From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from mail.linuxfoundation.org ([140.211.169.12]:56318 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751820AbdGMNDR (ORCPT
        <rfc822;stable@vger.kernel.org>); Thu, 13 Jul 2017 09:03:17 -0400
Subject: Patch "perf thread_map: Correctly size buffer used with dirent->dt_name" has been added to the 4.4-stable tree
To: acme@redhat.com, adrian.hunter@intel.com, dsahern@gmail.com,
        gregkh@linuxfoundation.org, jolsa@kernel.org, namhyung@kernel.org,
        wangnan0@huawei.com
Cc: <stable@vger.kernel.org>, <stable-commits@vger.kernel.org>
From: <gregkh@linuxfoundation.org>
Date: Thu, 13 Jul 2017 15:02:56 +0200
Message-ID: <149995097618389@kroah.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ANSI_X3.4-1968
Content-Transfer-Encoding: 8bit
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>


This is a note to let you know that I've just added the patch titled

    perf thread_map: Correctly size buffer used with dirent->dt_name

to the 4.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     perf-thread_map-correctly-size-buffer-used-with-dirent-dt_name.patch
and it can be found in the queue-4.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>>From bdf23a9a190d7ecea092fd5c4aabb7d4bd0a9980 Mon Sep 17 00:00:00 2001
From: Arnaldo Carvalho de Melo <acme@redhat.com>
Date: Wed, 8 Feb 2017 17:01:46 -0300
Subject: perf thread_map: Correctly size buffer used with dirent->dt_name

From: Arnaldo Carvalho de Melo <acme@redhat.com>

commit bdf23a9a190d7ecea092fd5c4aabb7d4bd0a9980 upstream.

The size of dirent->dt_name is NAME_MAX + 1, but the size for the 'path'
buffer is hard coded at 256, which may truncate it because we also
prepend "/proc/", so that all that into account and thank gcc 7 for this
warning:

  /git/linux/tools/perf/util/thread_map.c: In function 'thread_map__new_by_uid':
  /git/linux/tools/perf/util/thread_map.c:119:39: error: '%s' directive output may be truncated writing up to 255 bytes into a region of size 250 [-Werror=format-truncation=]
     snprintf(path, sizeof(path), "/proc/%s", dirent->d_name);
                                         ^~
  In file included from /usr/include/stdio.h:939:0,
                   from /git/linux/tools/perf/util/thread_map.c:5:
  /usr/include/bits/stdio2.h:64:10: note: '__builtin___snprintf_chk' output between 7 and 262 bytes into a destination of size 256
     return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          __bos (__s), __fmt, __va_arg_pack ());
          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Wang Nan <wangnan0@huawei.com>
Link: http://lkml.kernel.org/n/tip-csy0r8zrvz5efccgd4k12c82@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 tools/perf/util/thread_map.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/tools/perf/util/thread_map.c
+++ b/tools/perf/util/thread_map.c
@@ -92,7 +92,7 @@ struct thread_map *thread_map__new_by_ui
 {
 	DIR *proc;
 	int max_threads = 32, items, i;
-	char path[256];
+	char path[NAME_MAX + 1 + 6];
 	struct dirent dirent, *next, **namelist = NULL;
 	struct thread_map *threads = thread_map__alloc(max_threads);
 


Patches currently in stable-queue which might be from acme@redhat.com are

queue-4.4/perf-tools-use-readdir-instead-of-deprecated-readdir_r.patch
queue-4.4/perf-thread_map-correctly-size-buffer-used-with-dirent-dt_name.patch
queue-4.4/perf-tests-remove-wrong-semicolon-in-while-loop-in-cqm-test.patch
queue-4.4/perf-annotate-browser-fix-behaviour-of-shift-tab-with-nothing-focussed.patch
queue-4.4/perf-tests-avoid-possible-truncation-with-dirent-d_name-snprintf.patch
queue-4.4/perf-top-use-__fallthrough.patch
queue-4.4/perf-scripting-perl-fix-compile-error-with-some-perl5-versions.patch
queue-4.4/perf-bench-numa-avoid-possible-truncation-when-using-snprintf.patch
queue-4.4/perf-tools-use-readdir-instead-of-deprecated-readdir_r-again.patch
queue-4.4/perf-thread_map-use-readdir-instead-of-deprecated-readdir_r.patch
queue-4.4/perf-tools-remove-duplicate-const-qualifier.patch
queue-4.4/tools-string-use-__fallthrough-in-perf_atoll.patch
queue-4.4/perf-intel-pt-use-__fallthrough.patch
queue-4.4/perf-script-use-readdir-instead-of-deprecated-readdir_r.patch
queue-4.4/tools-include-add-a-__fallthrough-statement.patch
queue-4.4/tools-strfilter-use-__fallthrough.patch
queue-4.4/perf-dwarf-guard-x86_64-definitions-under-ifdef-else-clause.patch
queue-4.4/perf-pmu-fix-misleadingly-indented-assignment-whitespace.patch
queue-4.4/perf-trace-do-not-process-perf_record_lost-twice.patch