From: Arnaldo Carvalho de Melo <acme@kernel.org>
To: Ingo Molnar <mingo@kernel.org>, Thomas Gleixner <tglx@linutronix.de>
Cc: Jiri Olsa <jolsa@kernel.org>, Namhyung Kim <namhyung@kernel.org>,
Clark Williams <williams@redhat.com>,
linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org,
Arnaldo Carvalho de Melo <acme@redhat.com>,
Vince Weaver <vincent.weaver@maine.edu>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Peter Zijlstra <peterz@infradead.org>
Subject: [PATCH 01/28] perf session: Avoid infinite loop when seeing invalid header.size
Date: Wed, 14 Aug 2019 15:40:24 -0300 [thread overview]
Message-ID: <20190814184051.3125-2-acme@kernel.org> (raw)
In-Reply-To: <20190814184051.3125-1-acme@kernel.org>
From: Arnaldo Carvalho de Melo <acme@redhat.com>
Vince reported that when fuzzing the userland perf tool with a bogus
perf.data file he got into a infinite loop in 'perf report'.
Changing the return of fetch_mmaped_event() to ERR_PTR(-EINVAL) for that
case gets us out of that infinite loop.
Reported-by: Vince Weaver <vincent.weaver@maine.edu>
Tested-by: Vince Weaver <vincent.weaver@maine.edu>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: https://lkml.kernel.org/r/20190726211415.GE24867@kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
---
tools/perf/util/session.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/tools/perf/util/session.c b/tools/perf/util/session.c
index 11e6093c941b..b9fe71d11bf6 100644
--- a/tools/perf/util/session.c
+++ b/tools/perf/util/session.c
@@ -1,6 +1,7 @@
// SPDX-License-Identifier: GPL-2.0
#include <errno.h>
#include <inttypes.h>
+#include <linux/err.h>
#include <linux/kernel.h>
#include <linux/zalloc.h>
#include <traceevent/event-parse.h>
@@ -1955,7 +1956,9 @@ fetch_mmaped_event(struct perf_session *session,
/* We're not fetching the event so swap back again */
if (session->header.needs_swap)
perf_event_header__bswap(&event->header);
- return NULL;
+ pr_debug("%s: head=%#" PRIx64 " event->header_size=%#x, mmap_size=%#zx: fuzzed perf.data?\n",
+ __func__, head, event->header.size, mmap_size);
+ return ERR_PTR(-EINVAL);
}
return event;
@@ -1973,6 +1976,9 @@ static int __perf_session__process_decomp_events(struct perf_session *session)
while (decomp->head < decomp->size && !session_done()) {
union perf_event *event = fetch_mmaped_event(session, decomp->head, decomp->size, decomp->data);
+ if (IS_ERR(event))
+ return PTR_ERR(event);
+
if (!event)
break;
@@ -2072,6 +2078,9 @@ reader__process_events(struct reader *rd, struct perf_session *session,
more:
event = fetch_mmaped_event(session, head, mmap_size, buf);
+ if (IS_ERR(event))
+ return PTR_ERR(event);
+
if (!event) {
if (mmaps[map_idx]) {
munmap(mmaps[map_idx], mmap_size);
--
2.21.0
next prev parent reply other threads:[~2019-08-14 18:40 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-14 18:40 [GIT PULL] perf/core improvements and fixes Arnaldo Carvalho de Melo
2019-08-14 18:40 ` Arnaldo Carvalho de Melo [this message]
2019-08-14 18:40 ` [PATCH 02/28] perf config: Honour $PERF_CONFIG env var to specify alternate .perfconfig Arnaldo Carvalho de Melo
2019-08-14 18:40 ` [PATCH 03/28] perf config: Document the PERF_CONFIG environment variable Arnaldo Carvalho de Melo
2019-08-14 18:40 ` [PATCH 04/28] perf test vfs_getname: Disable ~/.perfconfig to get default output Arnaldo Carvalho de Melo
2019-08-14 18:40 ` [PATCH 05/28] perf tools: Fix paths in include statements Arnaldo Carvalho de Melo
2019-08-14 18:40 ` [PATCH 06/28] perf vendor events intel: Add Icelake V1.00 event file Arnaldo Carvalho de Melo
2019-08-14 18:40 ` [PATCH 07/28] perf top: Set display thread COMM to help with debugging Arnaldo Carvalho de Melo
2019-08-14 18:40 ` [PATCH 08/28] perf hists: Do not link a pair if already linked Arnaldo Carvalho de Melo
2019-08-14 18:40 ` [PATCH 09/28] perf trace: Fix segmentation fault when access syscall info on arm64 Arnaldo Carvalho de Melo
2019-08-14 18:40 ` [PATCH 10/28] perf hist: Remove dummy entries when finding real ones Arnaldo Carvalho de Melo
2019-08-14 18:40 ` [PATCH 11/28] perf top: Collapse and resort all evsels in a group Arnaldo Carvalho de Melo
2019-08-14 18:40 ` [PATCH 12/28] tools build: Add capability-related feature detection Arnaldo Carvalho de Melo
2019-08-14 18:40 ` [PATCH 13/28] perf tools: Add helpers to use capabilities if present Arnaldo Carvalho de Melo
2019-08-14 18:40 ` Arnaldo Carvalho de Melo
2019-08-14 18:40 ` [PATCH 14/28] perf tools: Add NO_LIBCAP=1 to the minimal build test Arnaldo Carvalho de Melo
2019-08-14 18:40 ` [PATCH 15/28] perf tools: Add CAP_SYSLOG define for older systems Arnaldo Carvalho de Melo
2019-08-14 18:40 ` [PATCH 16/28] perf ftrace: Use CAP_SYS_ADMIN instead of euid==0 Arnaldo Carvalho de Melo
2019-08-14 18:40 ` Arnaldo Carvalho de Melo
2019-08-14 18:40 ` [PATCH 17/28] perf ftrace: Improve error message about capability to use ftrace Arnaldo Carvalho de Melo
2019-08-14 18:40 ` [PATCH 18/28] perf record: Add an option to take an AUX snapshot on exit Arnaldo Carvalho de Melo
2019-08-14 18:40 ` [PATCH 19/28] perf tools: Add aux_output attribute flag Arnaldo Carvalho de Melo
2019-08-14 18:40 ` [PATCH 20/28] perf tools: Add itrace option 'o' to synthesize aux-output events Arnaldo Carvalho de Melo
2019-08-14 18:40 ` [PATCH 21/28] perf intel-pt: Process options for PEBS event synthesis Arnaldo Carvalho de Melo
2019-08-14 18:40 ` [PATCH 22/28] perf tools: Add aux-output config term Arnaldo Carvalho de Melo
2019-08-14 18:40 ` [PATCH 23/28] perf intel-pt: Add brief documentation for PEBS via Intel PT Arnaldo Carvalho de Melo
2019-08-14 18:40 ` [PATCH 24/28] perf evsel: Provide meaningful warning when trying to use 'aux_output' on older kernels Arnaldo Carvalho de Melo
2019-08-14 18:40 ` [PATCH 25/28] tools: Keep list of tools in alphabetical order Arnaldo Carvalho de Melo
2019-08-14 18:40 ` [PATCH 26/28] perf.data documentation: Clarify HEADER_SAMPLE_TOPOLOGY format Arnaldo Carvalho de Melo
2019-08-14 18:40 ` [PATCH 27/28] perf record: Support aarch64 random socket_id assignment Arnaldo Carvalho de Melo
2019-08-14 18:40 ` [PATCH 28/28] perf ui: No need to set ui_browser to 1 twice Arnaldo Carvalho de Melo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190814184051.3125-2-acme@kernel.org \
--to=acme@kernel.org \
--cc=acme@redhat.com \
--cc=alexander.shishkin@linux.intel.com \
--cc=jolsa@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-perf-users@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=namhyung@kernel.org \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=vincent.weaver@maine.edu \
--cc=williams@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.