[PATCH v1 2/6] SUNRPC: Fix the svc_deferred_event trace class

Chuck Lever <chuck.lever@xxxxxxxxxx> · Mon, 04 Apr 2022 14:09:10 -0400

Fix a NULL deref crash that occurs when an svc_rqst is deferred
while the sunrpc tracing subsystem is enabled.

svc_revisit() sets dr->xprt to NULL, so it can't be relied upon in
the tracepoint to provide the remote's address. Commit ece200ddd54b
("sunrpc: Save remote presentation address in svc_xprt for trace
events") changed these tracepoints to use the transport's pre-
formatted address string in the transport, but clearly that will not
work here. Change the tracepoints back to using the
svc_deferred_req::addr field. User space support for the %pI format
specifier is in the pipeline and should be available soon.

Note that older kernels suffer from this issue, however:
- It won't crash if sunrpc tracing is not enabled
- Deferred requests are quite rare
- __sockaddr() and friends are available only in v5.18 and newer
- This code has churned quite a bit in the past 2-3 years, so each
  stable kernel would likely need its own variant of the fix
- A mechanism to test such fixes is available only later in this
  patch series

Thus I don't currently view this fix as a high priority for stable.
However, if someone is motivated, a specific fix that applies to any
recent stable kernel should not be difficult to construct and test.

Signed-off-by: Chuck Lever <chuck.lever@xxxxxxxxxx>
---
 include/trace/events/sunrpc.h |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/include/trace/events/sunrpc.h b/include/trace/events/sunrpc.h
index 0f34f13ebd55..de099ca585d7 100644
--- a/include/trace/events/sunrpc.h
+++ b/include/trace/events/sunrpc.h
@@ -2016,18 +2016,18 @@ DECLARE_EVENT_CLASS(svc_deferred_event,
 	TP_STRUCT__entry(
 		__field(const void *, dr)
 		__field(u32, xid)
-		__string(addr, dr->xprt->xpt_remotebuf)
+		__sockaddr(addr, dr->addrlen)
 	),
 
 	TP_fast_assign(
 		__entry->dr = dr;
 		__entry->xid = be32_to_cpu(*(__be32 *)(dr->args +
 						       (dr->xprt_hlen>>2)));
-		__assign_str(addr, dr->xprt->xpt_remotebuf);
+		__assign_sockaddr(addr, &dr->addr, dr->addrlen);
 	),
 
-	TP_printk("addr=%s dr=%p xid=0x%08x", __get_str(addr), __entry->dr,
-		__entry->xid)
+	TP_printk("addr=%pISpc dr=%p xid=0x%08x", __get_sockaddr(addr),
+		__entry->dr, __entry->xid)
 );
 
 #define DEFINE_SVC_DEFERRED_EVENT(name) \








