From: tip-bot for Adrian Hunter <tipbot@zytor.com>
To: linux-tip-commits@vger.kernel.org
Cc: acme@redhat.com, linux-kernel@vger.kernel.org,
eranian@google.com, paulus@samba.org, hpa@zytor.com,
mingo@kernel.org, peterz@infradead.org, efault@gmx.de,
namhyung@gmail.com, jolsa@redhat.com, fweisbec@gmail.com,
adrian.hunter@intel.com, dsahern@gmail.com, tglx@linutronix.de
Subject: [tip:perf/core] perf tools: Validate perf event header size
Date: Fri, 19 Jul 2013 00:50:03 -0700 [thread overview]
Message-ID: <tip-27389d7823f573be8eaff32fb4abe564e181eb71@git.kernel.org> (raw)
In-Reply-To: <1372944040-32690-9-git-send-email-adrian.hunter@intel.com>
Commit-ID: 27389d7823f573be8eaff32fb4abe564e181eb71
Gitweb: http://git.kernel.org/tip/27389d7823f573be8eaff32fb4abe564e181eb71
Author: Adrian Hunter <adrian.hunter@intel.com>
AuthorDate: Thu, 4 Jul 2013 16:20:27 +0300
Committer: Arnaldo Carvalho de Melo <acme@redhat.com>
CommitDate: Fri, 12 Jul 2013 13:53:48 -0300
perf tools: Validate perf event header size
The 'size' variable includes the header so must be at least
'sizeof(struct perf_event_header)'. Error out immediately if that is
not the case. Also don't byte-swap the header until it is actually
"fetched" from the mmap region.
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Namhyung Kim <namhyung@gmail.com>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Link: http://lkml.kernel.org/r/1372944040-32690-9-git-send-email-adrian.hunter@intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
---
tools/perf/util/session.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/tools/perf/util/session.c b/tools/perf/util/session.c
index 6b71b88..951a1cf 100644
--- a/tools/perf/util/session.c
+++ b/tools/perf/util/session.c
@@ -1094,8 +1094,10 @@ more:
perf_event_header__bswap(&event->header);
size = event->header.size;
- if (size == 0)
- size = 8;
+ if (size < sizeof(struct perf_event_header)) {
+ pr_err("bad event header size\n");
+ goto out_err;
+ }
if (size > cur_size) {
void *new = realloc(buf, size);
@@ -1164,8 +1166,12 @@ fetch_mmaped_event(struct perf_session *session,
if (session->header.needs_swap)
perf_event_header__bswap(&event->header);
- if (head + event->header.size > mmap_size)
+ if (head + event->header.size > mmap_size) {
+ /* We're not fetching the event so swap back again */
+ if (session->header.needs_swap)
+ perf_event_header__bswap(&event->header);
return NULL;
+ }
return event;
}
@@ -1245,7 +1251,7 @@ more:
size = event->header.size;
- if (size == 0 ||
+ if (size < sizeof(struct perf_event_header) ||
perf_session__process_event(session, event, tool, file_pos) < 0) {
pr_err("%#" PRIx64 " [%#x]: failed to process type: %d\n",
file_offset + head, event->header.size,
next prev parent reply other threads:[~2013-07-19 7:50 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-04 13:20 [PATCH V4 00/15] perf tools: some fixes and tweaks Adrian Hunter
2013-07-04 13:20 ` [PATCH V4 01/21] perf tools: remove unused parameter Adrian Hunter
2013-07-19 7:49 ` [tip:perf/core] perf inject: Remove " tip-bot for Adrian Hunter
2013-07-04 13:20 ` [PATCH V4 02/21] perf tools: fix missing tool parameter Adrian Hunter
2013-07-19 7:49 ` [tip:perf/core] perf tools: Fix " tip-bot for Adrian Hunter
2013-07-04 13:20 ` [PATCH V4 03/21] perf tools: fix missing 'finished_round' Adrian Hunter
2013-07-19 7:49 ` [tip:perf/core] perf inject: Add " tip-bot for Adrian Hunter
2013-07-04 13:20 ` [PATCH V4 04/21] perf tools: fix parse_events_terms() segfault on error path Adrian Hunter
2013-07-12 8:51 ` [tip:perf/urgent] perf tools: Fix " tip-bot for Adrian Hunter
2013-07-04 13:20 ` [PATCH V4 05/21] perf tools: fix new_term() missing free " Adrian Hunter
2013-07-12 8:51 ` [tip:perf/urgent] perf tools: Fix " tip-bot for Adrian Hunter
2013-07-04 13:20 ` [PATCH V4 06/21] perf tools: add const specifier to perf_pmu__find name parameter Adrian Hunter
2013-07-19 7:49 ` [tip:perf/core] perf tools: Add " tip-bot for Adrian Hunter
2013-07-04 13:20 ` [PATCH V4 07/21] perf tools: tidy duplicated munmap code Adrian Hunter
2013-07-19 7:49 ` [tip:perf/core] perf evlist: Tidy " tip-bot for Adrian Hunter
2013-07-04 13:20 ` [PATCH V4 08/21] perf tools: validate perf event header size Adrian Hunter
2013-07-19 7:50 ` tip-bot for Adrian Hunter [this message]
2013-07-04 13:20 ` [PATCH V4 09/21] perf tools: add debug prints Adrian Hunter
2013-07-05 16:59 ` Arnaldo Carvalho de Melo
2013-07-04 13:20 ` [PATCH V4 10/21] perf tools: fix symbol_conf.nr_events Adrian Hunter
2013-07-12 8:51 ` [tip:perf/urgent] perf tools: Update symbol_conf.nr_events when processing attribute events tip-bot for Adrian Hunter
2013-07-04 13:20 ` [PATCH V4 11/21] perf tools: allow non-matching sample types Adrian Hunter
2013-07-04 13:20 ` [PATCH V4 12/21] perf tools: struct thread has a tid not a pid Adrian Hunter
2013-07-19 7:50 ` [tip:perf/core] " tip-bot for Adrian Hunter
2013-07-04 13:20 ` [PATCH V4 13/21] perf tools: add pid to struct thread Adrian Hunter
2013-07-04 13:20 ` [PATCH V4 14/21] perf tools: change "machine" functions to set thread pid Adrian Hunter
2013-07-06 15:58 ` David Ahern
2013-07-04 13:20 ` [PATCH V4 15/21] perf tools: fix missing increment in sample parsing Adrian Hunter
2013-07-05 17:08 ` Arnaldo Carvalho de Melo
2013-07-12 8:51 ` [tip:perf/urgent] perf evsel: Fix " tip-bot for Adrian Hunter
2013-07-04 13:20 ` [PATCH V4 16/21] perf tools: tidy up sample parsing overflow checking Adrian Hunter
2013-07-04 13:20 ` [PATCH V4 17/21] perf tools: remove unnecessary callchain validation Adrian Hunter
2013-07-04 13:20 ` [PATCH V4 18/21] perf tools: remove references to struct ip_event Adrian Hunter
2013-07-04 13:20 ` [PATCH V4 19/21] perf tools: move " Adrian Hunter
2013-07-04 13:20 ` [PATCH V4 20/21] perf: make events stream always parsable Adrian Hunter
2013-07-05 13:24 ` Namhyung Kim
2013-07-11 13:26 ` Adrian Hunter
2013-07-04 13:20 ` [PATCH V4 21/21] perf tools: add support for PERF_SAMPLE_IDENTFIER Adrian Hunter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=tip-27389d7823f573be8eaff32fb4abe564e181eb71@git.kernel.org \
--to=tipbot@zytor.com \
--cc=acme@redhat.com \
--cc=adrian.hunter@intel.com \
--cc=dsahern@gmail.com \
--cc=efault@gmx.de \
--cc=eranian@google.com \
--cc=fweisbec@gmail.com \
--cc=hpa@zytor.com \
--cc=jolsa@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-tip-commits@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=namhyung@gmail.com \
--cc=paulus@samba.org \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.