(name, + dev_name(wb->bdi->dev)) ) ) @@ -290,8 +290,8 @@ LTTNG_TRACEPOINT_EVENT(writeback_bdi_register, TP_PROTO(struct backing_dev_info *bdi), TP_ARGS(bdi), TP_FIELDS( - ctf_array_text(char, name, - dev_name(bdi->dev), 32) + ctf_string(name, + dev_name(bdi->dev)) ) ) @@ -301,8 +301,8 @@ LTTNG_TRACEPOINT_EVENT_CLASS(writeback_class, TP_PROTO(struct backing_dev_info *bdi), TP_ARGS(bdi), TP_FIELDS( - ctf_array_text(char, name, - dev_name(bdi->dev), 32) + ctf_string(name, + dev_name(bdi->dev)) ) ) @@ -341,7 +341,7 @@ LTTNG_TRACEPOINT_EVENT_MAP(balance_dirty_written, TP_ARGS(bdi, written), TP_FIELDS( - ctf_array_text(char, name, dev_name(bdi->dev), 32) + ctf_string(name, dev_name(bdi->dev)) ctf_integer(int, written, written) ) ) @@ -351,7 +351,7 @@ LTTNG_TRACEPOINT_EVENT_CLASS(writeback_wbc_class, TP_PROTO(struct writeback_control *wbc, struct backing_dev_info *bdi), TP_ARGS(wbc, bdi), TP_FIELDS( - ctf_array_text(char, name, dev_name(bdi->dev), 32) + ctf_string(name, dev_name(bdi->dev)) ctf_integer(long, nr_to_write, wbc->nr_to_write) ctf_integer(long, pages_skipped, wbc->pages_skipped) ctf_integer(int, sync_mode, wbc->sync_mode) @@ -399,7 +399,7 @@ LTTNG_TRACEPOINT_EVENT(writeback_queue_io, int moved), TP_ARGS(wb, work, dirtied_before, moved), TP_FIELDS( - ctf_array_text(char, name, dev_name(wb->bdi->dev), 32) + ctf_string(name, dev_name(wb->bdi->dev)) ctf_integer(unsigned long, older, dirtied_before) ctf_integer(int, moved, moved) ) @@ -411,7 +411,7 @@ LTTNG_TRACEPOINT_EVENT(writeback_queue_io, int moved), TP_ARGS(wb, work, moved), TP_FIELDS( - ctf_array_text(char, name, dev_name(wb->bdi->dev), 32) + ctf_string(name, dev_name(wb->bdi->dev)) ctf_integer(int, moved, moved) ) ) @@ -422,7 +422,7 @@ LTTNG_TRACEPOINT_EVENT(writeback_queue_io, int moved), TP_ARGS(wb, older_than_this, moved), TP_FIELDS( - ctf_array_text(char, name, dev_name(wb->bdi->dev), 32) + ctf_string(name, dev_name(wb->bdi->dev)) ctf_integer(unsigned long, older, older_than_this ? *older_than_this : 0) ctf_integer(long, age, @@ -524,7 +524,7 @@ LTTNG_TRACEPOINT_EVENT_MAP(bdi_dirty_ratelimit, TP_ARGS(wb, dirty_rate, task_ratelimit), TP_FIELDS( - ctf_array_text(char, bdi, dev_name(wb->bdi->dev), 32) + ctf_string(bdi, dev_name(wb->bdi->dev)) ctf_integer(unsigned long, write_bw, KBps(wb->bdi->wb.write_bandwidth)) ctf_integer(unsigned long, avg_write_bw, KBps(wb->bdi->wb.avg_write_bandwidth)) ctf_integer(unsigned long, dirty_rate, KBps(dirty_rate)) @@ -548,7 +548,7 @@ LTTNG_TRACEPOINT_EVENT_MAP(bdi_dirty_ratelimit, TP_ARGS(bdi, dirty_rate, task_ratelimit), TP_FIELDS( - ctf_array_text(char, bdi, dev_name(bdi->dev), 32) + ctf_string(bdi, dev_name(bdi->dev)) ctf_integer(unsigned long, write_bw, KBps(bdi->wb.write_bandwidth)) ctf_integer(unsigned long, avg_write_bw, KBps(bdi->wb.avg_write_bandwidth)) ctf_integer(unsigned long, dirty_rate, KBps(dirty_rate)) @@ -572,7 +572,7 @@ LTTNG_TRACEPOINT_EVENT_MAP(bdi_dirty_ratelimit, TP_ARGS(bdi, dirty_rate, task_ratelimit), TP_FIELDS( - ctf_array_text(char, bdi, dev_name(bdi->dev), 32) + ctf_string(bdi, dev_name(bdi->dev)) ctf_integer(unsigned long, write_bw, KBps(bdi->write_bandwidth)) ctf_integer(unsigned long, avg_write_bw, KBps(bdi->avg_write_bandwidth)) ctf_integer(unsigned long, dirty_rate, KBps(dirty_rate)) @@ -610,7 +610,7 @@ LTTNG_TRACEPOINT_EVENT_MAP(balance_dirty_pages, ), TP_FIELDS( - ctf_array_text(char, bdi, dev_name(wb->bdi->dev), 32) + ctf_string(bdi, dev_name(wb->bdi->dev)) ctf_integer(unsigned long, limit, global_dirty_limit) ctf_integer(unsigned long, setpoint, (global_dirty_limit + (thresh + bg_thresh) / 2) / 2) @@ -668,7 +668,7 @@ LTTNG_TRACEPOINT_EVENT_MAP(balance_dirty_pages, ), TP_FIELDS( - ctf_array_text(char, bdi, dev_name(bdi->dev), 32) + ctf_string(bdi, dev_name(bdi->dev)) ctf_integer(unsigned long, limit, global_dirty_limit) ctf_integer(unsigned long, setpoint, (global_dirty_limit + (thresh + bg_thresh) / 2) / 2) @@ -707,8 +707,8 @@ LTTNG_TRACEPOINT_EVENT(writeback_sb_inodes_requeue, TP_ARGS(inode), TP_FIELDS( - ctf_array_text(char, name, - dev_name(lttng_inode_to_bdi(inode)->dev), 32) + ctf_string(name, + dev_name(lttng_inode_to_bdi(inode)->dev)) ctf_integer(unsigned long, ino, inode->i_ino) ctf_integer(unsigned long, state, inode->i_state) ctf_integer(unsigned long, dirtied_when, inode->dirtied_when) @@ -753,8 +753,8 @@ LTTNG_TRACEPOINT_EVENT_CLASS(writeback_single_inode_template, TP_ARGS(inode, wbc, nr_to_write), TP_FIELDS( - ctf_array_text(char, name, - dev_name(lttng_inode_to_bdi(inode)->dev), 32) + ctf_string(name, + dev_name(lttng_inode_to_bdi(inode)->dev)) ctf_integer(unsigned long, ino, inode->i_ino) ctf_integer(unsigned long, state, inode->i_state) ctf_integer(unsigned long, dirtied_when, inode->dirtied_when) -- 2.34.1