From: sashiko-bot@kernel.org
To: "Ian Rogers" <irogers@google.com>
Cc: linux-perf-users@vger.kernel.org
Subject: Re: [PATCH v3 10/14] perf test: Skip shebang and SPDX comments in shell test descriptions
Date: Sun, 31 May 2026 06:52:24 +0000 [thread overview]
Message-ID: <20260531065224.EF6F21F00893@smtp.kernel.org> (raw)
In-Reply-To: <20260531063736.871777-11-irogers@google.com>
Thank you for your contribution! Sashiko AI review found 3 potential issue(s) to consider:
Pre-existing issues:
- [High] Uninitialized stack memory access due to `readlink()` not null-terminating its output string.
- [High] Stack buffer overflow when constructing the script filename due to an unchecked `readlink()` return value.
- [High] `io__get_char()` implicitly sign-extends non-ASCII characters, causing premature EOF on architectures with signed chars.
--
commit 37c9e7577c4c35ff9a02375d4ed22021ca8bd62d
Author: Ian Rogers <irogers@google.com>
perf test: Skip shebang and SPDX comments in shell test descriptions
When extracting shell test descriptions in tests-scripts.c, the parser
skipped the first line assuming it was the shebang (#!/bin/sh) and then read
the first comment line on line 2 as the test description.
However, checkpatch.pl expects shell scripts to declare their SPDX license
identifier on line 2 (# SPDX-License-Identifier: ...). This caused the test
harness to extract the SPDX license string as the test description.
Refactor shell_test__description to use io__getline, skipping both shebang
and SPDX comment lines. This allows shell tests to include standard SPDX
headers without breaking test suite description extraction.
> diff --git a/tools/perf/tests/tests-scripts.c b/tools/perf/tests/tests-scripts.c
> index f18c4cd337c8f..11ad1263ef85c 100644
> --- a/tools/perf/tests/tests-scripts.c
> +++ b/tools/perf/tests/tests-scripts.c
> @@ -51,7 +51,7 @@ static int shell_tests__dir_fd(void)
> return -1;
> /* Follow another level of symlink if there */
> if (lstat(path2, &st) == 0 && (st.st_mode & S_IFMT) == S_IFLNK) {
> - scnprintf(path, sizeof(path), path2);
> + scnprintf(path, sizeof(path), "%s", path2);
[Severity: High]
This isn't a bug introduced by this patch, but does this code read
uninitialized stack memory?
Looking at the preceding readlink() call:
if (readlink("/proc/self/exe", path2, sizeof path2) < 0)
return -1;
Since readlink() populates path2 but does not append a null terminator, path2
remains an uninitialized stack array. When lstat() and scnprintf() expect a
null-terminated string, won't this cause reads past the valid resolved path
until a random null byte is found?
[ ... ]
> @@ -78,43 +78,49 @@ static int shell_tests__dir_fd(void)
> static char *shell_test__description(int dir_fd, const char *name)
> {
> struct io io;
> - char buf[128], desc[256];
> - int ch, pos = 0;
> + char buf[128], *line = NULL;
> + size_t line_len = 0;
> + ssize_t len;
> + char *desc = NULL;
>
> io__init(&io, openat(dir_fd, name, O_RDONLY), buf, sizeof(buf));
> if (io.fd < 0)
> return NULL;
>
> - /* Skip first line - should be #!/bin/bash Shebang */
> - if (io__get_char(&io) != '#')
> - goto err_out;
[ ... ]
> + while ((len = io__getline(&io, &line, &line_len)) > 0) {
[Severity: High]
This isn't a bug introduced by this patch, but does io__get_char() implicitly
sign-extend non-ASCII characters?
io__getline() uses io__get_char() under the hood:
tools/lib/api/io.h:io__get_char() {
...
if (io->data == io->end) {
int ret = io__fill_buffer(io);
if (ret)
return ret;
}
return *io->data++;
}
Since io__get_char() returns *io->data++ directly as an int, on architectures
where char is signed (like x86), wouldn't characters >= 0x80 (such as UTF-8
multibyte sequences) be sign-extended into negative integers?
Callers (such as io__getdelim()) use if (ch < 0) to check for EOF or errors.
Could any non-ASCII character in the parsed text incorrectly trigger an EOF
condition and truncate the read operation?
[ ... ]
While reviewing this file, I noticed another pre-existing issue in
append_script() in tools/perf/tests/tests-scripts.c:
tools/perf/tests/tests-scripts.c:append_script() {
...
len = readlink(link, filename, sizeof(filename));
if (len < 0) {
pr_err("Failed to readlink %s", link);
return;
}
filename[len++] = '/';
strcpy(&filename[len], name);
...
}
[Severity: High]
This is a pre-existing issue, but is there a risk of a stack buffer overflow
when constructing the script filename here?
readlink() returns the number of bytes written to filename. If the resolved
path length is exactly PATH_MAX, len will equal sizeof(filename). Wouldn't
filename[len++] = '/' then write a byte past the end of the filename array on
the stack, with strcpy() continuing to write out-of-bounds?
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260531063736.871777-1-irogers@google.com?part=10
next prev parent reply other threads:[~2026-05-31 6:52 UTC|newest]
Thread overview: 136+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-13 23:04 [PATCH v1 00/14] perf test: Harness improvements Ian Rogers
2026-05-13 23:04 ` [PATCH v1 01/14] perf jevents.py: Make generated C code more kernel style Ian Rogers
2026-05-13 23:04 ` [PATCH v1 02/14] perf pmu-events: Add API to get metric table name and iterate tables Ian Rogers
2026-05-14 11:42 ` sashiko-bot
2026-05-13 23:04 ` [PATCH v1 03/14] perf test: Drain pipe after child finishes to avoid losing output Ian Rogers
2026-05-13 23:04 ` [PATCH v1 04/14] perf test: Support dynamic test suites with setup callback and private data Ian Rogers
2026-05-14 12:10 ` sashiko-bot
2026-05-13 23:04 ` [PATCH v1 05/14] perf test pmu-events: A sub-test per metric table Ian Rogers
2026-05-13 23:04 ` [PATCH v1 06/14] perf test: Refactor parallel poll loop to drain all pipes simultaneously Ian Rogers
2026-05-14 14:27 ` sashiko-bot
2026-05-13 23:04 ` [PATCH v1 07/14] perf test: Show snippet failure output for verbose=1 Ian Rogers
2026-05-14 15:50 ` sashiko-bot
2026-05-13 23:04 ` [PATCH v1 08/14] perf test: Add summary reporting Ian Rogers
2026-05-14 16:10 ` sashiko-bot
2026-05-13 23:04 ` [PATCH v1 09/14] perf test: Fix subtest status alignment for multi-digit indexes Ian Rogers
2026-05-13 23:04 ` [PATCH v1 10/14] perf test: Skip shebang and SPDX comments in shell test descriptions Ian Rogers
2026-05-13 23:04 ` [PATCH v1 11/14] perf test: Split monolithic 'util' test suite into sub-tests Ian Rogers
2026-05-13 23:04 ` [PATCH v1 12/14] perf test: Add -j/--junit option for JUnit XML test reports Ian Rogers
2026-05-14 17:48 ` sashiko-bot
2026-05-13 23:04 ` [PATCH v1 13/14] perf test: Add shell test to validate JUnit XML reporting output Ian Rogers
2026-05-13 23:04 ` [PATCH v1 14/14] perf test: Remove /usr/bin/cc dependency from Intel PT shell test Ian Rogers
2026-05-14 18:28 ` sashiko-bot
2026-05-31 5:27 ` [PATCH v2 00/14] perf test: Accelerate parallel test harness and add JUnit XML reporting Ian Rogers
2026-05-31 5:27 ` [PATCH v2 01/14] perf jevents.py: Make generated C code more kernel style Ian Rogers
2026-05-31 5:36 ` sashiko-bot
2026-05-31 5:27 ` [PATCH v2 02/14] perf pmu-events: Add API to get metric table name and iterate tables Ian Rogers
2026-05-31 5:36 ` sashiko-bot
2026-05-31 5:27 ` [PATCH v2 03/14] perf test: Drain pipe after child finishes to avoid losing output Ian Rogers
2026-05-31 5:37 ` sashiko-bot
2026-05-31 5:27 ` [PATCH v2 04/14] perf test: Support dynamic test suites with setup callback and private data Ian Rogers
2026-05-31 5:27 ` [PATCH v2 05/14] perf test pmu-events: A sub-test per metric table Ian Rogers
2026-05-31 5:27 ` [PATCH v2 06/14] perf test: Refactor parallel poll loop to drain all pipes simultaneously Ian Rogers
2026-05-31 5:39 ` sashiko-bot
2026-05-31 5:27 ` [PATCH v2 07/14] perf test: Show snippet failure output for verbose=1 Ian Rogers
2026-05-31 5:37 ` sashiko-bot
2026-05-31 5:27 ` [PATCH v2 08/14] perf test: Add summary reporting Ian Rogers
2026-05-31 5:38 ` sashiko-bot
2026-05-31 5:27 ` [PATCH v2 09/14] perf test: Fix subtest status alignment for multi-digit indexes Ian Rogers
2026-05-31 5:27 ` [PATCH v2 10/14] perf test: Skip shebang and SPDX comments in shell test descriptions Ian Rogers
2026-05-31 5:46 ` sashiko-bot
2026-05-31 5:27 ` [PATCH v2 11/14] perf test: Split monolithic 'util' test suite into sub-tests Ian Rogers
2026-05-31 5:48 ` sashiko-bot
2026-05-31 5:27 ` [PATCH v2 12/14] perf test: Add -j/--junit option for JUnit XML test reports Ian Rogers
2026-05-31 5:43 ` sashiko-bot
2026-05-31 5:27 ` [PATCH v2 13/14] perf test: Add shell test to validate JUnit XML reporting output Ian Rogers
2026-05-31 5:27 ` [PATCH v2 14/14] perf test: Remove /usr/bin/cc dependency from Intel PT shell test Ian Rogers
2026-05-31 5:47 ` sashiko-bot
2026-05-31 6:37 ` [PATCH v3 00/14] perf test: Accelerate parallel test harness and add JUnit XML reporting Ian Rogers
2026-05-31 6:37 ` [PATCH v3 01/14] perf jevents.py: Make generated C code more kernel style Ian Rogers
2026-05-31 6:46 ` sashiko-bot
2026-05-31 6:37 ` [PATCH v3 02/14] perf pmu-events: Add API to get metric table name and iterate tables Ian Rogers
2026-05-31 6:37 ` [PATCH v3 03/14] perf test: Drain pipe after child finishes to avoid losing output Ian Rogers
2026-05-31 6:37 ` [PATCH v3 04/14] perf test: Support dynamic test suites with setup callback and private data Ian Rogers
2026-05-31 6:37 ` [PATCH v3 05/14] perf test pmu-events: A sub-test per metric table Ian Rogers
2026-05-31 6:37 ` [PATCH v3 06/14] perf test: Refactor parallel poll loop to drain all pipes simultaneously Ian Rogers
2026-05-31 6:55 ` sashiko-bot
2026-05-31 6:37 ` [PATCH v3 07/14] perf test: Show snippet failure output for verbose=1 Ian Rogers
2026-05-31 6:47 ` sashiko-bot
2026-05-31 6:37 ` [PATCH v3 08/14] perf test: Add summary reporting Ian Rogers
2026-05-31 6:50 ` sashiko-bot
2026-05-31 6:37 ` [PATCH v3 09/14] perf test: Fix subtest status alignment for multi-digit indexes Ian Rogers
2026-05-31 6:37 ` [PATCH v3 10/14] perf test: Skip shebang and SPDX comments in shell test descriptions Ian Rogers
2026-05-31 6:52 ` sashiko-bot [this message]
2026-05-31 6:37 ` [PATCH v3 11/14] perf test: Split monolithic 'util' test suite into sub-tests Ian Rogers
2026-05-31 6:37 ` [PATCH v3 12/14] perf test: Add -j/--junit option for JUnit XML test reports Ian Rogers
2026-05-31 6:37 ` [PATCH v3 13/14] perf test: Add shell test to validate JUnit XML reporting output Ian Rogers
2026-05-31 6:37 ` [PATCH v3 14/14] perf test: Remove /usr/bin/cc dependency from Intel PT shell test Ian Rogers
2026-05-31 6:58 ` sashiko-bot
2026-05-31 8:22 ` [PATCH v4 00/15] perf test: Accelerate parallel test harness and add JUnit XML reporting Ian Rogers
2026-05-31 8:22 ` [PATCH v4 01/15] perf jevents.py: Make generated C code more kernel style Ian Rogers
2026-05-31 8:22 ` [PATCH v4 02/15] perf pmu-events: Add API to get metric table name and iterate tables Ian Rogers
2026-05-31 8:22 ` [PATCH v4 03/15] perf test: Drain pipe after child finishes to avoid losing output Ian Rogers
2026-05-31 8:22 ` [PATCH v4 04/15] perf test: Support dynamic test suites with setup callback and private data Ian Rogers
2026-05-31 8:22 ` [PATCH v4 05/15] perf test pmu-events: A sub-test per metric table Ian Rogers
2026-05-31 8:22 ` [PATCH v4 06/15] tools subcmd: Robust fallback and existence checks for process reaping Ian Rogers
2026-05-31 8:33 ` sashiko-bot
2026-05-31 8:22 ` [PATCH v4 07/15] perf test: Refactor parallel poll loop to drain all pipes simultaneously Ian Rogers
2026-05-31 8:34 ` sashiko-bot
2026-05-31 8:22 ` [PATCH v4 08/15] perf test: Show snippet failure output for verbose=1 Ian Rogers
2026-05-31 8:31 ` sashiko-bot
2026-05-31 8:22 ` [PATCH v4 09/15] perf test: Add summary reporting Ian Rogers
2026-05-31 8:33 ` sashiko-bot
2026-05-31 8:22 ` [PATCH v4 10/15] perf test: Fix subtest status alignment for multi-digit indexes Ian Rogers
2026-05-31 8:33 ` sashiko-bot
2026-05-31 8:22 ` [PATCH v4 11/15] perf test: Skip shebang and SPDX comments in shell test descriptions Ian Rogers
2026-05-31 8:22 ` [PATCH v4 12/15] perf test: Split monolithic 'util' test suite into sub-tests Ian Rogers
2026-05-31 8:22 ` [PATCH v4 13/15] perf test: Add -j/--junit option for JUnit XML test reports Ian Rogers
2026-05-31 8:41 ` sashiko-bot
2026-05-31 8:22 ` [PATCH v4 14/15] perf test: Add shell test to validate JUnit XML reporting output Ian Rogers
2026-05-31 8:22 ` [PATCH v4 15/15] perf test: Remove /usr/bin/cc dependency from Intel PT shell test Ian Rogers
2026-05-31 8:38 ` sashiko-bot
2026-06-01 0:05 ` [PATCH v5 00/15] perf test: Accelerate parallel test harness and add JUnit XML reporting Ian Rogers
2026-06-01 0:05 ` [PATCH 01/15] perf jevents.py: Make generated C code more kernel style Ian Rogers
2026-06-01 0:05 ` [PATCH 02/15] perf pmu-events: Add API to get metric table name and iterate tables Ian Rogers
2026-06-01 0:05 ` [PATCH 03/15] perf test: Drain pipe after child finishes to avoid losing output Ian Rogers
2026-06-01 0:05 ` [PATCH 04/15] perf test: Support dynamic test suites with setup callback and private data Ian Rogers
2026-06-01 0:05 ` [PATCH 05/15] perf test pmu-events: A sub-test per metric table Ian Rogers
2026-06-01 0:05 ` [PATCH 06/15] tools subcmd: Robust fallback and existence checks for process reaping Ian Rogers
2026-06-01 0:19 ` sashiko-bot
2026-06-01 0:05 ` [PATCH 07/15] perf test: Refactor parallel poll loop to drain all pipes simultaneously Ian Rogers
2026-06-01 0:19 ` sashiko-bot
2026-06-01 0:05 ` [PATCH 08/15] perf test: Show snippet failure output for verbose=1 Ian Rogers
2026-06-01 0:05 ` [PATCH 09/15] perf test: Add summary reporting Ian Rogers
2026-06-01 0:17 ` sashiko-bot
2026-06-01 0:05 ` [PATCH 10/15] perf test: Fix subtest status alignment for multi-digit indexes Ian Rogers
2026-06-01 0:05 ` [PATCH 11/15] perf test: Skip shebang and SPDX comments in shell test descriptions Ian Rogers
2026-06-01 0:05 ` [PATCH 12/15] perf test: Split monolithic 'util' test suite into sub-tests Ian Rogers
2026-06-01 0:05 ` [PATCH 13/15] perf test: Add -j/--junit option for JUnit XML test reports Ian Rogers
2026-06-01 0:23 ` sashiko-bot
2026-06-01 0:05 ` [PATCH 14/15] perf test: Add shell test to validate JUnit XML reporting output Ian Rogers
2026-06-01 0:05 ` [PATCH 15/15] perf test: Remove /usr/bin/cc dependency from Intel PT shell test Ian Rogers
2026-06-01 0:23 ` sashiko-bot
2026-06-01 6:13 ` [PATCH v6 00/15] perf test: Accelerate parallel test harness and add JUnit XML reporting Ian Rogers
2026-06-01 6:13 ` [PATCH 01/15] perf jevents.py: Make generated C code more kernel style Ian Rogers
2026-06-01 6:25 ` sashiko-bot
2026-06-01 6:13 ` [PATCH 02/15] perf pmu-events: Add API to get metric table name and iterate tables Ian Rogers
2026-06-01 6:13 ` [PATCH 03/15] perf test: Drain pipe after child finishes to avoid losing output Ian Rogers
2026-06-01 6:13 ` [PATCH 04/15] perf test: Support dynamic test suites with setup callback and private data Ian Rogers
2026-06-01 6:27 ` sashiko-bot
2026-06-01 6:13 ` [PATCH 05/15] perf test pmu-events: A sub-test per metric table Ian Rogers
2026-06-01 6:13 ` [PATCH 06/15] tools subcmd: Robust fallback and existence checks for process reaping Ian Rogers
2026-06-01 6:28 ` sashiko-bot
2026-06-01 6:13 ` [PATCH 07/15] perf test: Refactor parallel poll loop to drain all pipes simultaneously Ian Rogers
2026-06-01 6:28 ` sashiko-bot
2026-06-01 6:13 ` [PATCH 08/15] perf test: Show snippet failure output for verbose=1 Ian Rogers
2026-06-01 6:25 ` sashiko-bot
2026-06-01 6:13 ` [PATCH 09/15] perf test: Add summary reporting Ian Rogers
2026-06-01 6:24 ` sashiko-bot
2026-06-01 6:13 ` [PATCH 10/15] perf test: Fix subtest status alignment for multi-digit indexes Ian Rogers
2026-06-01 6:13 ` [PATCH 11/15] perf test: Skip shebang and SPDX comments in shell test descriptions Ian Rogers
2026-06-01 6:13 ` [PATCH 12/15] perf test: Split monolithic 'util' test suite into sub-tests Ian Rogers
2026-06-01 6:13 ` [PATCH 13/15] perf test: Add -j/--junit option for JUnit XML test reports Ian Rogers
2026-06-01 6:33 ` sashiko-bot
2026-06-01 6:14 ` [PATCH 14/15] perf test: Add shell test to validate JUnit XML reporting output Ian Rogers
2026-06-01 6:14 ` [PATCH 15/15] perf test: Remove /usr/bin/cc dependency from Intel PT shell test Ian Rogers
2026-06-01 6:37 ` sashiko-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260531065224.EF6F21F00893@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=irogers@google.com \
--cc=linux-perf-users@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox