From 7d2faa990979bc57cbf35159ece66795d6c37df4 Mon Sep 17 00:00:00 2001
From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Date: Fri, 5 Feb 2021 16:21:47 -0500
Subject: [PATCH] Fix: writeback: out-of-bound reads

Use ctf_string rather than ctf_array_text for name fields, because the
source strings are not guaranteed to be at least 32 bytes.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
---
 .../events/lttng-module/writeback.h           | 76 +++++++++----------
 1 file changed, 38 insertions(+), 38 deletions(-)

diff --git a/instrumentation/events/lttng-module/writeback.h b/instrumentation/events/lttng-module/writeback.h
index c8460965..d973007e 100644
--- a/instrumentation/events/lttng-module/writeback.h
+++ b/instrumentation/events/lttng-module/writeback.h
@@ -81,8 +81,8 @@ LTTNG_TRACEPOINT_EVENT(writeback_dirty_page,
 	TP_PROTO(struct page *page, struct address_space *mapping),
 	TP_ARGS(page, mapping),
 	TP_FIELDS(
-		ctf_array_text(char, name,
-			mapping ? dev_name(lttng_inode_to_bdi(mapping->host)->dev) : "(unknown)", 32)
+		ctf_string(name,
+			mapping ? dev_name(lttng_inode_to_bdi(mapping->host)->dev) : "(unknown)")
 		ctf_integer(unsigned long, ino, mapping ? mapping->host->i_ino : 0)
 		ctf_integer(pgoff_t, index, page->index)
 	)
@@ -93,9 +93,9 @@ LTTNG_TRACEPOINT_EVENT_CLASS(writeback_dirty_inode_template,
 	TP_ARGS(inode, flags),
 	TP_FIELDS(
 		/* may be called for files on pseudo FSes w/ unregistered bdi */
-		ctf_array_text(char, name,
+		ctf_string(name,
 			lttng_inode_to_bdi(inode)->dev ?
-				dev_name(lttng_inode_to_bdi(inode)->dev) : "(unknown)", 32)
+				dev_name(lttng_inode_to_bdi(inode)->dev) : "(unknown)")
 		ctf_integer(unsigned long, ino, inode->i_ino)
 		ctf_integer(unsigned long, state, inode->i_state)
 		ctf_integer(unsigned long, flags, flags)
@@ -113,8 +113,8 @@ LTTNG_TRACEPOINT_EVENT_CLASS(writeback_write_inode_template,
 	TP_PROTO(struct inode *inode, struct writeback_control *wbc),
 	TP_ARGS(inode, wbc),
 	TP_FIELDS(
-		ctf_array_text(char, name,
-			dev_name(lttng_inode_to_bdi(inode)->dev), 32)
+		ctf_string(name,
+			dev_name(lttng_inode_to_bdi(inode)->dev))
 		ctf_integer(unsigned long, ino, inode->i_ino)
 		ctf_integer(int, sync_mode, wbc->sync_mode)
 	)
@@ -133,8 +133,8 @@ LTTNG_TRACEPOINT_EVENT(writeback_dirty_page,
 	TP_PROTO(struct page *page, struct address_space *mapping),
 	TP_ARGS(page, mapping),
 	TP_FIELDS(
-		ctf_array_text(char, name,
-			mapping ? dev_name(mapping->backing_dev_info->dev) : "(unknown)", 32)
+		ctf_string(name,
+			mapping ? dev_name(mapping->backing_dev_info->dev) : "(unknown)")
 		ctf_integer(unsigned long, ino, mapping ? mapping->host->i_ino : 0)
 		ctf_integer(pgoff_t, index, page->index)
 	)
@@ -145,10 +145,10 @@ LTTNG_TRACEPOINT_EVENT_CLASS(writeback_dirty_inode_template,
 	TP_ARGS(inode, flags),
 	TP_FIELDS(
 		/* may be called for files on pseudo FSes w/ unregistered bdi */
-		ctf_array_text(char, name,
+		ctf_string(name,
 			inode->i_mapping->backing_dev_info->dev ?
 				dev_name(inode->i_mapping->backing_dev_info->dev)
-				: "(unknown)", 32)
+				: "(unknown)")
 		ctf_integer(unsigned long, ino, inode->i_ino)
 		ctf_integer(unsigned long, flags, flags)
 	)
@@ -164,8 +164,8 @@ LTTNG_TRACEPOINT_EVENT_CLASS(writeback_write_inode_template,
 	TP_PROTO(struct inode *inode, struct writeback_control *wbc),
 	TP_ARGS(inode, wbc),
 	TP_FIELDS(
-		ctf_array_text(char, name,
-			dev_name(inode->i_mapping->backing_dev_info->dev), 32)
+		ctf_string(name,
+			dev_name(inode->i_mapping->backing_dev_info->dev))
 		ctf_integer(unsigned long, ino, inode->i_ino)
 		ctf_integer(int, sync_mode, wbc->sync_mode)
 	)
@@ -186,8 +186,8 @@ LTTNG_TRACEPOINT_EVENT_CLASS(writeback_work_class,
 	TP_PROTO(struct bdi_writeback *wb, struct wb_writeback_work *work),
 	TP_ARGS(wb, work),
 	TP_FIELDS(
-		ctf_array_text(char, name, wb->bdi->dev ? dev_name(wb->bdi->dev) :
-				"(unknown)", 32)
+		ctf_string(name, wb->bdi->dev ? dev_name(wb->bdi->dev) :
+				"(unknown)")
 	)
 )
 
@@ -197,8 +197,8 @@ LTTNG_TRACEPOINT_EVENT_CLASS(writeback_work_class,
 	TP_PROTO(struct backing_dev_info *bdi, struct wb_writeback_work *work),
 	TP_ARGS(bdi, work),
 	TP_FIELDS(
-		ctf_array_text(char, name, bdi->dev ? dev_name(bdi->dev) :
-				"(unknown)", 32)
+		ctf_string(name, bdi->dev ? dev_name(bdi->dev) :
+				"(unknown)")
 	)
 )
 
@@ -208,9 +208,9 @@ LTTNG_TRACEPOINT_EVENT_CLASS(writeback_work_class,
 	TP_PROTO(struct backing_dev_info *bdi, struct wb_writeback_work *work),
 	TP_ARGS(bdi, work),
 	TP_FIELDS(
-		ctf_array_text(char, name,
+		ctf_string(name,
 			dev_name(bdi->dev ? bdi->dev :
-				default_backing_dev_info.dev), 32)
+				default_backing_dev_info.dev))
 	)
 )
 
@@ -255,8 +255,8 @@ LTTNG_TRACEPOINT_EVENT_CLASS(writeback_class,
 	TP_PROTO(struct bdi_writeback *wb),
 	TP_ARGS(wb),
 	TP_FIELDS(
-		ctf_array_text(char, name,
-			dev_name(wb->bdi->dev), 32)
+		ctf_string(name,
+			dev_name(wb->bdi->dev))
 	)
 )
 
@@ -275,8 +275,8 @@ LTTNG_TRACEPOINT_EVENT(writeback_bdi_register,
 	TP_PROTO(struct backing_dev_info *bdi),
 	TP_ARGS(bdi),
 	TP_FIELDS(
-		ctf_array_text(char, name,
-			dev_name(bdi->dev), 32)
+		ctf_string(name,
+			dev_name(bdi->dev))
 	)
 )
 
@@ -286,8 +286,8 @@ LTTNG_TRACEPOINT_EVENT_CLASS(writeback_class,
 	TP_PROTO(struct backing_dev_info *bdi),
 	TP_ARGS(bdi),
 	TP_FIELDS(
-		ctf_array_text(char, name,
-			dev_name(bdi->dev), 32)
+		ctf_string(name,
+			dev_name(bdi->dev))
 	)
 )
 
@@ -328,7 +328,7 @@ LTTNG_TRACEPOINT_EVENT_MAP(balance_dirty_written,
 	TP_ARGS(bdi, written),
 
 	TP_FIELDS(
-		ctf_array_text(char, name, dev_name(bdi->dev), 32)
+		ctf_string(name, dev_name(bdi->dev))
 		ctf_integer(int, written, written)
 	)
 )
@@ -338,7 +338,7 @@ LTTNG_TRACEPOINT_EVENT_CLASS(writeback_wbc_class,
 	TP_PROTO(struct writeback_control *wbc, struct backing_dev_info *bdi),
 	TP_ARGS(wbc, bdi),
 	TP_FIELDS(
-		ctf_array_text(char, name, dev_name(bdi->dev), 32)
+		ctf_string(name, dev_name(bdi->dev))
 		ctf_integer(long, nr_to_write, wbc->nr_to_write)
 		ctf_integer(long, pages_skipped, wbc->pages_skipped)
 		ctf_integer(int, sync_mode, wbc->sync_mode)
@@ -386,7 +386,7 @@ LTTNG_TRACEPOINT_EVENT(writeback_queue_io,
 		 int moved),
 	TP_ARGS(wb, work, dirtied_before, moved),
 	TP_FIELDS(
-		ctf_array_text(char, name, dev_name(wb->bdi->dev), 32)
+		ctf_string(name, dev_name(wb->bdi->dev))
 		ctf_integer(unsigned long, older, dirtied_before)
 		ctf_integer(int, moved, moved)
 	)
@@ -398,7 +398,7 @@ LTTNG_TRACEPOINT_EVENT(writeback_queue_io,
 		 int moved),
 	TP_ARGS(wb, work, moved),
 	TP_FIELDS(
-		ctf_array_text(char, name, dev_name(wb->bdi->dev), 32)
+		ctf_string(name, dev_name(wb->bdi->dev))
 		ctf_integer(int, moved, moved)
 	)
 )
@@ -409,7 +409,7 @@ LTTNG_TRACEPOINT_EVENT(writeback_queue_io,
 		 int moved),
 	TP_ARGS(wb, older_than_this, moved),
 	TP_FIELDS(
-		ctf_array_text(char, name, dev_name(wb->bdi->dev), 32)
+		ctf_string(name, dev_name(wb->bdi->dev))
 		ctf_integer(unsigned long, older,
 			older_than_this ? *older_than_this : 0)
 		ctf_integer(long, age,
@@ -488,7 +488,7 @@ LTTNG_TRACEPOINT_EVENT_MAP(bdi_dirty_ratelimit,
 	TP_ARGS(wb, dirty_rate, task_ratelimit),
 
 	TP_FIELDS(
-		ctf_array_text(char, bdi, dev_name(wb->bdi->dev), 32)
+		ctf_string(bdi, dev_name(wb->bdi->dev))
 		ctf_integer(unsigned long, write_bw, KBps(wb->bdi->wb.write_bandwidth))
 		ctf_integer(unsigned long, avg_write_bw, KBps(wb->bdi->wb.avg_write_bandwidth))
 		ctf_integer(unsigned long, dirty_rate, KBps(dirty_rate))
@@ -512,7 +512,7 @@ LTTNG_TRACEPOINT_EVENT_MAP(bdi_dirty_ratelimit,
 	TP_ARGS(bdi, dirty_rate, task_ratelimit),
 
 	TP_FIELDS(
-		ctf_array_text(char, bdi, dev_name(bdi->dev), 32)
+		ctf_string(bdi, dev_name(bdi->dev))
 		ctf_integer(unsigned long, write_bw, KBps(bdi->wb.write_bandwidth))
 		ctf_integer(unsigned long, avg_write_bw, KBps(bdi->wb.avg_write_bandwidth))
 		ctf_integer(unsigned long, dirty_rate, KBps(dirty_rate))
@@ -536,7 +536,7 @@ LTTNG_TRACEPOINT_EVENT_MAP(bdi_dirty_ratelimit,
 	TP_ARGS(bdi, dirty_rate, task_ratelimit),
 
 	TP_FIELDS(
-		ctf_array_text(char, bdi, dev_name(bdi->dev), 32)
+		ctf_string(bdi, dev_name(bdi->dev))
 		ctf_integer(unsigned long, write_bw, KBps(bdi->write_bandwidth))
 		ctf_integer(unsigned long, avg_write_bw, KBps(bdi->avg_write_bandwidth))
 		ctf_integer(unsigned long, dirty_rate, KBps(dirty_rate))
@@ -574,7 +574,7 @@ LTTNG_TRACEPOINT_EVENT_MAP(balance_dirty_pages,
 	),
 
 	TP_FIELDS(
-		ctf_array_text(char, bdi, dev_name(wb->bdi->dev), 32)
+		ctf_string(bdi, dev_name(wb->bdi->dev))
 		ctf_integer(unsigned long, limit, global_dirty_limit)
 		ctf_integer(unsigned long, setpoint,
 			(global_dirty_limit + (thresh + bg_thresh) / 2) / 2)
@@ -632,7 +632,7 @@ LTTNG_TRACEPOINT_EVENT_MAP(balance_dirty_pages,
 	),
 
 	TP_FIELDS(
-		ctf_array_text(char, bdi, dev_name(bdi->dev), 32)
+		ctf_string(bdi, dev_name(bdi->dev))
 		ctf_integer(unsigned long, limit, global_dirty_limit)
 		ctf_integer(unsigned long, setpoint,
 			(global_dirty_limit + (thresh + bg_thresh) / 2) / 2)
@@ -671,8 +671,8 @@ LTTNG_TRACEPOINT_EVENT(writeback_sb_inodes_requeue,
 	TP_ARGS(inode),
 
 	TP_FIELDS(
-		ctf_array_text(char, name,
-			dev_name(lttng_inode_to_bdi(inode)->dev), 32)
+		ctf_string(name,
+			dev_name(lttng_inode_to_bdi(inode)->dev))
 		ctf_integer(unsigned long, ino, inode->i_ino)
 		ctf_integer(unsigned long, state, inode->i_state)
 		ctf_integer(unsigned long, dirtied_when, inode->dirtied_when)
@@ -719,8 +719,8 @@ LTTNG_TRACEPOINT_EVENT_CLASS(writeback_single_inode_template,
 	TP_ARGS(inode, wbc, nr_to_write),
 
 	TP_FIELDS(
-		ctf_array_text(char, name,
-			dev_name(lttng_inode_to_bdi(inode)->dev), 32)
+		ctf_string(name,
+			dev_name(lttng_inode_to_bdi(inode)->dev))
 		ctf_integer(unsigned long, ino, inode->i_ino)
 		ctf_integer(unsigned long, state, inode->i_state)
 		ctf_integer(unsigned long, dirtied_when, inode->dirtied_when)
-- 
2.34.1