1
linux/kernel/trace
Hendrik Brueckner cd0980fc8a tracing: Check invalid syscall nr while tracing syscalls
Most arch syscall_get_nr() implementations returns -1 if the syscall
number is not valid.  Accessing the bit field without a check might
result in a kernel oops (at least I saw it on s390 for ftrace selftest).

Before this change, this problem did not occur, because the invalid
syscall number (-1) caused syscall_nr_to_meta() to return NULL.

There are at least two scenarios where syscall_get_nr() can return -1:

1. For example, ptrace stores an invalid syscall number, and thus,
   tracing code resets it.
   (see do_syscall_trace_enter in arch/s390/kernel/ptrace.c)

2. The syscall_regfunc() (kernel/tracepoint.c) sets the
   TIF_SYSCALL_FTRACE (now: TIF_SYSCALL_TRACEPOINT) flag for all threads
   which include kernel threads.
   However, the ftrace selftest triggers a kernel oops when testing
   syscall trace points:
      - The kernel thread is started as ususal (do_fork()),
      - tracing code sets TIF_SYSCALL_FTRACE,
      - the ret_from_fork() function is triggered and starts
	ftrace_syscall_exit() with an invalid syscall number.

To avoid these scenarios, I suggest to check the syscall_nr.

For instance, the ftrace selftest fails for s390 (with config option
CONFIG_FTRACE_SYSCALLS set) and produces the following kernel oops.

Unable to handle kernel pointer dereference at virtual kernel address 2000000000

Oops: 0038 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 Not tainted 2.6.31-rc6-next-20090819-dirty #18
Process kthreadd (pid: 818, task: 000000003ea207e8, ksp: 000000003e813eb8)
Krnl PSW : 0704100180000000 00000000000ea54c (ftrace_syscall_exit+0x58/0xdc)
           R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:0 CC:1 PM:0 EA:3
Krnl GPRS: 0000000000000000 00000000000e0000 ffffffffffffffff 20000000008c2650
           0000000000000007 0000000000000000 0000000000000000 0000000000000000
           0000000000000000 0000000000000000 ffffffffffffffff 000000003e813d78
           000000003e813f58 0000000000505ba8 000000003e813e18 000000003e813d78
Krnl Code: 00000000000ea540: e330d0000008       ag      %r3,0(%r13)
           00000000000ea546: a7480007           lhi     %r4,7
           00000000000ea54a: 1442               nr      %r4,%r2
          >00000000000ea54c: e31030000090       llgc    %r1,0(%r3)
           00000000000ea552: 5410d008           n       %r1,8(%r13)
           00000000000ea556: 8a104000           sra     %r1,0(%r4)
           00000000000ea55a: 5410d00c           n       %r1,12(%r13)
           00000000000ea55e: 1211               ltr     %r1,%r1
Call Trace:
([<0000000000000000>] 0x0)
 [<000000000001fa22>] do_syscall_trace_exit+0x132/0x18c
 [<000000000002d0c4>] sysc_return+0x0/0x8
 [<000000000001c738>] kernel_thread_starter+0x0/0xc
Last Breaking-Event-Address:
 [<00000000000ea51e>] ftrace_syscall_exit+0x2a/0xdc

Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Acked-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Jason Baron <jbaron@redhat.com>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Lai Jiangshan <laijs@cn.fujitsu.com>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@polymtl.ca>
Cc: Jiaying Zhang <jiayingz@google.com>
Cc: Martin Bligh <mbligh@google.com>
Cc: Li Zefan <lizf@cn.fujitsu.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Paul Mundt <lethal@linux-sh.org>
LKML-Reference: <20090825125027.GE4639@cetus.boeblingen.de.ibm.com>
Signed-off-by: Frederic Weisbecker <fweisbec@gmail.com>
2009-08-26 21:29:48 +02:00
..
blktrace.c headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
ftrace.c ftrace: Simplify seqfile code 2009-08-17 11:25:10 +02:00
Kconfig tracing: Rename FTRACE_SYSCALLS for tracepoints 2009-08-26 00:17:35 +02:00
kmemtrace.c kmemtrace: Rename some functions 2009-07-10 12:09:04 +02:00
Makefile tracing/events: convert block trace points to TRACE_EVENT() 2009-06-09 12:34:23 -04:00
ring_buffer_benchmark.c ring-buffer: have benchmark test print to trace buffer 2009-06-17 17:01:09 -04:00
ring_buffer.c Merge branch 'linus' into tracing/core 2009-08-11 14:19:09 +02:00
trace_boot.c tracing: use macros to denote usec and nsec per second 2009-04-07 14:43:06 +02:00
trace_branch.c Merge branch 'linus' into tracing/core 2009-05-07 11:17:34 +02:00
trace_clock.c tracing: fix four sparse warnings 2009-03-22 18:16:54 +01:00
trace_event_profile.c ftrace: Fix perf-tracepoint OOPS 2009-08-06 06:26:09 +02:00
trace_event_types.h trace_export: Repair missed fields 2009-06-26 20:48:40 +02:00
trace_events_filter.c tracing/filters: Support filtering for char * strings 2009-08-26 00:32:07 -04:00
trace_events.c tracing/filters: Add __field_ext() to TRACE_EVENT 2009-08-26 00:32:06 -04:00
trace_export.c tracing/filters: Add __field_ext() to TRACE_EVENT 2009-08-26 00:32:06 -04:00
trace_functions_graph.c Merge branch 'linus' into tracing/core 2009-08-11 14:19:09 +02:00
trace_functions.c Merge branch 'linus' into tracing/core 2009-07-18 12:20:01 +02:00
trace_hw_branches.c Merge branch 'tracing/hw-branch-tracing' into tracing/core 2009-05-07 13:36:22 +02:00
trace_irqsoff.c
trace_mmiotrace.c tracing: use macros to denote usec and nsec per second 2009-04-07 14:43:06 +02:00
trace_nop.c tracing/ftrace: make nop-tracer use polling wait for events on pipe 2009-03-23 09:22:15 +01:00
trace_output.c tracing: Fix trace_print_seq() 2009-07-02 08:51:13 +02:00
trace_output.h tracing: add protection around module events unload 2009-06-09 17:29:07 -04:00
trace_power.c Merge branch 'linus' into tracing/core 2009-05-07 11:17:34 +02:00
trace_printk.c tracing: show proper address for trace-printk format 2009-07-23 10:07:17 -04:00
trace_sched_switch.c tracing: Move sched event insertion helpers in the sched switch tracer file 2009-08-06 07:28:06 +02:00
trace_sched_wakeup.c tracing/wakeup: move access to wakeup_cpu into spinlock 2009-04-23 23:01:36 -04:00
trace_selftest_dynamic.c
trace_selftest.c tracing/function-graph-tracer: Move graph event insertion helpers in the graph tracer file 2009-08-06 07:28:06 +02:00
trace_stack.c trace_stack: Simplify seqfile code 2009-08-17 11:25:09 +02:00
trace_stat.c trace_stat: Fix missing entry in stat file 2009-08-17 11:25:09 +02:00
trace_stat.h tracing/stat: Add stat_release() callback 2009-07-10 12:14:05 +02:00
trace_syscalls.c tracing: Check invalid syscall nr while tracing syscalls 2009-08-26 21:29:48 +02:00
trace_sysprof.c Merge branch 'timers-for-linus-migration' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2009-06-15 10:06:19 -07:00
trace_workqueue.c tracing/workqueues: Add refcnt to struct cpu_workqueue_stats 2009-07-10 12:14:07 +02:00
trace.c ftrace: Move setting of clock-source out of options 2009-08-26 00:32:08 -04:00
trace.h ftrace: Move setting of clock-source out of options 2009-08-26 00:32:08 -04:00