When granting non-admin users the ability to register and write data to
user events they should have a limit imposed. Using the namespace
options file, operators can change the limit of the events that are
allowed to be created.
There is also a new line in the user_events_status file to let users
know the current limit (and to ask the operator for more if required).
For example, to limit the namespace to only 256 events:
echo user_events_limit=256 > options
>From within the namespace root:
cat user_events_status
...
Limit: 256
Signed-off-by: Beau Belgrave <beaub@xxxxxxxxxxxxxxxxxxx>
---
kernel/trace/trace_events_user.c | 57 +++++++++++++++++++++++++++++---
1 file changed, 52 insertions(+), 5 deletions(-)
diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c
index 9694eee27956..1dc88bbd04f9 100644
--- a/kernel/trace/trace_events_user.c
+++ b/kernel/trace/trace_events_user.c
@@ -41,6 +41,7 @@
#define MAX_PAGES (1 << MAX_PAGE_ORDER)
#define MAX_BYTES (MAX_PAGES * PAGE_SIZE)
#define MAX_EVENTS (MAX_BYTES * 8)
+#define MAX_LIMIT (MAX_EVENTS - 1)
/* Limit how long of an event name plus args within the subsystem. */
#define MAX_EVENT_DESC 512
@@ -85,6 +86,7 @@ struct user_event_group {
DECLARE_BITMAP(page_bitmap, MAX_EVENTS);
refcount_t refcnt;
int id;
+ int reg_limit;
};
static DEFINE_HASHTABLE(group_table, 8);
@@ -252,6 +254,13 @@ static struct user_event_group *user_event_group_create(const char *name,
goto error;
}
+ /*
+ * Register limit is based on available events:
+ * The ABI states event 0 is reserved, so the real max is the amount
+ * of bits in the bitmap minus 1 (the reserved event slot).
+ */
+ group->reg_limit = MAX_LIMIT;
+
group->pages = alloc_pages(GFP_KERNEL | __GFP_ZERO, MAX_PAGE_ORDER);
if (!group->pages)
@@ -1276,8 +1285,7 @@ static int user_event_parse(struct user_event_group *group, char *name,
char *args, char *flags,
struct user_event **newuser)
{
- int ret;
- int index;
+ int ret, index, limit;
u32 key;
struct user_event *user;
@@ -1296,9 +1304,16 @@ static int user_event_parse(struct user_event_group *group, char *name,
return 0;
}
- index = find_first_zero_bit(group->page_bitmap, MAX_EVENTS);
+ /*
+ * 0 is a reserved bit, so the real limit needs to be one higher.
+ * An example of this is a limit of 1, bit 0 is always set. To make
+ * this work, the limit must be 2 in this case (bit 1 will be set).
+ */
+ limit = min(group->reg_limit + 1, (int)MAX_EVENTS);
+
+ index = find_first_zero_bit(group->page_bitmap, limit);
- if (index == MAX_EVENTS)
+ if (index == limit)
return -EMFILE;
user = kzalloc(sizeof(*user), GFP_KERNEL);
@@ -1831,6 +1846,7 @@ static int user_seq_show(struct seq_file *m, void *p)
seq_printf(m, "Active: %d\n", active);
seq_printf(m, "Busy: %d\n", busy);
seq_printf(m, "Max: %ld\n", MAX_EVENTS);
+ seq_printf(m, "Limit: %d\n", group->reg_limit);
return 0;
}
@@ -2010,13 +2026,44 @@ static int user_event_ns_remove(struct trace_namespace *ns)
return ret;
}
+#define NS_EVENT_LIMIT_PREFIX "user_events_limit="
+
static int user_event_ns_parse(struct trace_namespace *ns, const char *command)
{
- return -ECANCELED;
+ struct user_event_group *group = user_event_group_find(ns->id);
+ int len, value, ret = -ECANCELED;
+
+ if (!group)
+ return -ECANCELED;
+
+ len = str_has_prefix(command, NS_EVENT_LIMIT_PREFIX);
+ if (len && !kstrtouint(command + len, 0, &value)) {
+ if (value <= 0 || value > MAX_LIMIT) {
+ ret = -EINVAL;
+ goto out;
+ }
+
+ group->reg_limit = value;
+ ret = 0;
+ goto out;
+ }
+out:
+ user_event_group_release(group);
+
+ return ret;
}
static int user_event_ns_show(struct trace_namespace *ns, struct seq_file *m)
{
+ struct user_event_group *group = user_event_group_find(ns->id);
+
+ if (!group)
+ return 0;
+
+ seq_printf(m, "%s%d\n", NS_EVENT_LIMIT_PREFIX, group->reg_limit);
+
+ user_event_group_release(group);
+
return 0;
}
--
2.25.1
|