Re: [RFC PATCH v1] tracing: Fix syscall tracepoint use-after-free

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 2024-10-26 03:13, Steven Rostedt wrote:

On Fri, 25 Oct 2024 15:38:48 -0400
Mathieu Desnoyers <mathieu.desnoyers@xxxxxxxxxxxx> wrote:


I'm curious if it might be better to add some field to struct
tracepoint like "sleepable" rather than adding a special case here
based on the name? Of course, if it's only ever going to be these
two cases then maybe adding a new field doesn't make sense.


I know Steven is reluctant to bloat the tracepoint struct because there
are lots of tracepoint instances (thousands). So for now I thought that
just comparing the name would be a good start.


You are correct. I really trying to keep the footprint of
tracepoints/events down.



We can eventually go a different route as well: introduce a section just
to put the syscall tracepoints, and compare the struct tracepoint
pointers to the section begin/end range. But it's rather complex
for what should remain a simple fix.


A separate section could work.


I have another approach to suggest: it shrinks the
size of struct tracepoint from 80 bytes down to 72 bytes
on x86-64, we don't have to do any section/linker
script trickery, and it's extensible for future flags:

struct static_key {
        int enabled;
        void *p;
};

struct static_key_false {
        struct static_key key;
};

struct static_call_key {
        void *func;
        void *p;
};

struct tracepoint {
        const char *name;               /* Tracepoint name */
        struct static_key_false key;
        struct static_call_key *static_call_key;
        void *static_call_tramp;
        void *iterator;
        void *probestub;
        void *funcs;
        /* Flags. */
        unsigned int regfunc:1,
                     syscall:1;
};

struct tracepoint_regfunc {
        struct tracepoint tp;
        int (*regfunc)(void);
        void (*unregfunc)(void);
};

Basically, a tracepoint with regfunc would define a
struct tracepoint_regfunc rather than a struct tracepoint.
So we remove both regfunc and unregfunc NULL pointers in
the common case, which gives us plenty of room for flags.

When we want to access the regfunc/unregfunc from
a struct tracepoint, we check the regfunc flag, and
if set, we can use container_of() to get the struct
tracepoint_regfunc.

Thoughts ?

Thanks,

Mathieu

--
Mathieu Desnoyers
EfficiOS Inc.
https://www.efficios.com
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux