[tip:perf/core] perf ordered_events: Prevent crossing max_alloc_size

All of lore.kernel.org
 help / color / mirror / Atom feed

From: tip-bot for Jiri Olsa <tipbot@zytor.com>
To: linux-tip-commits@vger.kernel.org
Cc: tglx@linutronix.de, alexander.shishkin@linux.intel.com,
	dsahern@gmail.com, eranian@google.com, acme@redhat.com,
	mingo@kernel.org, andi@firstfloor.org, namhyung@kernel.org,
	jolsa@kernel.org, linux-kernel@vger.kernel.org,
	peterz@infradead.org, hpa@zytor.com
Subject: [tip:perf/core] perf ordered_events: Prevent crossing max_alloc_size
Date: Tue, 25 Sep 2018 02:29:34 -0700	[thread overview]
Message-ID: <tip-53da12e013498c4eca592939bb18a5dbd1d228c9@git.kernel.org> (raw)
In-Reply-To: <20180907102455.7030-2-jolsa@kernel.org>

Commit-ID:  53da12e013498c4eca592939bb18a5dbd1d228c9
Gitweb:     https://git.kernel.org/tip/53da12e013498c4eca592939bb18a5dbd1d228c9
Author:     Jiri Olsa <jolsa@kernel.org>
AuthorDate: Fri, 7 Sep 2018 12:24:55 +0200
Committer:  Arnaldo Carvalho de Melo <acme@redhat.com>
CommitDate: Wed, 19 Sep 2018 10:25:08 -0300

perf ordered_events: Prevent crossing max_alloc_size

Stephane reported a possible issue in the ordered events code, which
could lead to allocating more memory than guarded by max_alloc_size.

He also suggested the fix to properly check that the new size is below
the max_alloc_size limit.

Reported-by: Stephane Eranian <eranian@google.com>
Suggested-by: Stephane Eranian <eranian@google.com>
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Andi Kleen <andi@firstfloor.org>
Cc: David Ahern <dsahern@gmail.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: http://lkml.kernel.org/r/20180907102455.7030-2-jolsa@kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
---
 tools/perf/util/ordered-events.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tools/perf/util/ordered-events.c b/tools/perf/util/ordered-events.c
index 84ce25272c13..1904e7f6ec84 100644
--- a/tools/perf/util/ordered-events.c
+++ b/tools/perf/util/ordered-events.c
@@ -101,6 +101,7 @@ static struct ordered_event *alloc_event(struct ordered_events *oe,
 	struct list_head *cache = &oe->cache;
 	struct ordered_event *new = NULL;
 	union perf_event *new_event;
+	size_t size;
 
 	new_event = dup_event(oe, event);
 	if (!new_event)
@@ -133,6 +134,8 @@ static struct ordered_event *alloc_event(struct ordered_events *oe,
 	 * Removal of ordered event object moves it from events to
 	 * the cache list.
 	 */
+	size = sizeof(*oe->buffer) + MAX_SAMPLE_BUFFER * sizeof(*new);
+
 	if (!list_empty(cache)) {
 		new = list_entry(cache->next, struct ordered_event, list);
 		list_del(&new->list);
@@ -140,10 +143,7 @@ static struct ordered_event *alloc_event(struct ordered_events *oe,
 		new = &oe->buffer->event[oe->buffer_idx];
 		if (++oe->buffer_idx == MAX_SAMPLE_BUFFER)
 			oe->buffer = NULL;
-	} else if (oe->cur_alloc_size < oe->max_alloc_size) {
-		size_t size = sizeof(*oe->buffer) +
-			      MAX_SAMPLE_BUFFER * sizeof(*new);
-
+	} else if ((oe->cur_alloc_size + size) < oe->max_alloc_size) {
 		oe->buffer = malloc(size);
 		if (!oe->buffer) {
 			free_dup_event(oe, new_event);

next prev parent reply	other threads:[~2018-09-25  9:30 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-09-07 10:24 [PATCH 1/2] perf tools: Add struct ordered_events_buffer layer Jiri Olsa
2018-09-07 10:24 ` [PATCH 2/2] perf tools: Prevent crossing ordered events max_alloc_size Jiri Olsa
2018-09-25  9:29   ` tip-bot for Jiri Olsa [this message]
2018-09-25  9:29 ` [tip:perf/core] perf ordered_events: Add 'struct ordered_events_buffer' layer tip-bot for Jiri Olsa

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:84ce25272c1 dfblob:1904e7f6ec8 )
 OR (
bs:"[tip:perf/core] perf ordered_events: Prevent crossing max_alloc_size" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=tip-53da12e013498c4eca592939bb18a5dbd1d228c9@git.kernel.org \
    --to=tipbot@zytor.com \
    --cc=acme@redhat.com \
    --cc=alexander.shishkin@linux.intel.com \
    --cc=andi@firstfloor.org \
    --cc=dsahern@gmail.com \
    --cc=eranian@google.com \
    --cc=hpa@zytor.com \
    --cc=jolsa@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-tip-commits@vger.kernel.org \
    --cc=mingo@kernel.org \
    --cc=namhyung@kernel.org \
    --cc=peterz@infradead.org \
    --cc=tglx@linutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.