From: Arnaldo Carvalho de Melo <acme@kernel.org>
To: Ingo Molnar <mingo@kernel.org>
Cc: Clark Williams <williams@redhat.com>,
linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org,
Jiri Olsa <jolsa@kernel.org>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Andi Kleen <andi@firstfloor.org>, David Ahern <dsahern@gmail.com>,
Namhyung Kim <namhyung@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Arnaldo Carvalho de Melo <acme@redhat.com>
Subject: [PATCH 04/13] perf ordered_events: Prevent crossing max_alloc_size
Date: Wed, 19 Sep 2018 11:25:28 -0300 [thread overview]
Message-ID: <20180919142537.29985-5-acme@kernel.org> (raw)
In-Reply-To: <20180919142537.29985-1-acme@kernel.org>
From: Jiri Olsa <jolsa@kernel.org>
Stephane reported a possible issue in the ordered events code, which
could lead to allocating more memory than guarded by max_alloc_size.
He also suggested the fix to properly check that the new size is below
the max_alloc_size limit.
Reported-by: Stephane Eranian <eranian@google.com>
Suggested-by: Stephane Eranian <eranian@google.com>
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Andi Kleen <andi@firstfloor.org>
Cc: David Ahern <dsahern@gmail.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: http://lkml.kernel.org/r/20180907102455.7030-2-jolsa@kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
---
tools/perf/util/ordered-events.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/tools/perf/util/ordered-events.c b/tools/perf/util/ordered-events.c
index 84ce25272c13..1904e7f6ec84 100644
--- a/tools/perf/util/ordered-events.c
+++ b/tools/perf/util/ordered-events.c
@@ -101,6 +101,7 @@ static struct ordered_event *alloc_event(struct ordered_events *oe,
struct list_head *cache = &oe->cache;
struct ordered_event *new = NULL;
union perf_event *new_event;
+ size_t size;
new_event = dup_event(oe, event);
if (!new_event)
@@ -133,6 +134,8 @@ static struct ordered_event *alloc_event(struct ordered_events *oe,
* Removal of ordered event object moves it from events to
* the cache list.
*/
+ size = sizeof(*oe->buffer) + MAX_SAMPLE_BUFFER * sizeof(*new);
+
if (!list_empty(cache)) {
new = list_entry(cache->next, struct ordered_event, list);
list_del(&new->list);
@@ -140,10 +143,7 @@ static struct ordered_event *alloc_event(struct ordered_events *oe,
new = &oe->buffer->event[oe->buffer_idx];
if (++oe->buffer_idx == MAX_SAMPLE_BUFFER)
oe->buffer = NULL;
- } else if (oe->cur_alloc_size < oe->max_alloc_size) {
- size_t size = sizeof(*oe->buffer) +
- MAX_SAMPLE_BUFFER * sizeof(*new);
-
+ } else if ((oe->cur_alloc_size + size) < oe->max_alloc_size) {
oe->buffer = malloc(size);
if (!oe->buffer) {
free_dup_event(oe, new_event);
--
2.14.4
next prev parent reply other threads:[~2018-09-19 14:25 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-19 14:25 [GIT PULL 00/13] perf/core improvements and fixes Arnaldo Carvalho de Melo
2018-09-19 14:25 ` Arnaldo Carvalho de Melo
2018-09-19 14:25 ` [PATCH 01/13] perf: Suppress AUX/OVERWRITE records Arnaldo Carvalho de Melo
2018-09-19 14:25 ` [PATCH 02/13] perf test: Add watchpoint test Arnaldo Carvalho de Melo
2018-09-19 14:25 ` [PATCH 03/13] perf ordered_events: Add 'struct ordered_events_buffer' layer Arnaldo Carvalho de Melo
2018-09-19 14:25 ` Arnaldo Carvalho de Melo [this message]
2018-09-19 14:25 ` [PATCH 05/13] tools include: Adopt PTR_ERR_OR_ZERO from the kernel err.h header Arnaldo Carvalho de Melo
2018-09-19 14:25 ` [PATCH 06/13] perf bpf-loader: use PTR_ERR_OR_ZERO inetead of return code Arnaldo Carvalho de Melo
2018-09-19 14:25 ` [PATCH 07/13] perf tools: Remove perf_tool from event_op2 Arnaldo Carvalho de Melo
2018-09-19 14:25 ` [PATCH 08/13] perf tools: Remove perf_tool from event_op3 Arnaldo Carvalho de Melo
2018-09-19 14:25 ` [PATCH 09/13] perf auxtrace: Pass struct perf_mmap into mmap__read* functions Arnaldo Carvalho de Melo
2018-09-19 14:25 ` [PATCH 10/13] perf tools: Add 'struct perf_mmap' arg to record__write() Arnaldo Carvalho de Melo
2018-09-19 14:25 ` [PATCH 11/13] perf util: Make copyfile_offset() global Arnaldo Carvalho de Melo
2018-09-19 14:25 ` [PATCH 12/13] perf tools: Initialize perf_data_file fd field Arnaldo Carvalho de Melo
2018-09-19 14:25 ` [PATCH 13/13] perf python: Use -Wno-redundant-decls to build with PYTHON=python3 Arnaldo Carvalho de Melo
2018-09-25 9:21 ` [GIT PULL 00/13] perf/core improvements and fixes Ingo Molnar
2018-09-25 9:21 ` Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180919142537.29985-5-acme@kernel.org \
--to=acme@kernel.org \
--cc=acme@redhat.com \
--cc=alexander.shishkin@linux.intel.com \
--cc=andi@firstfloor.org \
--cc=dsahern@gmail.com \
--cc=jolsa@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-perf-users@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=namhyung@kernel.org \
--cc=peterz@infradead.org \
--cc=williams@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.