tracing/filter: Check the created pred tree

Since the filter walks a tree to determine if a match is made or not,
if the tree was incorrectly created, it could cause an infinite loop.

Add a check to walk the entire tree before assigning it as a filter
to make sure the tree is correct.

Cc: Tom Zanussi <tzanussi@gmail.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
This commit is contained in:
Steven Rostedt 2011-01-27 23:14:25 -05:00 committed by Steven Rostedt
parent 5571927418
commit ec126cac23

View File

@ -1358,6 +1358,68 @@ static int count_preds(struct filter_parse_state *ps)
return n_preds; return n_preds;
} }
/*
* The tree is walked at filtering of an event. If the tree is not correctly
* built, it may cause an infinite loop. Check here that the tree does
* indeed terminate.
*/
static int check_pred_tree(struct event_filter *filter,
struct filter_pred *root)
{
struct filter_pred *preds;
struct filter_pred *pred;
enum move_type move = MOVE_DOWN;
int count = 0;
int done = 0;
int max;
/*
* The max that we can hit a node is three times.
* Once going down, once coming up from left, and
* once coming up from right. This is more than enough
* since leafs are only hit a single time.
*/
max = 3 * filter->n_preds;
preds = filter->preds;
if (!preds)
return -EINVAL;
pred = root;
do {
if (WARN_ON(count++ > max))
return -EINVAL;
switch (move) {
case MOVE_DOWN:
if (pred->left != FILTER_PRED_INVALID) {
pred = &preds[pred->left];
continue;
}
/* A leaf at the root is just a leaf in the tree */
if (pred == root)
break;
pred = get_pred_parent(pred, preds,
pred->parent, &move);
continue;
case MOVE_UP_FROM_LEFT:
pred = &preds[pred->right];
move = MOVE_DOWN;
continue;
case MOVE_UP_FROM_RIGHT:
if (pred == root)
break;
pred = get_pred_parent(pred, preds,
pred->parent, &move);
continue;
}
done = 1;
} while (!done);
/* We are fine. */
return 0;
}
static int replace_preds(struct ftrace_event_call *call, static int replace_preds(struct ftrace_event_call *call,
struct event_filter *filter, struct event_filter *filter,
struct filter_parse_state *ps, struct filter_parse_state *ps,
@ -1366,6 +1428,7 @@ static int replace_preds(struct ftrace_event_call *call,
{ {
char *operand1 = NULL, *operand2 = NULL; char *operand1 = NULL, *operand2 = NULL;
struct filter_pred *pred; struct filter_pred *pred;
struct filter_pred *root;
struct postfix_elt *elt; struct postfix_elt *elt;
struct pred_stack stack = { }; /* init to NULL */ struct pred_stack stack = { }; /* init to NULL */
int err; int err;
@ -1442,7 +1505,7 @@ add_pred:
if (!pred) if (!pred)
return -EINVAL; return -EINVAL;
/* This item is where we start from in matching */ /* This item is where we start from in matching */
filter->root = pred; root = pred;
/* Make sure the stack is empty */ /* Make sure the stack is empty */
pred = __pop_pred_stack(&stack); pred = __pop_pred_stack(&stack);
if (WARN_ON(pred)) { if (WARN_ON(pred)) {
@ -1450,6 +1513,13 @@ add_pred:
filter->root = NULL; filter->root = NULL;
goto fail; goto fail;
} }
err = check_pred_tree(filter, root);
if (err)
goto fail;
/* We don't set root until we know it works */
barrier();
filter->root = root;
} }
err = 0; err = 0;