Re: [PATCH 1/2] trace-cmd: Enable kptr_restrict

Steven Rostedt <rostedt@xxxxxxxxxxx> · Mon, 11 Nov 2019 17:47:54 -0500

Hi Vincent!

On Thu,  7 Nov 2019 10:51:05 +0000
vincent.donnefort@xxxxxxx wrote:

> From: Vincent Donnefort <vincent.donnefort@xxxxxxx>
> 
> kptr_restrict might prevent trace-cmd from accessing /proc/kallsyms,
> leading to a trace without the kernel function names resolved.
> 
> Signed-off-by: Vincent Donnefort <vincent.donnefort@xxxxxxx>
> 
> diff --git a/lib/trace-cmd/trace-output.c b/lib/trace-cmd/trace-output.c
> index 41932ee..3c4f306 100644
> --- a/lib/trace-cmd/trace-output.c
> +++ b/lib/trace-cmd/trace-output.c
> @@ -674,6 +674,39 @@ static int read_event_files(struct tracecmd_output *handle,
>  	return ret;
>  }
>  
> +static void set_proc_kptr_restrict(int reset)
> +{
> +	char *path = "/proc/sys/kernel/kptr_restrict";

I believe this is a relatively new file. We should do a stat to see if
it exists, and if it does not, simply fail silently. I don't think we
want to give a warning if the file doesn't exist because the kernel
doesn't have it.

> +	static char saved = 'X';
> +	int fd, ret = -1;
> +	char buf;
> +
> +	fd = open(path, O_RDONLY);
> +	if (fd < 0)
> +		goto err;
> +
> +	if (reset) {
> +		buf = saved;
> +	} else {
> +		if (read(fd, &buf, 1) < 0)
> +			goto err;
> +		saved = buf;
> +		buf = '0';
> +	}
> +	close(fd);
> +

Perhaps if reset is true and buf == 'X', we should simply exit, as it
would appear that we never put anything into buf. And probably should
make the 'X' a macro:

#define KPTR_UNINITIALIZED	'X'

	static char saved = KPTR_UNINITIALIZED;

[..]

	if (reset && buf == KPTR_UNINITIALIZED)
		return;

-- Steve

> +	fd = open(path, O_WRONLY);
> +	if (fd < 0)
> +		goto err;
> +	if (write(fd, &buf, 1) > 0)
> +		ret = 0;
> +err:
> +	if (fd > 0)
> +		close(fd);
> +	if (ret)
> +		warning("can't set kptr_restrict");
> +}
> +
>  static int read_proc_kallsyms(struct tracecmd_output *handle,
>  			      const char *kallsyms)
>  {
> @@ -698,12 +731,16 @@ static int read_proc_kallsyms(struct tracecmd_output *handle,
>  	endian4 = convert_endian_4(handle, size);
>  	if (do_write_check(handle, &endian4, 4))
>  		return -1;
> +
> +	set_proc_kptr_restrict(0);
>  	check_size = copy_file(handle, path);
>  	if (size != check_size) {
>  		errno = EINVAL;
>  		warning("error in size of file '%s'", path);
> +		set_proc_kptr_restrict(1);
>  		return -1;
>  	}
> +	set_proc_kptr_restrict(1);
>  
>  	return 0;
>  }