Re: [PATCH 3/3] tracing/filters: Support filtering for char *strings

[Steven Rostedt]

On Fri, 7 Aug 2009, Li Zefan wrote:

> >>  	if (is_string_field(field)) {
> >> +		pred->str_len = field->size;
> >> +
> >>  		if (field->filter_type == FILTER_STATIC_STRING)
> >>  			fn = filter_pred_string;
> >> -		else
> >> +		else if (field->filter_type == FILTER_DYN_STRING)
> >>  			fn = filter_pred_strloc;
> >> -		pred->str_len = field->size;
> >> +		else {
> >> +			fn = filter_pred_pchar;
> >> +			pred->str_len = strlen(pred->str_val);
> >> +		}
> > 
> > I'm a little dense here, where do we protect against someone making a 
> > tracepoint that points to unsafe data?
> > 
> 
> We can't prevent anyone from doing insane things deliberately, but
> we prevent from doing wrong things unconsciously.
> 
> Only if a TRACE_EVENT has a field defined as:
> 
> 	__field_ext(char *, name, FILTER_PTR_STR)
> 
> Here using FILTER_PTR_STR explicitly, he should know what he's doing.
> 
> Anyway, he can make a ptr pointing to unsafe data this way:
> 
> 	TP_STRUCT__entry(
> 		__field(char *, name)
> 	)
> 	TP_printk("%s", name)

I guess the thing I'm missing is what's the difference of the two? Why 
would a developer use __field_ext instead of doing it the unsafe way of 
just __field?

I guess I don't see the developer doing something wrong unconsciously. 
Well maybe I don't see this making the developer do it right 
unconsciously.

What protection is this giving us?

-- Steve

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/