From: tip-bot for Adrian Hunter <tipbot@zytor.com>
To: linux-tip-commits@vger.kernel.org
Cc: jolsa@redhat.com, namhyung@gmail.com,
linux-kernel@vger.kernel.org, mingo@kernel.org, hpa@zytor.com,
tglx@linutronix.de, acme@redhat.com, adrian.hunter@intel.com
Subject: [tip:perf/core] perf session: Fix perf_session__peek_event()
Date: Wed, 27 May 2015 09:46:51 -0700 [thread overview]
Message-ID: <tip-554e92ed8fcdbcad736ef906c393847d44d52692@git.kernel.org> (raw)
In-Reply-To: <1432040746-1755-5-git-send-email-adrian.hunter@intel.com>
Commit-ID: 554e92ed8fcdbcad736ef906c393847d44d52692
Gitweb: http://git.kernel.org/tip/554e92ed8fcdbcad736ef906c393847d44d52692
Author: Adrian Hunter <adrian.hunter@intel.com>
AuthorDate: Tue, 19 May 2015 16:05:45 +0300
Committer: Arnaldo Carvalho de Melo <acme@redhat.com>
CommitDate: Wed, 27 May 2015 12:21:43 -0300
perf session: Fix perf_session__peek_event()
perf_session__peek_event() generally leverages there being a single mmap
of the perf.data file, however on 32-bit platforms when there is more
that 32MiB of data, then there are multiple mmaps, so
perf_session__peek_event() reads from the file.
In that case a couple of bugs were exposed (note how the seg. fault
appears with >32M of data):
$ perf record --per-thread -e intel_bts// ../rtit-tests/loopy 1000000
[ perf record: Woken up 13 times to write data ]
[ perf record: Captured and wrote 24.568 MB perf.data ]
$ perf script > /dev/null
$ perf record --per-thread -e intel_bts// ../rtit-tests/loopy 10000000
[ perf record: Woken up 136 times to write data ]
[ perf record: Captured and wrote 270.794 MB perf.data ]
$ perf script > /dev/null
Segmentation fault (core dumped)
The wrong address was being passed to the readn() function and the
buffer size was not being checked.
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Namhyung Kim <namhyung@gmail.com>
Link: http://lkml.kernel.org/r/1432040746-1755-5-git-send-email-adrian.hunter@intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
---
tools/perf/util/session.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/tools/perf/util/session.c b/tools/perf/util/session.c
index e722107..39fe09d 100644
--- a/tools/perf/util/session.c
+++ b/tools/perf/util/session.c
@@ -1182,7 +1182,7 @@ int perf_session__peek_event(struct perf_session *session, off_t file_offset,
return -1;
if (lseek(fd, file_offset, SEEK_SET) == (off_t)-1 ||
- readn(fd, &buf, hdr_sz) != (ssize_t)hdr_sz)
+ readn(fd, buf, hdr_sz) != (ssize_t)hdr_sz)
return -1;
event = (union perf_event *)buf;
@@ -1190,12 +1190,12 @@ int perf_session__peek_event(struct perf_session *session, off_t file_offset,
if (session->header.needs_swap)
perf_event_header__bswap(&event->header);
- if (event->header.size < hdr_sz)
+ if (event->header.size < hdr_sz || event->header.size > buf_sz)
return -1;
rest = event->header.size - hdr_sz;
- if (readn(fd, &buf, rest) != (ssize_t)rest)
+ if (readn(fd, buf, rest) != (ssize_t)rest)
return -1;
if (session->header.needs_swap)
next prev parent reply other threads:[~2015-05-27 16:47 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-19 13:05 [PATCH 0/5] perf tools: Some fixes Adrian Hunter
2015-05-19 13:05 ` [PATCH 1/5] perf tools: Fix function declarations needed by parse-events.y Adrian Hunter
2015-05-27 16:45 ` [tip:perf/core] " tip-bot for Adrian Hunter
2015-05-19 13:05 ` [PATCH 2/5] perf build: Fix libunwind feature detection on 32-bit x86 Adrian Hunter
2015-05-27 16:46 ` [tip:perf/core] " tip-bot for Adrian Hunter
2015-05-19 13:05 ` [PATCH 3/5] perf tools: Fix parse_events_error dereferences Adrian Hunter
2015-05-27 16:46 ` [tip:perf/core] " tip-bot for Adrian Hunter
2015-05-19 13:05 ` [PATCH 4/5] perf session: Fix perf_session__peek_event() Adrian Hunter
2015-05-27 16:46 ` tip-bot for Adrian Hunter [this message]
2015-05-19 13:05 ` [PATCH 5/5] perf tools: Fix data_read_offset() file opening Adrian Hunter
2015-05-19 14:48 ` Namhyung Kim
2015-05-19 19:58 ` Adrian Hunter
2015-05-20 0:44 ` Namhyung Kim
2015-05-20 0:55 ` Arnaldo Carvalho de Melo
2015-05-19 14:00 ` [PATCH 0/5] perf tools: Some fixes Arnaldo Carvalho de Melo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=tip-554e92ed8fcdbcad736ef906c393847d44d52692@git.kernel.org \
--to=tipbot@zytor.com \
--cc=acme@redhat.com \
--cc=adrian.hunter@intel.com \
--cc=hpa@zytor.com \
--cc=jolsa@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-tip-commits@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=namhyung@gmail.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.