git.openpandora.org / pandora-kernel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
tracing/filter: Do not allow infix to exceed end of string
[pandora-kernel.git] / kernel / trace / trace_events_filter.c
diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c
index 7a8c152..52adf02 100644 (file)
--- a/kernel/trace/trace_events_filter.c
+++ b/kernel/trace/trace_events_filter.c
@@ -45,6 +45,7 @@ enum filter_op_ids
        OP_GT,
        OP_GE,
        OP_BAND,
+       OP_NOT,
        OP_NONE,
        OP_OPEN_PAREN,
 };
@@ -67,6 +68,7 @@ static struct filter_op filter_ops[] = {
        { OP_GT,        ">",            5 },
        { OP_GE,        ">=",           5 },
        { OP_BAND,      "&",            6 },
+       { OP_NOT,       "!",            6 },
        { OP_NONE,      "OP_NONE",      0 },
        { OP_OPEN_PAREN, "(",           0 },
 };
@@ -85,6 +87,7 @@ enum {
        FILT_ERR_MISSING_FIELD,
        FILT_ERR_INVALID_FILTER,
        FILT_ERR_IP_FIELD_ONLY,
+       FILT_ERR_ILLEGAL_NOT_OP,
 };
 
 static char *err_text[] = {
@@ -101,6 +104,7 @@ static char *err_text[] = {
        "Missing field name and/or value",
        "Meaningless filter expression",
        "Only 'ip' field is supported for function trace",
+       "Illegal use of '!'",
 };
 
 struct opstack_op {
@@ -139,6 +143,7 @@ struct pred_stack {
        int                     index;
 };
 
+/* If not of not match is equal to not of not, then it is a match */
 #define DEFINE_COMPARISON_PRED(type)                                   \
 static int filter_pred_##type(struct filter_pred *pred, void *event)   \
 {                                                                      \
@@ -166,7 +171,7 @@ static int filter_pred_##type(struct filter_pred *pred, void *event)        \
                break;                                                  \
        }                                                               \
                                                                        \
-       return match;                                                   \
+       return !!match == !pred->not;                                   \
 }
 
 #define DEFINE_EQUALITY_PRED(size)                                     \
@@ -484,9 +489,10 @@ static int process_ops(struct filter_pred *preds,
                if (!WARN_ON_ONCE(!pred->fn))
                        match = pred->fn(pred, rec);
                if (!!match == type)
-                       return match;
+                       break;
        }
-       return match;
+       /* If not of not match is equal to not of not, then it is a match */
+       return !!match == !op->not;
 }
 
 struct filter_match_preds_data {
@@ -735,10 +741,10 @@ static int filter_set_pred(struct event_filter *filter,
                 * then this op can be folded.
                 */
                if (left->index & FILTER_PRED_FOLD &&
-                   (left->op == dest->op ||
+                   ((left->op == dest->op && !left->not) ||
                     left->left == FILTER_PRED_INVALID) &&
                    right->index & FILTER_PRED_FOLD &&
-                   (right->op == dest->op ||
+                   ((right->op == dest->op && !right->not) ||
                     right->left == FILTER_PRED_INVALID))
                        dest->index |= FILTER_PRED_FOLD;
 
@@ -1028,7 +1034,7 @@ static int init_pred(struct filter_parse_state *ps,
        }
 
        if (pred->op == OP_NE)
-               pred->not = 1;
+               pred->not ^= 1;
 
        pred->fn = fn;
        return 0;
@@ -1050,6 +1056,9 @@ static void parse_init(struct filter_parse_state *ps,
 
 static char infix_next(struct filter_parse_state *ps)
 {
+       if (!ps->infix.cnt)
+               return 0;
+
        ps->infix.cnt--;
 
        return ps->infix.string[ps->infix.tail++];
@@ -1065,6 +1074,9 @@ static char infix_peek(struct filter_parse_state *ps)
 
 static void infix_advance(struct filter_parse_state *ps)
 {
+       if (!ps->infix.cnt)
+               return;
+
        ps->infix.cnt--;
        ps->infix.tail++;
 }
@@ -1363,19 +1375,28 @@ static int check_preds(struct filter_parse_state *ps)
 {
        int n_normal_preds = 0, n_logical_preds = 0;
        struct postfix_elt *elt;
+       int cnt = 0;
 
        list_for_each_entry(elt, &ps->postfix, list) {
-               if (elt->op == OP_NONE)
+               if (elt->op == OP_NONE) {
+                       cnt++;
                        continue;
+               }
 
                if (elt->op == OP_AND || elt->op == OP_OR) {
                        n_logical_preds++;
+                       cnt--;
                        continue;
                }
+               if (elt->op != OP_NOT)
+                       cnt--;
                n_normal_preds++;
+               /* all ops should have operands */
+               if (cnt < 0)
+                       break;
        }
 
-       if (!n_normal_preds || n_logical_preds >= n_normal_preds) {
+       if (cnt != 1 || !n_normal_preds || n_logical_preds >= n_normal_preds) {
                parse_error(ps, FILT_ERR_INVALID_FILTER, 0);
                return -EINVAL;
        }
@@ -1590,6 +1611,17 @@ static int replace_preds(struct ftrace_event_call *call,
                        continue;
                }
 
+               if (elt->op == OP_NOT) {
+                       if (!n_preds || operand1 || operand2) {
+                               parse_error(ps, FILT_ERR_ILLEGAL_NOT_OP, 0);
+                               err = -EINVAL;
+                               goto fail;
+                       }
+                       if (!dry_run)
+                               filter->preds[n_preds - 1].not ^= 1;
+                       continue;
+               }
+
                if (WARN_ON(n_preds++ == MAX_FILTER_PRED)) {
                        parse_error(ps, FILT_ERR_TOO_MANY_PREDS, 0);
                        err = -ENOSPC;
Pandora Kernel Repository