ABI refactoring: sequence and array of text: copy input as string

Within the lttng-modules writeback instrumentation, which exposes a
tracepoint probe API similar to LTTng-UST, we had a long standing issue
where a fixed-size array of text was used to copy a string input into
the trace.

This is fine as long as the input string is actually backed by a
fixed-size array, but if the input string is variable-size, and may be
smaller than the array size, this led to out-of-bound memory reads
beyond the input string NULL terminating character.

Change the behavior of the array/sequence of text to stop copying the
input as soon as the array/sequence size limit (-1) or the input's NULL
terminating character is found, and add zeroed padding for the rest of
the array/sequence within the ring buffer.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Change-Id: Icc3f31c12bdd8018e5e4b7ea146fe842371054d6

diff --git a/include/lttng/ust-events.h b/include/lttng/ust-events.h
index e8e4bf2cac12d254bd11ae884847c2f4367bcf64..8568d4bd2723abef749d1a6433b0d87472b9a00d 100644 (file)
--- a/include/lttng/ust-events.h
+++ b/include/lttng/ust-events.h
@@ -451,6 +451,8 @@ struct lttng_ust_channel_ops {
                        const void *src, size_t len);
        void (*event_strcpy)(struct lttng_ust_lib_ring_buffer_ctx *ctx,
                        const char *src, size_t len);
+       void (*event_strcpy_pad)(struct lttng_ust_lib_ring_buffer_ctx *ctx,
+                       const char *src, size_t len);
 
        /* End of base ABI. Fields below should be used after checking struct_size. */
 };

diff --git a/include/lttng/ust-tracepoint-event.h b/include/lttng/ust-tracepoint-event.h
index 9066e495850a7a93a7bedc5b77fa379b1c111e10..22c97438ba589c3c66694abbe69b5be98f511fb8 100644 (file)
--- a/include/lttng/ust-tracepoint-event.h
+++ b/include/lttng/ust-tracepoint-event.h
@@ -704,7 +704,10 @@ size_t __event_get_align__##_provider##___##_name(_TP_ARGS_PROTO(_args))      \
 #define _ctf_array_encoded(_type, _item, _src, _byte_order, _length,   \
                        _encoding, _nowrite, _elem_type_base)           \
        lib_ring_buffer_align_ctx(&__ctx, lttng_alignof(_type));        \
-       __chan->ops->event_write(&__ctx, _src, sizeof(_type) * (_length));
+       if (lttng_ust_string_encoding_##_encoding == lttng_ust_string_encoding_none) \
+               __chan->ops->event_write(&__ctx, _src, sizeof(_type) * (_length)); \
+       else                                                            \
+               __chan->ops->event_strcpy_pad(&__ctx, (const char *) (_src), _length); \
 
 #undef _ctf_sequence_encoded
 #define _ctf_sequence_encoded(_type, _item, _src, _byte_order, _length_type, \
@@ -715,8 +718,11 @@ size_t __event_get_align__##_provider##___##_name(_TP_ARGS_PROTO(_args))      \
                __chan->ops->event_write(&__ctx, &__tmpl, sizeof(_length_type));\
        }                                                               \
        lib_ring_buffer_align_ctx(&__ctx, lttng_alignof(_type));        \
-       __chan->ops->event_write(&__ctx, _src,                          \
-               sizeof(_type) * __get_dynamic_len(dest));
+       if (lttng_ust_string_encoding_##_encoding == lttng_ust_string_encoding_none) \
+               __chan->ops->event_write(&__ctx, _src,                  \
+                       sizeof(_type) * __get_dynamic_len(dest));       \
+       else                                                            \
+               __chan->ops->event_strcpy_pad(&__ctx, (const char *) (_src), __get_dynamic_len(dest)); \
 
 #undef _ctf_string
 #define _ctf_string(_item, _src, _nowrite)                             \

diff --git a/liblttng-ust/lttng-ring-buffer-client.h b/liblttng-ust/lttng-ring-buffer-client.h
index 73f3deb8e341d4d337af9329a07fa7cd296707bc..32b812d5e08ccb9cddc8eec1290c6b53de9f7f3f 100644 (file)
--- a/liblttng-ust/lttng-ring-buffer-client.h
+++ b/liblttng-ust/lttng-ring-buffer-client.h
@@ -763,6 +763,13 @@ void lttng_event_strcpy(struct lttng_ust_lib_ring_buffer_ctx *ctx, const char *s
        lib_ring_buffer_strcpy(&client_config, ctx, src, len, '#');
 }
 
+static
+void lttng_event_strcpy_pad(struct lttng_ust_lib_ring_buffer_ctx *ctx,
+                    const char *src, size_t len)
+{
+       lib_ring_buffer_strcpy(&client_config, ctx, src, len, '\0');
+}
+
 #if 0
 static
 wait_queue_head_t *lttng_get_reader_wait_queue(struct lttng_ust_lib_ring_buffer_channel *chan)
@@ -826,6 +833,7 @@ static struct lttng_transport lttng_relay_transport = {
                .event_commit = lttng_event_commit,
                .event_write = lttng_event_write,
                .event_strcpy = lttng_event_strcpy,
+               .event_strcpy_pad = lttng_event_strcpy_pad,
        },
        .client_config = &client_config,
 };