From: Arnaldo Carvalho de Melo <acme@kernel.org>
To: Ingo Molnar <mingo@kernel.org>
Cc: linux-kernel@vger.kernel.org,
Adrian Hunter <adrian.hunter@intel.com>,
Jiri Olsa <jolsa@redhat.com>, Namhyung Kim <namhyung@gmail.com>,
Arnaldo Carvalho de Melo <acme@redhat.com>
Subject: [PATCH 05/37] perf session: Fix perf_session__peek_event()
Date: Tue, 26 May 2015 13:47:36 -0300 [thread overview]
Message-ID: <1432658888-7993-6-git-send-email-acme@kernel.org> (raw)
In-Reply-To: <1432658888-7993-1-git-send-email-acme@kernel.org>
From: Adrian Hunter <adrian.hunter@intel.com>
perf_session__peek_event() generally leverages there being a single mmap
of the perf.data file, however on 32-bit platforms when there is more
that 32MiB of data, then there are multiple mmaps, so
perf_session__peek_event() reads from the file.
In that case a couple of bugs were exposed (note how the seg. fault
appears with >32M of data):
$ perf record --per-thread -e intel_bts// ../rtit-tests/loopy 1000000
[ perf record: Woken up 13 times to write data ]
[ perf record: Captured and wrote 24.568 MB perf.data ]
$ perf script > /dev/null
$ perf record --per-thread -e intel_bts// ../rtit-tests/loopy 10000000
[ perf record: Woken up 136 times to write data ]
[ perf record: Captured and wrote 270.794 MB perf.data ]
$ perf script > /dev/null
Segmentation fault (core dumped)
The wrong address was being passed to the readn() function and the
buffer size was not being checked.
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Namhyung Kim <namhyung@gmail.com>
Link: http://lkml.kernel.org/r/1432040746-1755-5-git-send-email-adrian.hunter@intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
---
tools/perf/util/session.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/tools/perf/util/session.c b/tools/perf/util/session.c
index e722107f932a..39fe09d5a87e 100644
--- a/tools/perf/util/session.c
+++ b/tools/perf/util/session.c
@@ -1182,7 +1182,7 @@ int perf_session__peek_event(struct perf_session *session, off_t file_offset,
return -1;
if (lseek(fd, file_offset, SEEK_SET) == (off_t)-1 ||
- readn(fd, &buf, hdr_sz) != (ssize_t)hdr_sz)
+ readn(fd, buf, hdr_sz) != (ssize_t)hdr_sz)
return -1;
event = (union perf_event *)buf;
@@ -1190,12 +1190,12 @@ int perf_session__peek_event(struct perf_session *session, off_t file_offset,
if (session->header.needs_swap)
perf_event_header__bswap(&event->header);
- if (event->header.size < hdr_sz)
+ if (event->header.size < hdr_sz || event->header.size > buf_sz)
return -1;
rest = event->header.size - hdr_sz;
- if (readn(fd, &buf, rest) != (ssize_t)rest)
+ if (readn(fd, buf, rest) != (ssize_t)rest)
return -1;
if (session->header.needs_swap)
--
2.1.0
next prev parent reply other threads:[~2015-05-26 16:48 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-26 16:47 [GIT PULL 00/37] perf/core improvements and fixes Arnaldo Carvalho de Melo
2015-05-26 16:47 ` [PATCH 01/37] perf tools: Separate the tests and tools in installation Arnaldo Carvalho de Melo
2015-05-26 16:47 ` [PATCH 02/37] perf tools: Fix function declarations needed by parse-events.y Arnaldo Carvalho de Melo
2015-05-26 16:47 ` [PATCH 03/37] perf tools: Fix parse_events_error dereferences Arnaldo Carvalho de Melo
2015-05-26 16:47 ` [PATCH 04/37] perf build: Fix libunwind feature detection on 32-bit x86 Arnaldo Carvalho de Melo
2015-05-26 16:47 ` Arnaldo Carvalho de Melo [this message]
2015-05-26 16:47 ` [PATCH 06/37] perf hists: Reducing arguments of hist_entry_iter__add() Arnaldo Carvalho de Melo
2015-05-26 16:47 ` [PATCH 07/37] perf hists: Rename add_hist_entry to hists__findnew_entry Arnaldo Carvalho de Melo
2015-05-26 16:47 ` [PATCH 08/37] perf comm: Use atomic.h for refcounting Arnaldo Carvalho de Melo
2015-05-26 16:47 ` [PATCH 09/37] perf machine: Do not call map_groups__delete(), drop refcnt instead Arnaldo Carvalho de Melo
2015-05-26 16:47 ` [PATCH 10/37] perf tools: Fix dso__data_read_offset() file opening Arnaldo Carvalho de Melo
2015-05-26 16:47 ` [PATCH 11/37] perf tools: Get rid of dso__data_fd() from dso__data_size() Arnaldo Carvalho de Melo
2015-05-26 16:47 ` [PATCH 12/37] perf tools: Add dso__data_get/put_fd() Arnaldo Carvalho de Melo
2015-05-26 16:47 ` [PATCH 13/37] perf tools: Rename maps__next Arnaldo Carvalho de Melo
2015-05-26 16:47 ` [PATCH 14/37] perf tools: Remove redundant initialization of thread linkage members Arnaldo Carvalho de Melo
2015-05-26 16:47 ` [PATCH 15/37] perf tools: Nuke unused map_groups__flush() Arnaldo Carvalho de Melo
2015-05-26 16:47 ` [PATCH 16/37] perf tools: Import rb_erase_init from block/ in the kernel sources Arnaldo Carvalho de Melo
2015-05-26 16:47 ` [PATCH 17/37] perf machine: Mark removed threads as such Arnaldo Carvalho de Melo
2015-05-26 16:47 ` [PATCH 18/37] perf tools: Leave DSO destruction to the map destruction Arnaldo Carvalho de Melo
2015-05-26 16:47 ` [PATCH 19/37] perf tools: Use maps__first()/map__next() Arnaldo Carvalho de Melo
2015-05-26 16:47 ` [PATCH 20/37] perf tools: Assign default value for some pointers Arnaldo Carvalho de Melo
2015-05-26 16:47 ` [PATCH 21/37] perf tools: Improve setting of gcc debug option Arnaldo Carvalho de Melo
2015-05-26 16:47 ` [PATCH 22/37] perf sched: Add option to merge like comms to lat output Arnaldo Carvalho de Melo
2015-05-26 16:47 ` [PATCH 23/37] perf tools: Disallow PMU events intel_pt and intel_bts until there is support Arnaldo Carvalho de Melo
2015-05-26 16:47 ` [PATCH 24/37] perf auxtrace: Add Intel PT as an AUX area tracing type Arnaldo Carvalho de Melo
2015-05-26 16:47 ` [PATCH 25/37] perf tools: Add Intel PT packet decoder Arnaldo Carvalho de Melo
2015-05-26 16:47 ` [PATCH 26/37] perf tools: Add Intel PT instruction decoder Arnaldo Carvalho de Melo
2015-05-26 16:47 ` [PATCH 27/37] perf tools: Add Intel PT log Arnaldo Carvalho de Melo
2015-05-26 16:47 ` [PATCH 28/37] perf tools: Add Intel PT decoder Arnaldo Carvalho de Melo
2015-05-26 16:48 ` [PATCH 29/37] perf tools: Add Intel PT support Arnaldo Carvalho de Melo
2015-05-26 16:48 ` [PATCH 30/37] perf tools: Take Intel PT into use Arnaldo Carvalho de Melo
2015-05-26 16:48 ` [PATCH 31/37] perf tools: Allow auxtrace data alignment Arnaldo Carvalho de Melo
2015-05-26 16:48 ` [PATCH 32/37] perf tools: Add Intel BTS support Arnaldo Carvalho de Melo
2015-05-26 16:48 ` [PATCH 33/37] perf tools: Output sample flags and insn_len from intel_pt Arnaldo Carvalho de Melo
2015-05-26 16:48 ` [PATCH 34/37] perf tools: Output sample flags and insn_len from intel_bts Arnaldo Carvalho de Melo
2015-05-26 16:48 ` [PATCH 35/37] perf tools: Intel PT to always update thread stack trace number Arnaldo Carvalho de Melo
2015-05-26 16:48 ` [PATCH 36/37] perf tools: Intel BTS " Arnaldo Carvalho de Melo
2015-05-26 16:48 ` [PATCH 37/37] perf tools: Put itrace options into an asciidoc include Arnaldo Carvalho de Melo
2015-05-27 7:38 ` [GIT PULL 00/37] perf/core improvements and fixes Ingo Molnar
2015-05-27 12:35 ` Arnaldo Carvalho de Melo
2015-05-27 12:40 ` Adrian Hunter
2015-05-27 12:45 ` Ingo Molnar
2015-06-05 13:21 ` Adrian Hunter
2015-06-05 14:08 ` Arnaldo Carvalho de Melo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1432658888-7993-6-git-send-email-acme@kernel.org \
--to=acme@kernel.org \
--cc=acme@redhat.com \
--cc=adrian.hunter@intel.com \
--cc=jolsa@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=namhyung@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.