diff options
| author | Namhyung Kim <namhyung.kim@lge.com> | 2013-04-11 02:55:01 -0400 |
|---|---|---|
| committer | Steven Rostedt <rostedt@goodmis.org> | 2013-04-12 14:43:34 -0400 |
| commit | 6a76f8c0ab19f215af2a3442870eeb5f0e81998d (patch) | |
| tree | 551f1c13779323e06b8ef906192ba7a5d87aa7b6 | |
| parent | 83e03b3fe4daffdebbb42151d5410d730ae50bd1 (diff) | |
tracing: Fix possible NULL pointer dereferences
Currently set_ftrace_pid and set_graph_function files use seq_lseek
for their fops. However seq_open() is called only for FMODE_READ in
the fops->open() so that if an user tries to seek one of those file
when she open it for writing, it sees NULL seq_file and then panic.
It can be easily reproduced with following command:
$ cd /sys/kernel/debug/tracing
$ echo 1234 | sudo tee -a set_ftrace_pid
In this example, GNU coreutils' tee opens the file with fopen(, "a")
and then the fopen() internally calls lseek().
Link: http://lkml.kernel.org/r/1365663302-2170-1-git-send-email-namhyung@kernel.org
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Namhyung Kim <namhyung.kim@lge.com>
Cc: stable@vger.kernel.org
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
| -rw-r--r-- | include/linux/ftrace.h | 2 | ||||
| -rw-r--r-- | kernel/trace/ftrace.c | 10 | ||||
| -rw-r--r-- | kernel/trace/trace_stack.c | 2 |
3 files changed, 7 insertions, 7 deletions
diff --git a/include/linux/ftrace.h b/include/linux/ftrace.h index 167abf907802..eb3ce327b975 100644 --- a/include/linux/ftrace.h +++ b/include/linux/ftrace.h | |||
| @@ -396,7 +396,7 @@ ssize_t ftrace_filter_write(struct file *file, const char __user *ubuf, | |||
| 396 | size_t cnt, loff_t *ppos); | 396 | size_t cnt, loff_t *ppos); |
| 397 | ssize_t ftrace_notrace_write(struct file *file, const char __user *ubuf, | 397 | ssize_t ftrace_notrace_write(struct file *file, const char __user *ubuf, |
| 398 | size_t cnt, loff_t *ppos); | 398 | size_t cnt, loff_t *ppos); |
| 399 | loff_t ftrace_regex_lseek(struct file *file, loff_t offset, int whence); | 399 | loff_t ftrace_filter_lseek(struct file *file, loff_t offset, int whence); |
| 400 | int ftrace_regex_release(struct inode *inode, struct file *file); | 400 | int ftrace_regex_release(struct inode *inode, struct file *file); |
| 401 | 401 | ||
| 402 | void __init | 402 | void __init |
diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index 926ebfb74936..affc35d829cc 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c | |||
| @@ -2697,7 +2697,7 @@ ftrace_notrace_open(struct inode *inode, struct file *file) | |||
| 2697 | } | 2697 | } |
| 2698 | 2698 | ||
| 2699 | loff_t | 2699 | loff_t |
| 2700 | ftrace_regex_lseek(struct file *file, loff_t offset, int whence) | 2700 | ftrace_filter_lseek(struct file *file, loff_t offset, int whence) |
| 2701 | { | 2701 | { |
| 2702 | loff_t ret; | 2702 | loff_t ret; |
| 2703 | 2703 | ||
| @@ -3570,7 +3570,7 @@ static const struct file_operations ftrace_filter_fops = { | |||
| 3570 | .open = ftrace_filter_open, | 3570 | .open = ftrace_filter_open, |
| 3571 | .read = seq_read, | 3571 | .read = seq_read, |
| 3572 | .write = ftrace_filter_write, | 3572 | .write = ftrace_filter_write, |
| 3573 | .llseek = ftrace_regex_lseek, | 3573 | .llseek = ftrace_filter_lseek, |
| 3574 | .release = ftrace_regex_release, | 3574 | .release = ftrace_regex_release, |
| 3575 | }; | 3575 | }; |
| 3576 | 3576 | ||
| @@ -3578,7 +3578,7 @@ static const struct file_operations ftrace_notrace_fops = { | |||
| 3578 | .open = ftrace_notrace_open, | 3578 | .open = ftrace_notrace_open, |
| 3579 | .read = seq_read, | 3579 | .read = seq_read, |
| 3580 | .write = ftrace_notrace_write, | 3580 | .write = ftrace_notrace_write, |
| 3581 | .llseek = ftrace_regex_lseek, | 3581 | .llseek = ftrace_filter_lseek, |
| 3582 | .release = ftrace_regex_release, | 3582 | .release = ftrace_regex_release, |
| 3583 | }; | 3583 | }; |
| 3584 | 3584 | ||
| @@ -3783,8 +3783,8 @@ static const struct file_operations ftrace_graph_fops = { | |||
| 3783 | .open = ftrace_graph_open, | 3783 | .open = ftrace_graph_open, |
| 3784 | .read = seq_read, | 3784 | .read = seq_read, |
| 3785 | .write = ftrace_graph_write, | 3785 | .write = ftrace_graph_write, |
| 3786 | .llseek = ftrace_filter_lseek, | ||
| 3786 | .release = ftrace_graph_release, | 3787 | .release = ftrace_graph_release, |
| 3787 | .llseek = seq_lseek, | ||
| 3788 | }; | 3788 | }; |
| 3789 | #endif /* CONFIG_FUNCTION_GRAPH_TRACER */ | 3789 | #endif /* CONFIG_FUNCTION_GRAPH_TRACER */ |
| 3790 | 3790 | ||
| @@ -4439,7 +4439,7 @@ static const struct file_operations ftrace_pid_fops = { | |||
| 4439 | .open = ftrace_pid_open, | 4439 | .open = ftrace_pid_open, |
| 4440 | .write = ftrace_pid_write, | 4440 | .write = ftrace_pid_write, |
| 4441 | .read = seq_read, | 4441 | .read = seq_read, |
| 4442 | .llseek = seq_lseek, | 4442 | .llseek = ftrace_filter_lseek, |
| 4443 | .release = ftrace_pid_release, | 4443 | .release = ftrace_pid_release, |
| 4444 | }; | 4444 | }; |
| 4445 | 4445 | ||
diff --git a/kernel/trace/trace_stack.c b/kernel/trace/trace_stack.c index 42ca822fc701..83a8b5b7bd35 100644 --- a/kernel/trace/trace_stack.c +++ b/kernel/trace/trace_stack.c | |||
| @@ -322,7 +322,7 @@ static const struct file_operations stack_trace_filter_fops = { | |||
| 322 | .open = stack_trace_filter_open, | 322 | .open = stack_trace_filter_open, |
| 323 | .read = seq_read, | 323 | .read = seq_read, |
| 324 | .write = ftrace_filter_write, | 324 | .write = ftrace_filter_write, |
| 325 | .llseek = ftrace_regex_lseek, | 325 | .llseek = ftrace_filter_lseek, |
| 326 | .release = ftrace_regex_release, | 326 | .release = ftrace_regex_release, |
| 327 | }; | 327 | }; |
| 328 | 328 | ||