Commit c35ce1d9 authored by Ian Rogers's avatar Ian Rogers Committed by Arnaldo Carvalho de Melo

perf namespaces: Add reference count checking

Add reference count checking controlled by REFCNT_CHECKING ifdef. The
reference count checking interposes an allocated pointer between the
reference counted struct on a get and frees the pointer on a put.
Accesses after a put cause faults and use after free, missed puts are
caughts as leaks and double puts are double frees.

This checking helped resolve a memory leak and use after free:
https://lore.kernel.org/linux-perf-users/CAP-5=fWZH20L4kv-BwVtGLwR=Em3AOOT+Q4QGivvQuYn5AsPRg@mail.gmail.com/Signed-off-by: default avatarIan Rogers <irogers@google.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexey Bayduraev <alexey.v.bayduraev@linux.intel.com>
Cc: Dmitriy Vyukov <dvyukov@google.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Riccardo Mancini <rickyman7@gmail.com>
Cc: Stephane Eranian <eranian@google.com>
Cc: Stephen Brennan <stephen.s.brennan@oracle.com>
Link: https://lore.kernel.org/lkml/20230407230405.2931830-4-irogers@google.com
[ Extracted from a larger patch ]
Signed-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
parent 7031edac
...@@ -60,7 +60,7 @@ void namespaces__free(struct namespaces *namespaces) ...@@ -60,7 +60,7 @@ void namespaces__free(struct namespaces *namespaces)
free(namespaces); free(namespaces);
} }
static int nsinfo__get_nspid(struct nsinfo *nsi, const char *path) static int nsinfo__get_nspid(pid_t *tgid, pid_t *nstgid, bool *in_pidns, const char *path)
{ {
FILE *f = NULL; FILE *f = NULL;
char *statln = NULL; char *statln = NULL;
...@@ -74,19 +74,18 @@ static int nsinfo__get_nspid(struct nsinfo *nsi, const char *path) ...@@ -74,19 +74,18 @@ static int nsinfo__get_nspid(struct nsinfo *nsi, const char *path)
while (getline(&statln, &linesz, f) != -1) { while (getline(&statln, &linesz, f) != -1) {
/* Use tgid if CONFIG_PID_NS is not defined. */ /* Use tgid if CONFIG_PID_NS is not defined. */
if (strstr(statln, "Tgid:") != NULL) { if (strstr(statln, "Tgid:") != NULL) {
nsi->tgid = (pid_t)strtol(strrchr(statln, '\t'), *tgid = (pid_t)strtol(strrchr(statln, '\t'), NULL, 10);
NULL, 10); *nstgid = *tgid;
nsi->nstgid = nsinfo__tgid(nsi);
} }
if (strstr(statln, "NStgid:") != NULL) { if (strstr(statln, "NStgid:") != NULL) {
nspid = strrchr(statln, '\t'); nspid = strrchr(statln, '\t');
nsi->nstgid = (pid_t)strtol(nspid, NULL, 10); *nstgid = (pid_t)strtol(nspid, NULL, 10);
/* /*
* If innermost tgid is not the first, process is in a different * If innermost tgid is not the first, process is in a different
* PID namespace. * PID namespace.
*/ */
nsi->in_pidns = (statln + sizeof("NStgid:") - 1) != nspid; *in_pidns = (statln + sizeof("NStgid:") - 1) != nspid;
break; break;
} }
} }
...@@ -121,8 +120,8 @@ int nsinfo__init(struct nsinfo *nsi) ...@@ -121,8 +120,8 @@ int nsinfo__init(struct nsinfo *nsi)
* want to switch as part of looking up dso/map data. * want to switch as part of looking up dso/map data.
*/ */
if (old_stat.st_ino != new_stat.st_ino) { if (old_stat.st_ino != new_stat.st_ino) {
nsi->need_setns = true; RC_CHK_ACCESS(nsi)->need_setns = true;
nsi->mntns_path = newns; RC_CHK_ACCESS(nsi)->mntns_path = newns;
newns = NULL; newns = NULL;
} }
...@@ -132,13 +131,26 @@ int nsinfo__init(struct nsinfo *nsi) ...@@ -132,13 +131,26 @@ int nsinfo__init(struct nsinfo *nsi)
if (snprintf(spath, PATH_MAX, "/proc/%d/status", nsinfo__pid(nsi)) >= PATH_MAX) if (snprintf(spath, PATH_MAX, "/proc/%d/status", nsinfo__pid(nsi)) >= PATH_MAX)
goto out; goto out;
rv = nsinfo__get_nspid(nsi, spath); rv = nsinfo__get_nspid(&RC_CHK_ACCESS(nsi)->tgid, &RC_CHK_ACCESS(nsi)->nstgid,
&RC_CHK_ACCESS(nsi)->in_pidns, spath);
out: out:
free(newns); free(newns);
return rv; return rv;
} }
static struct nsinfo *nsinfo__alloc(void)
{
struct nsinfo *res;
RC_STRUCT(nsinfo) *nsi;
nsi = calloc(1, sizeof(*nsi));
if (ADD_RC_CHK(res, nsi))
refcount_set(&nsi->refcnt, 1);
return res;
}
struct nsinfo *nsinfo__new(pid_t pid) struct nsinfo *nsinfo__new(pid_t pid)
{ {
struct nsinfo *nsi; struct nsinfo *nsi;
...@@ -146,22 +158,21 @@ struct nsinfo *nsinfo__new(pid_t pid) ...@@ -146,22 +158,21 @@ struct nsinfo *nsinfo__new(pid_t pid)
if (pid == 0) if (pid == 0)
return NULL; return NULL;
nsi = calloc(1, sizeof(*nsi)); nsi = nsinfo__alloc();
if (nsi != NULL) { if (!nsi)
nsi->pid = pid; return NULL;
nsi->tgid = pid;
nsi->nstgid = pid;
nsi->need_setns = false;
nsi->in_pidns = false;
/* Init may fail if the process exits while we're trying to look
* at its proc information. In that case, save the pid but
* don't try to enter the namespace.
*/
if (nsinfo__init(nsi) == -1)
nsi->need_setns = false;
refcount_set(&nsi->refcnt, 1); RC_CHK_ACCESS(nsi)->pid = pid;
} RC_CHK_ACCESS(nsi)->tgid = pid;
RC_CHK_ACCESS(nsi)->nstgid = pid;
RC_CHK_ACCESS(nsi)->need_setns = false;
RC_CHK_ACCESS(nsi)->in_pidns = false;
/* Init may fail if the process exits while we're trying to look at its
* proc information. In that case, save the pid but don't try to enter
* the namespace.
*/
if (nsinfo__init(nsi) == -1)
RC_CHK_ACCESS(nsi)->need_setns = false;
return nsi; return nsi;
} }
...@@ -173,21 +184,21 @@ struct nsinfo *nsinfo__copy(const struct nsinfo *nsi) ...@@ -173,21 +184,21 @@ struct nsinfo *nsinfo__copy(const struct nsinfo *nsi)
if (nsi == NULL) if (nsi == NULL)
return NULL; return NULL;
nnsi = calloc(1, sizeof(*nnsi)); nnsi = nsinfo__alloc();
if (nnsi != NULL) { if (!nnsi)
nnsi->pid = nsinfo__pid(nsi); return NULL;
nnsi->tgid = nsinfo__tgid(nsi);
nnsi->nstgid = nsinfo__nstgid(nsi); RC_CHK_ACCESS(nnsi)->pid = nsinfo__pid(nsi);
nnsi->need_setns = nsinfo__need_setns(nsi); RC_CHK_ACCESS(nnsi)->tgid = nsinfo__tgid(nsi);
nnsi->in_pidns = nsinfo__in_pidns(nsi); RC_CHK_ACCESS(nnsi)->nstgid = nsinfo__nstgid(nsi);
if (nsi->mntns_path) { RC_CHK_ACCESS(nnsi)->need_setns = nsinfo__need_setns(nsi);
nnsi->mntns_path = strdup(nsi->mntns_path); RC_CHK_ACCESS(nnsi)->in_pidns = nsinfo__in_pidns(nsi);
if (!nnsi->mntns_path) { if (RC_CHK_ACCESS(nsi)->mntns_path) {
free(nnsi); RC_CHK_ACCESS(nnsi)->mntns_path = strdup(RC_CHK_ACCESS(nsi)->mntns_path);
return NULL; if (!RC_CHK_ACCESS(nnsi)->mntns_path) {
} nsinfo__put(nnsi);
return NULL;
} }
refcount_set(&nnsi->refcnt, 1);
} }
return nnsi; return nnsi;
...@@ -195,51 +206,60 @@ struct nsinfo *nsinfo__copy(const struct nsinfo *nsi) ...@@ -195,51 +206,60 @@ struct nsinfo *nsinfo__copy(const struct nsinfo *nsi)
static void nsinfo__delete(struct nsinfo *nsi) static void nsinfo__delete(struct nsinfo *nsi)
{ {
zfree(&nsi->mntns_path); if (nsi) {
free(nsi); WARN_ONCE(refcount_read(&RC_CHK_ACCESS(nsi)->refcnt) != 0,
"nsinfo refcnt unbalanced\n");
zfree(&RC_CHK_ACCESS(nsi)->mntns_path);
RC_CHK_FREE(nsi);
}
} }
struct nsinfo *nsinfo__get(struct nsinfo *nsi) struct nsinfo *nsinfo__get(struct nsinfo *nsi)
{ {
if (nsi) struct nsinfo *result;
refcount_inc(&nsi->refcnt);
return nsi; if (RC_CHK_GET(result, nsi))
refcount_inc(&RC_CHK_ACCESS(nsi)->refcnt);
return result;
} }
void nsinfo__put(struct nsinfo *nsi) void nsinfo__put(struct nsinfo *nsi)
{ {
if (nsi && refcount_dec_and_test(&nsi->refcnt)) if (nsi && refcount_dec_and_test(&RC_CHK_ACCESS(nsi)->refcnt))
nsinfo__delete(nsi); nsinfo__delete(nsi);
else
RC_CHK_PUT(nsi);
} }
bool nsinfo__need_setns(const struct nsinfo *nsi) bool nsinfo__need_setns(const struct nsinfo *nsi)
{ {
return nsi->need_setns; return RC_CHK_ACCESS(nsi)->need_setns;
} }
void nsinfo__clear_need_setns(struct nsinfo *nsi) void nsinfo__clear_need_setns(struct nsinfo *nsi)
{ {
nsi->need_setns = false; RC_CHK_ACCESS(nsi)->need_setns = false;
} }
pid_t nsinfo__tgid(const struct nsinfo *nsi) pid_t nsinfo__tgid(const struct nsinfo *nsi)
{ {
return nsi->tgid; return RC_CHK_ACCESS(nsi)->tgid;
} }
pid_t nsinfo__nstgid(const struct nsinfo *nsi) pid_t nsinfo__nstgid(const struct nsinfo *nsi)
{ {
return nsi->nstgid; return RC_CHK_ACCESS(nsi)->nstgid;
} }
pid_t nsinfo__pid(const struct nsinfo *nsi) pid_t nsinfo__pid(const struct nsinfo *nsi)
{ {
return nsi->pid; return RC_CHK_ACCESS(nsi)->pid;
} }
pid_t nsinfo__in_pidns(const struct nsinfo *nsi) pid_t nsinfo__in_pidns(const struct nsinfo *nsi)
{ {
return nsi->in_pidns; return RC_CHK_ACCESS(nsi)->in_pidns;
} }
void nsinfo__mountns_enter(struct nsinfo *nsi, void nsinfo__mountns_enter(struct nsinfo *nsi,
...@@ -256,7 +276,7 @@ void nsinfo__mountns_enter(struct nsinfo *nsi, ...@@ -256,7 +276,7 @@ void nsinfo__mountns_enter(struct nsinfo *nsi,
nc->oldns = -1; nc->oldns = -1;
nc->newns = -1; nc->newns = -1;
if (!nsi || !nsi->need_setns) if (!nsi || !RC_CHK_ACCESS(nsi)->need_setns)
return; return;
if (snprintf(curpath, PATH_MAX, "/proc/self/ns/mnt") >= PATH_MAX) if (snprintf(curpath, PATH_MAX, "/proc/self/ns/mnt") >= PATH_MAX)
...@@ -270,7 +290,7 @@ void nsinfo__mountns_enter(struct nsinfo *nsi, ...@@ -270,7 +290,7 @@ void nsinfo__mountns_enter(struct nsinfo *nsi,
if (oldns < 0) if (oldns < 0)
goto errout; goto errout;
newns = open(nsi->mntns_path, O_RDONLY); newns = open(RC_CHK_ACCESS(nsi)->mntns_path, O_RDONLY);
if (newns < 0) if (newns < 0)
goto errout; goto errout;
...@@ -339,9 +359,9 @@ int nsinfo__stat(const char *filename, struct stat *st, struct nsinfo *nsi) ...@@ -339,9 +359,9 @@ int nsinfo__stat(const char *filename, struct stat *st, struct nsinfo *nsi)
bool nsinfo__is_in_root_namespace(void) bool nsinfo__is_in_root_namespace(void)
{ {
struct nsinfo nsi; pid_t tgid = 0, nstgid = 0;
bool in_pidns = false;
memset(&nsi, 0x0, sizeof(nsi)); nsinfo__get_nspid(&tgid, &nstgid, &in_pidns, "/proc/self/status");
nsinfo__get_nspid(&nsi, "/proc/self/status"); return !in_pidns;
return !nsi.in_pidns;
} }
...@@ -13,6 +13,7 @@ ...@@ -13,6 +13,7 @@
#include <linux/perf_event.h> #include <linux/perf_event.h>
#include <linux/refcount.h> #include <linux/refcount.h>
#include <linux/types.h> #include <linux/types.h>
#include <internal/rc_check.h>
#ifndef HAVE_SETNS_SUPPORT #ifndef HAVE_SETNS_SUPPORT
int setns(int fd, int nstype); int setns(int fd, int nstype);
...@@ -29,7 +30,7 @@ struct namespaces { ...@@ -29,7 +30,7 @@ struct namespaces {
struct namespaces *namespaces__new(struct perf_record_namespaces *event); struct namespaces *namespaces__new(struct perf_record_namespaces *event);
void namespaces__free(struct namespaces *namespaces); void namespaces__free(struct namespaces *namespaces);
struct nsinfo { DECLARE_RC_STRUCT(nsinfo) {
pid_t pid; pid_t pid;
pid_t tgid; pid_t tgid;
pid_t nstgid; pid_t nstgid;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment