From 949d9866a17970ac52f7f975a5ebb2202457a179 Mon Sep 17 00:00:00 2001 From: Steven Rostedt Date: Wed, 8 Sep 2010 11:20:37 -0400 Subject: [PATCH] tracing: Do not allow llseek to set_ftrace_filter commit dc7dde7adbc57b7461b4b1302c94fe31699f60e2 in tip. Reading the file set_ftrace_filter does three things. 1) shows whether or not filters are set for the function tracer 2) shows what functions are set for the function tracer 3) shows what triggers are set on any functions 3 is independent from 1 and 2. The way this file currently works is that it is a state machine, and as you read it, it may change state. But this assumption breaks when you use lseek() on the file. The state machine gets out of sync and the t_show() may use the wrong pointer and cause a kernel oops. Luckily, this will only kill the app that does the lseek, but the app dies while holding a mutex. This prevents anyone else from using the set_ftrace_filter file (or any other function tracing file for that matter). A real fix for this is to rewrite the code, but that is too much for a -rc release or stable. This patch simply disables llseek on the set_ftrace_filter() file for now, and we can do the proper fix for the next major release. Reported-by: Robert Swiecki Cc: Chris Wright Cc: Tavis Ormandy Cc: Eugene Teo Cc: vendor-sec@lst.de Cc: Signed-off-by: Steven Rostedt Signed-off-by: Paul Gortmaker --- kernel/trace/ftrace.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index a05e769..4fa9f57 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -2389,7 +2389,7 @@ static const struct file_operations ftrace_filter_fops = { .open = ftrace_filter_open, .read = seq_read, .write = ftrace_filter_write, - .llseek = ftrace_regex_lseek, + .llseek = no_llseek, .release = ftrace_filter_release, }; -- 1.7.0.4