* [PATCH v1 1/2] perf evsel: Ensure the fallback message is always written to
@ 2025-09-18 17:24 Ian Rogers
2025-09-18 17:24 ` [PATCH v1 2/2] perf build-id: Ensure snprintf string is empty when size is 0 Ian Rogers
2025-09-19 19:54 ` [PATCH v1 1/2] perf evsel: Ensure the fallback message is always written to Arnaldo Carvalho de Melo
0 siblings, 2 replies; 3+ messages in thread
From: Ian Rogers @ 2025-09-18 17:24 UTC (permalink / raw)
To: Peter Zijlstra, Ingo Molnar, Arnaldo Carvalho de Melo,
Namhyung Kim, Mark Rutland, Alexander Shishkin, Jiri Olsa,
Ian Rogers, Adrian Hunter, Kan Liang, James Clark, Howard Chu,
linux-perf-users, linux-kernel
The fallback message is unconditionally printed in places like
record__open. If no fallback is attempted this can lead to printing
uninitialized data, crashes, etc.
Fixes: c0a54341c0e8 ("perf evsel: Introduce event fallback method")
Signed-off-by: Ian Rogers <irogers@google.com>
---
tools/perf/util/evsel.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/tools/perf/util/evsel.c b/tools/perf/util/evsel.c
index 477cddf08c5c..814ef6f6b32a 100644
--- a/tools/perf/util/evsel.c
+++ b/tools/perf/util/evsel.c
@@ -3565,7 +3565,7 @@ bool evsel__fallback(struct evsel *evsel, struct target *target, int err,
/* If event has exclude user then don't exclude kernel. */
if (evsel->core.attr.exclude_user)
- return false;
+ goto no_fallback;
/* Is there already the separator in the name. */
if (strchr(name, '/') ||
@@ -3573,7 +3573,7 @@ bool evsel__fallback(struct evsel *evsel, struct target *target, int err,
sep = "";
if (asprintf(&new_name, "%s%su", name, sep) < 0)
- return false;
+ goto no_fallback;
free(evsel->name);
evsel->name = new_name;
@@ -3596,17 +3596,19 @@ bool evsel__fallback(struct evsel *evsel, struct target *target, int err,
sep = "";
if (asprintf(&new_name, "%s%sH", name, sep) < 0)
- return false;
+ goto no_fallback;
free(evsel->name);
evsel->name = new_name;
/* Apple M1 requires exclude_guest */
- scnprintf(msg, msgsize, "trying to fall back to excluding guest samples");
+ scnprintf(msg, msgsize, "Trying to fall back to excluding guest samples");
evsel->core.attr.exclude_guest = 1;
return true;
}
-
+no_fallback:
+ scnprintf(msg, msgsize, "No fallback found for '%s' for error %d",
+ evsel__name(evsel), err);
return false;
}
--
2.51.0.470.ga7dc726c21-goog
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH v1 2/2] perf build-id: Ensure snprintf string is empty when size is 0
2025-09-18 17:24 [PATCH v1 1/2] perf evsel: Ensure the fallback message is always written to Ian Rogers
@ 2025-09-18 17:24 ` Ian Rogers
2025-09-19 19:54 ` [PATCH v1 1/2] perf evsel: Ensure the fallback message is always written to Arnaldo Carvalho de Melo
1 sibling, 0 replies; 3+ messages in thread
From: Ian Rogers @ 2025-09-18 17:24 UTC (permalink / raw)
To: Peter Zijlstra, Ingo Molnar, Arnaldo Carvalho de Melo,
Namhyung Kim, Mark Rutland, Alexander Shishkin, Jiri Olsa,
Ian Rogers, Adrian Hunter, Kan Liang, James Clark, Howard Chu,
linux-perf-users, linux-kernel
The string result of build_id__snprintf is unconditionally used in
places like dsos__fprintf_buildid_cb. If the build id has size 0 then
this creates a use of uninitialized memory. Add null termination for
the size 0 case.
A similar fix was written by Jiri Olsa in commit 6311951d4f8f ("perf
tools: Initialize output buffer in build_id__sprintf") but lost in the
transition to snprintf.
Fixes: fccaaf6fbbc5 ("perf build-id: Change sprintf functions to snprintf")
Signed-off-by: Ian Rogers <irogers@google.com>
---
tools/perf/util/build-id.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/tools/perf/util/build-id.c b/tools/perf/util/build-id.c
index bf7f3268b9a2..35505a1ffd11 100644
--- a/tools/perf/util/build-id.c
+++ b/tools/perf/util/build-id.c
@@ -86,6 +86,13 @@ int build_id__snprintf(const struct build_id *build_id, char *bf, size_t bf_size
{
size_t offs = 0;
+ if (build_id->size == 0) {
+ /* Ensure bf is always \0 terminated. */
+ if (bf_size > 0)
+ bf[0] = '\0';
+ return 0;
+ }
+
for (size_t i = 0; i < build_id->size && offs < bf_size; ++i)
offs += snprintf(bf + offs, bf_size - offs, "%02x", build_id->data[i]);
--
2.51.0.470.ga7dc726c21-goog
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH v1 1/2] perf evsel: Ensure the fallback message is always written to
2025-09-18 17:24 [PATCH v1 1/2] perf evsel: Ensure the fallback message is always written to Ian Rogers
2025-09-18 17:24 ` [PATCH v1 2/2] perf build-id: Ensure snprintf string is empty when size is 0 Ian Rogers
@ 2025-09-19 19:54 ` Arnaldo Carvalho de Melo
1 sibling, 0 replies; 3+ messages in thread
From: Arnaldo Carvalho de Melo @ 2025-09-19 19:54 UTC (permalink / raw)
To: Ian Rogers
Cc: Peter Zijlstra, Ingo Molnar, Namhyung Kim, Mark Rutland,
Alexander Shishkin, Jiri Olsa, Adrian Hunter, Kan Liang,
James Clark, Howard Chu, linux-perf-users, linux-kernel
On Thu, Sep 18, 2025 at 10:24:15AM -0700, Ian Rogers wrote:
> The fallback message is unconditionally printed in places like
> record__open. If no fallback is attempted this can lead to printing
> uninitialized data, crashes, etc.
>
> Fixes: c0a54341c0e8 ("perf evsel: Introduce event fallback method")
> Signed-off-by: Ian Rogers <irogers@google.com>
Thanks, applied to perf-tools-next,
- Arnaldo
> ---
> tools/perf/util/evsel.c | 12 +++++++-----
> 1 file changed, 7 insertions(+), 5 deletions(-)
>
> diff --git a/tools/perf/util/evsel.c b/tools/perf/util/evsel.c
> index 477cddf08c5c..814ef6f6b32a 100644
> --- a/tools/perf/util/evsel.c
> +++ b/tools/perf/util/evsel.c
> @@ -3565,7 +3565,7 @@ bool evsel__fallback(struct evsel *evsel, struct target *target, int err,
>
> /* If event has exclude user then don't exclude kernel. */
> if (evsel->core.attr.exclude_user)
> - return false;
> + goto no_fallback;
>
> /* Is there already the separator in the name. */
> if (strchr(name, '/') ||
> @@ -3573,7 +3573,7 @@ bool evsel__fallback(struct evsel *evsel, struct target *target, int err,
> sep = "";
>
> if (asprintf(&new_name, "%s%su", name, sep) < 0)
> - return false;
> + goto no_fallback;
>
> free(evsel->name);
> evsel->name = new_name;
> @@ -3596,17 +3596,19 @@ bool evsel__fallback(struct evsel *evsel, struct target *target, int err,
> sep = "";
>
> if (asprintf(&new_name, "%s%sH", name, sep) < 0)
> - return false;
> + goto no_fallback;
>
> free(evsel->name);
> evsel->name = new_name;
> /* Apple M1 requires exclude_guest */
> - scnprintf(msg, msgsize, "trying to fall back to excluding guest samples");
> + scnprintf(msg, msgsize, "Trying to fall back to excluding guest samples");
> evsel->core.attr.exclude_guest = 1;
>
> return true;
> }
> -
> +no_fallback:
> + scnprintf(msg, msgsize, "No fallback found for '%s' for error %d",
> + evsel__name(evsel), err);
> return false;
> }
>
> --
> 2.51.0.470.ga7dc726c21-goog
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-09-19 19:54 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-09-18 17:24 [PATCH v1 1/2] perf evsel: Ensure the fallback message is always written to Ian Rogers
2025-09-18 17:24 ` [PATCH v1 2/2] perf build-id: Ensure snprintf string is empty when size is 0 Ian Rogers
2025-09-19 19:54 ` [PATCH v1 1/2] perf evsel: Ensure the fallback message is always written to Arnaldo Carvalho de Melo
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.