From 2792781482a58865c7504100d8c1ba6db41193d1 Mon Sep 17 00:00:00 2001 From: Mathieu Desnoyers Date: Mon, 22 Mar 2021 16:59:38 -0400 Subject: [PATCH] ABI refactoring: sequence and array of text: copy input as string Within the lttng-modules writeback instrumentation, which exposes a tracepoint probe API similar to LTTng-UST, we had a long standing issue where a fixed-size array of text was used to copy a string input into the trace. This is fine as long as the input string is actually backed by a fixed-size array, but if the input string is variable-size, and may be smaller than the array size, this led to out-of-bound memory reads beyond the input string NULL terminating character. Change the behavior of the array/sequence of text to stop copying the input as soon as the array/sequence size limit (-1) or the input's NULL terminating character is found, and add zeroed padding for the rest of the array/sequence within the ring buffer. Signed-off-by: Mathieu Desnoyers Change-Id: Icc3f31c12bdd8018e5e4b7ea146fe842371054d6 --- include/lttng/ust-events.h | 2 ++ include/lttng/ust-tracepoint-event.h | 12 +++++++++--- liblttng-ust/lttng-ring-buffer-client.h | 8 ++++++++ 3 files changed, 19 insertions(+), 3 deletions(-) diff --git a/include/lttng/ust-events.h b/include/lttng/ust-events.h index e8e4bf2c..8568d4bd 100644 --- a/include/lttng/ust-events.h +++ b/include/lttng/ust-events.h @@ -451,6 +451,8 @@ struct lttng_ust_channel_ops { const void *src, size_t len); void (*event_strcpy)(struct lttng_ust_lib_ring_buffer_ctx *ctx, const char *src, size_t len); + void (*event_strcpy_pad)(struct lttng_ust_lib_ring_buffer_ctx *ctx, + const char *src, size_t len); /* End of base ABI. Fields below should be used after checking struct_size. */ }; diff --git a/include/lttng/ust-tracepoint-event.h b/include/lttng/ust-tracepoint-event.h index 9066e495..22c97438 100644 --- a/include/lttng/ust-tracepoint-event.h +++ b/include/lttng/ust-tracepoint-event.h @@ -704,7 +704,10 @@ size_t __event_get_align__##_provider##___##_name(_TP_ARGS_PROTO(_args)) \ #define _ctf_array_encoded(_type, _item, _src, _byte_order, _length, \ _encoding, _nowrite, _elem_type_base) \ lib_ring_buffer_align_ctx(&__ctx, lttng_alignof(_type)); \ - __chan->ops->event_write(&__ctx, _src, sizeof(_type) * (_length)); + if (lttng_ust_string_encoding_##_encoding == lttng_ust_string_encoding_none) \ + __chan->ops->event_write(&__ctx, _src, sizeof(_type) * (_length)); \ + else \ + __chan->ops->event_strcpy_pad(&__ctx, (const char *) (_src), _length); \ #undef _ctf_sequence_encoded #define _ctf_sequence_encoded(_type, _item, _src, _byte_order, _length_type, \ @@ -715,8 +718,11 @@ size_t __event_get_align__##_provider##___##_name(_TP_ARGS_PROTO(_args)) \ __chan->ops->event_write(&__ctx, &__tmpl, sizeof(_length_type));\ } \ lib_ring_buffer_align_ctx(&__ctx, lttng_alignof(_type)); \ - __chan->ops->event_write(&__ctx, _src, \ - sizeof(_type) * __get_dynamic_len(dest)); + if (lttng_ust_string_encoding_##_encoding == lttng_ust_string_encoding_none) \ + __chan->ops->event_write(&__ctx, _src, \ + sizeof(_type) * __get_dynamic_len(dest)); \ + else \ + __chan->ops->event_strcpy_pad(&__ctx, (const char *) (_src), __get_dynamic_len(dest)); \ #undef _ctf_string #define _ctf_string(_item, _src, _nowrite) \ diff --git a/liblttng-ust/lttng-ring-buffer-client.h b/liblttng-ust/lttng-ring-buffer-client.h index 73f3deb8..32b812d5 100644 --- a/liblttng-ust/lttng-ring-buffer-client.h +++ b/liblttng-ust/lttng-ring-buffer-client.h @@ -763,6 +763,13 @@ void lttng_event_strcpy(struct lttng_ust_lib_ring_buffer_ctx *ctx, const char *s lib_ring_buffer_strcpy(&client_config, ctx, src, len, '#'); } +static +void lttng_event_strcpy_pad(struct lttng_ust_lib_ring_buffer_ctx *ctx, + const char *src, size_t len) +{ + lib_ring_buffer_strcpy(&client_config, ctx, src, len, '\0'); +} + #if 0 static wait_queue_head_t *lttng_get_reader_wait_queue(struct lttng_ust_lib_ring_buffer_channel *chan) @@ -826,6 +833,7 @@ static struct lttng_transport lttng_relay_transport = { .event_commit = lttng_event_commit, .event_write = lttng_event_write, .event_strcpy = lttng_event_strcpy, + .event_strcpy_pad = lttng_event_strcpy_pad, }, .client_config = &client_config, }; -- 2.34.1