* [PATCH v1 1/2] perf evsel: Ensure the fallback message is always written to
@ 2025-09-18 17:24 Ian Rogers
2025-09-18 17:24 ` [PATCH v1 2/2] perf build-id: Ensure snprintf string is empty when size is 0 Ian Rogers
2025-09-19 19:54 ` [PATCH v1 1/2] perf evsel: Ensure the fallback message is always written to Arnaldo Carvalho de Melo
0 siblings, 2 replies; 3+ messages in thread
From: Ian Rogers @ 2025-09-18 17:24 UTC (permalink / raw)
To: Peter Zijlstra, Ingo Molnar, Arnaldo Carvalho de Melo,
Namhyung Kim, Mark Rutland, Alexander Shishkin, Jiri Olsa,
Ian Rogers, Adrian Hunter, Kan Liang, James Clark, Howard Chu,
linux-perf-users, linux-kernel
The fallback message is unconditionally printed in places like
record__open. If no fallback is attempted this can lead to printing
uninitialized data, crashes, etc.
Fixes: c0a54341c0e8 ("perf evsel: Introduce event fallback method")
Signed-off-by: Ian Rogers <irogers@google.com>
---
tools/perf/util/evsel.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/tools/perf/util/evsel.c b/tools/perf/util/evsel.c
index 477cddf08c5c..814ef6f6b32a 100644
--- a/tools/perf/util/evsel.c
+++ b/tools/perf/util/evsel.c
@@ -3565,7 +3565,7 @@ bool evsel__fallback(struct evsel *evsel, struct target *target, int err,
/* If event has exclude user then don't exclude kernel. */
if (evsel->core.attr.exclude_user)
- return false;
+ goto no_fallback;
/* Is there already the separator in the name. */
if (strchr(name, '/') ||
@@ -3573,7 +3573,7 @@ bool evsel__fallback(struct evsel *evsel, struct target *target, int err,
sep = "";
if (asprintf(&new_name, "%s%su", name, sep) < 0)
- return false;
+ goto no_fallback;
free(evsel->name);
evsel->name = new_name;
@@ -3596,17 +3596,19 @@ bool evsel__fallback(struct evsel *evsel, struct target *target, int err,
sep = "";
if (asprintf(&new_name, "%s%sH", name, sep) < 0)
- return false;
+ goto no_fallback;
free(evsel->name);
evsel->name = new_name;
/* Apple M1 requires exclude_guest */
- scnprintf(msg, msgsize, "trying to fall back to excluding guest samples");
+ scnprintf(msg, msgsize, "Trying to fall back to excluding guest samples");
evsel->core.attr.exclude_guest = 1;
return true;
}
-
+no_fallback:
+ scnprintf(msg, msgsize, "No fallback found for '%s' for error %d",
+ evsel__name(evsel), err);
return false;
}
--
2.51.0.470.ga7dc726c21-goog
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH v1 2/2] perf build-id: Ensure snprintf string is empty when size is 0
2025-09-18 17:24 [PATCH v1 1/2] perf evsel: Ensure the fallback message is always written to Ian Rogers
@ 2025-09-18 17:24 ` Ian Rogers
2025-09-19 19:54 ` [PATCH v1 1/2] perf evsel: Ensure the fallback message is always written to Arnaldo Carvalho de Melo
1 sibling, 0 replies; 3+ messages in thread
From: Ian Rogers @ 2025-09-18 17:24 UTC (permalink / raw)
To: Peter Zijlstra, Ingo Molnar, Arnaldo Carvalho de Melo,
Namhyung Kim, Mark Rutland, Alexander Shishkin, Jiri Olsa,
Ian Rogers, Adrian Hunter, Kan Liang, James Clark, Howard Chu,
linux-perf-users, linux-kernel
The string result of build_id__snprintf is unconditionally used in
places like dsos__fprintf_buildid_cb. If the build id has size 0 then
this creates a use of uninitialized memory. Add null termination for
the size 0 case.
A similar fix was written by Jiri Olsa in commit 6311951d4f8f ("perf
tools: Initialize output buffer in build_id__sprintf") but lost in the
transition to snprintf.
Fixes: fccaaf6fbbc5 ("perf build-id: Change sprintf functions to snprintf")
Signed-off-by: Ian Rogers <irogers@google.com>
---
tools/perf/util/build-id.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/tools/perf/util/build-id.c b/tools/perf/util/build-id.c
index bf7f3268b9a2..35505a1ffd11 100644
--- a/tools/perf/util/build-id.c
+++ b/tools/perf/util/build-id.c
@@ -86,6 +86,13 @@ int build_id__snprintf(const struct build_id *build_id, char *bf, size_t bf_size
{
size_t offs = 0;
+ if (build_id->size == 0) {
+ /* Ensure bf is always \0 terminated. */
+ if (bf_size > 0)
+ bf[0] = '\0';
+ return 0;
+ }
+
for (size_t i = 0; i < build_id->size && offs < bf_size; ++i)
offs += snprintf(bf + offs, bf_size - offs, "%02x", build_id->data[i]);
--
2.51.0.470.ga7dc726c21-goog
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH v1 1/2] perf evsel: Ensure the fallback message is always written to
2025-09-18 17:24 [PATCH v1 1/2] perf evsel: Ensure the fallback message is always written to Ian Rogers
2025-09-18 17:24 ` [PATCH v1 2/2] perf build-id: Ensure snprintf string is empty when size is 0 Ian Rogers
@ 2025-09-19 19:54 ` Arnaldo Carvalho de Melo
1 sibling, 0 replies; 3+ messages in thread
From: Arnaldo Carvalho de Melo @ 2025-09-19 19:54 UTC (permalink / raw)
To: Ian Rogers
Cc: Peter Zijlstra, Ingo Molnar, Namhyung Kim, Mark Rutland,
Alexander Shishkin, Jiri Olsa, Adrian Hunter, Kan Liang,
James Clark, Howard Chu, linux-perf-users, linux-kernel
On Thu, Sep 18, 2025 at 10:24:15AM -0700, Ian Rogers wrote:
> The fallback message is unconditionally printed in places like
> record__open. If no fallback is attempted this can lead to printing
> uninitialized data, crashes, etc.
>
> Fixes: c0a54341c0e8 ("perf evsel: Introduce event fallback method")
> Signed-off-by: Ian Rogers <irogers@google.com>
Thanks, applied to perf-tools-next,
- Arnaldo
> ---
> tools/perf/util/evsel.c | 12 +++++++-----
> 1 file changed, 7 insertions(+), 5 deletions(-)
>
> diff --git a/tools/perf/util/evsel.c b/tools/perf/util/evsel.c
> index 477cddf08c5c..814ef6f6b32a 100644
> --- a/tools/perf/util/evsel.c
> +++ b/tools/perf/util/evsel.c
> @@ -3565,7 +3565,7 @@ bool evsel__fallback(struct evsel *evsel, struct target *target, int err,
>
> /* If event has exclude user then don't exclude kernel. */
> if (evsel->core.attr.exclude_user)
> - return false;
> + goto no_fallback;
>
> /* Is there already the separator in the name. */
> if (strchr(name, '/') ||
> @@ -3573,7 +3573,7 @@ bool evsel__fallback(struct evsel *evsel, struct target *target, int err,
> sep = "";
>
> if (asprintf(&new_name, "%s%su", name, sep) < 0)
> - return false;
> + goto no_fallback;
>
> free(evsel->name);
> evsel->name = new_name;
> @@ -3596,17 +3596,19 @@ bool evsel__fallback(struct evsel *evsel, struct target *target, int err,
> sep = "";
>
> if (asprintf(&new_name, "%s%sH", name, sep) < 0)
> - return false;
> + goto no_fallback;
>
> free(evsel->name);
> evsel->name = new_name;
> /* Apple M1 requires exclude_guest */
> - scnprintf(msg, msgsize, "trying to fall back to excluding guest samples");
> + scnprintf(msg, msgsize, "Trying to fall back to excluding guest samples");
> evsel->core.attr.exclude_guest = 1;
>
> return true;
> }
> -
> +no_fallback:
> + scnprintf(msg, msgsize, "No fallback found for '%s' for error %d",
> + evsel__name(evsel), err);
> return false;
> }
>
> --
> 2.51.0.470.ga7dc726c21-goog
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-09-19 19:54 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-09-18 17:24 [PATCH v1 1/2] perf evsel: Ensure the fallback message is always written to Ian Rogers
2025-09-18 17:24 ` [PATCH v1 2/2] perf build-id: Ensure snprintf string is empty when size is 0 Ian Rogers
2025-09-19 19:54 ` [PATCH v1 1/2] perf evsel: Ensure the fallback message is always written to Arnaldo Carvalho de Melo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).