github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 14:42:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
0f2f2cebe6
linux/include/trace/events
History
David Howells 0f2f2cebe6 rxrpc: Fix oops in tracepoint 
[ Upstream commit 99f0eae653 ]

If the rxrpc_eproto tracepoint is enabled, an oops will be cause by the
trace line that rxrpc_extract_header() tries to emit when a protocol error
occurs (typically because the packet is short) because the call argument is
NULL.

Fix this by using ?: to assume 0 as the debug_id if call is NULL.

This can then be induced by:

	echo -e '\0\0\0\0\0\0\0\0' | ncat -4u --send-only <addr> 20001

where addr has the following program running on it:

	#include <stdio.h>
	#include <stdlib.h>
	#include <string.h>
	#include <unistd.h>
	#include <sys/socket.h>
	#include <arpa/inet.h>
	#include <linux/rxrpc.h>
	int main(void)
	{
		struct sockaddr_rxrpc srx;
		int fd;
		memset(&srx, 0, sizeof(srx));
		srx.srx_family			= AF_RXRPC;
		srx.srx_service			= 0;
		srx.transport_type		= AF_INET;
		srx.transport_len		= sizeof(srx.transport.sin);
		srx.transport.sin.sin_family	= AF_INET;
		srx.transport.sin.sin_port	= htons(0x4e21);
		fd = socket(AF_RXRPC, SOCK_DGRAM, AF_INET6);
		bind(fd, (struct sockaddr *)&srx, sizeof(srx));
		sleep(20);
		return 0;
	}

It results in the following oops.

	BUG: kernel NULL pointer dereference, address: 0000000000000340
	#PF: supervisor read access in kernel mode
	#PF: error_code(0x0000) - not-present page
	...
	RIP: 0010:trace_event_raw_event_rxrpc_rx_eproto+0x47/0xac
	...
	Call Trace:
	 <IRQ>
	 rxrpc_extract_header+0x86/0x171
	 ? rcu_read_lock_sched_held+0x5d/0x63
	 ? rxrpc_new_skb+0xd4/0x109
	 rxrpc_input_packet+0xef/0x14fc
	 ? rxrpc_input_data+0x986/0x986
	 udp_queue_rcv_one_skb+0xbf/0x3d0
	 udp_unicast_rcv_skb.isra.8+0x64/0x71
	 ip_protocol_deliver_rcu+0xe4/0x1b4
	 ip_local_deliver+0xf0/0x154
	 __netif_receive_skb_one_core+0x50/0x6c
	 netif_receive_skb_internal+0x26b/0x2e9
	 napi_gro_receive+0xf8/0x1da
	 rtl8169_poll+0x303/0x4c4
	 net_rx_action+0x10e/0x333
	 __do_softirq+0x1a5/0x38f
	 irq_exit+0x54/0xc4
	 do_IRQ+0xda/0xf8
	 common_interrupt+0xf/0xf
	 </IRQ>
	 ...
	 ? cpuidle_enter_state+0x23c/0x34d
	 cpuidle_enter+0x2a/0x36
	 do_idle+0x163/0x1ea
	 cpu_startup_entry+0x1d/0x1f
	 start_secondary+0x157/0x172
	 secondary_startup_64+0xa4/0xb0

Fixes: a25e21f0bc ("rxrpc, afs: Use debug_ids rather than pointers in traces")
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Marc Dionne <marc.dionne@auristor.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2019-07-26 09:14:15 +02:00
..
9p.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
afs.h afs: Add a tracepoint to record callbacks from unlisted servers 2018-05-14 15:15:18 +01:00
alarmtimer.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
asoc.h ASoC: trace: remove snd_soc_codec 2018-04-16 11:53:35 +01:00
bcache.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
block.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
bridge.h net: bridge: use rhashtable for fdbs 2017-12-13 15:10:01 -05:00
btrfs.h btrfs: Get rid of the confusing btrfs_file_extent_inline_len 2018-08-06 13:12:38 +02:00
cachefiles.h fscache: Add tracepoints 2018-04-04 13:41:27 +01:00
cgroup.h cgroup/tracing: Move taking of spin lock out of trace event handlers 2018-07-11 10:48:47 -07:00
clk.h clk: add duty cycle support 2018-06-19 10:06:29 -07:00
cma.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
compaction.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
context_tracking.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
cpuhp.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
devlink.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
dma_fence.h Tracing updates for 4.15: 2017-11-17 14:58:01 -08:00
ext4.h ext4: force inode writes when nfsd calls commit_metadata() 2019-01-09 17:38:43 +01:00
f2fs.h treewide: remove large struct-pass-by-value from tracepoint arguments 2018-03-28 22:55:18 +02:00
fib.h net: Change the layout of structure trace_event_raw_fib_table_lookup 2018-08-13 09:21:05 -07:00
fib6.h net/ipv6: Udate fib6_table_lookup tracepoint 2018-05-24 23:01:15 -04:00
filelock.h locks: add tracepoint in flock codepath 2018-08-06 13:15:16 -04:00
filemap.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
fs_dax.h libnvdimm for 4.15 2017-11-17 09:51:57 -08:00
fscache.h fscache: Maintain a catalogue of allocated cookies 2018-04-06 14:05:14 +01:00
fsi_master_ast_cf.h fsi: master-ast-cf: Add new FSI master using Aspeed ColdFire 2018-07-23 15:22:52 +10:00
fsi_master_gpio.h fsi: master-gpio: Add more tracepoints 2018-07-12 12:02:31 +10:00
fsi.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
gpio.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
host1x.h gpu: host1x: Remove wait check support 2018-05-18 21:50:04 +02:00
hswadsp.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
huge_memory.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
i2c.h i2c: break out smbus support into separate file 2017-05-31 21:01:03 +02:00
initcall.h tracing: initcall: Ordered comparison of function pointers 2018-04-26 15:02:46 -04:00
intel_ish.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
intel-sst.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
iommu.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ipi.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
irq_matrix.h genirq/matrix: Add tracepoints 2017-09-25 20:38:26 +02:00
irq.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
jbd2.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
kmem.h mm: remove cold parameter from free_hot_cold_page* 2017-11-15 18:21:06 -08:00
kvm.h KVM: Fix stack-out-of-bounds read in write_mmio 2017-12-18 12:57:01 +01:00
libata.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
lock.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mce.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mdio.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
migrate.h mm, sched/numa: Remove rate-limiting of automatic NUMA balancing migration 2018-10-02 11:31:14 +02:00
mmc.h mmc: core: Fix tracepoint print of blk_addr and blksz 2018-03-15 11:15:22 +01:00
mmflags.h Drop a bunch of metag references 2018-02-23 14:29:59 +00:00
module.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
napi.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
net_probe_common.h net: dccp: Add DCCP sendmsg trace event 2018-01-02 14:27:30 -05:00
net.h net: core: unwrap skb list receive slightly further 2018-07-04 14:06:19 +09:00
nilfs2.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nmi.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
oom.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
page_isolation.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
page_ref.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pagemap.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
percpu.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
power_cpu_migrate.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
power.h cpufreq: trace frequency limits change 2018-07-26 10:17:47 +02:00
preemptirq.h tracing: Centralize preemptirq tracepoints and unify their usage 2018-07-31 11:32:27 -04:00
printk.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
qdisc.h qdisc: add tracepoint qdisc:qdisc_dequeue for dequeued SKBs 2017-08-16 14:10:10 -07:00
random.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
rcu.h rcu: Remove CPU-hotplug failsafe from force-quiescent-state code path 2018-07-12 15:39:07 -07:00
rdma.h rdma/ib: Add trace point macros to display human-readable values 2018-01-23 09:44:14 -05:00
regulator.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
rpcrdma.h NFS client updates for Linux 4.18 2018-06-12 10:09:03 -07:00
rpm.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
rseq.h rseq: Introduce restartable sequences system call 2018-06-06 11:58:31 +02:00
rtc.h rtc: Add tracepoints for RTC system 2018-02-13 21:30:22 +01:00
rxrpc.h rxrpc: Fix oops in tracepoint 2019-07-26 09:14:15 +02:00
sched.h sched, trace: Fix prev_state output in sched_switch tracepoint 2018-12-08 12:59:06 +01:00
scsi.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sctp.h net: sctp: Add SCTP ACK tracking trace event 2018-01-02 14:27:29 -05:00
signal.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
siox.h siox: add support for tracing 2017-12-19 10:56:24 +01:00
skb.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
smbus.h i2c: break out smbus support into separate file 2017-05-31 21:01:03 +02:00
sock.h net: expose sk wmem in sock_exceed_buf_limit tracepoint 2018-07-02 22:40:56 +09:00
spi.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
spmi.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sunrpc.h sunrpc: use-after-free in svc_process_common() 2019-01-16 22:04:37 +01:00
sunvnet.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
swiotlb.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
syscalls.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
target.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
task.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
tcp.h tcp: minor optimization around tcp_hdr() usage in receive path 2018-05-31 13:20:47 -04:00
thermal_power_allocator.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
thermal.h cpu_cooling: Drop static-power related stuff 2017-12-07 22:52:01 +01:00
thp.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
timer.h hrtimer: Add clock bases and hrtimer mode for softirq context 2018-01-16 03:00:50 +01:00
tlb.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
udp.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ufs.h scsi: ufs: add trace event for ufs upiu 2018-04-18 23:37:39 -04:00
v4l2.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
vb2.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
vmscan.h mm, vmscan, tracing: use pointer to reclaim_stat struct in trace event 2018-04-11 10:28:30 -07:00
vsock_virtio_transport_common.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
wbt.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
workqueue.h tracing: Add missing forward declaration 2018-04-19 11:05:48 -04:00
writeback.h Merge branch 'for-4.15/block' of git://git.kernel.dk/linux-block 2017-11-14 15:32:19 -08:00
xdp.h bpf: fix redirect to map under tail calls 2018-08-17 15:56:23 -07:00
xen.h tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all} 2018-05-14 17:02:30 -04:00