From: sashiko-bot@kernel.org
To: "Ian Rogers" <irogers@google.com>
Cc: bpf@vger.kernel.org, linux-perf-users@vger.kernel.org
Subject: Re: [PATCH v1 7/7] perf test: Add BPF JIT annotation test coverage for all disassemblers
Date: Tue, 09 Jun 2026 05:36:10 +0000 [thread overview]
Message-ID: <20260609053610.E4C0C1F00893@smtp.kernel.org> (raw)
In-Reply-To: <20260609051759.405027-8-irogers@google.com>
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [High] Removing a securely created temporary file before reusing its path creates a Time-Of-Check to Time-Of-Use (TOCTOU) race condition, allowing a local attacker to overwrite arbitrary system files or steal system-wide profiling data.
--
commit cc2ff8c9b984e996a4b88b05049833c644d20227
Author: Ian Rogers <irogers@google.com>
perf test: Add BPF JIT annotation test coverage for all disassemblers
This commit expands the annotate.sh shell test to verify BPF JIT disassembly.
It captures system BPF programs and validates the temporary ELF generation
using various supported disassembler backends.
> diff --git a/tools/perf/tests/shell/annotate.sh b/tools/perf/tests/shell/annotate.sh
> index d3bafa7e3db55..d8c710470c528 100755
> --- a/tools/perf/tests/shell/annotate.sh
> +++ b/tools/perf/tests/shell/annotate.sh
[ ... ]
> +test_bpf() {
> + echo "Test annotate with BPF JIT output"
> +
> + if ! perf check -q feature libbpf-strings ; then
> + echo "BPF annotation test [Skipped - libbpf-strings not supported]"
> + return 0
> + fi
> +
> + rm -f "${perfdata}"
> +
> + if ! perf record -a -e cycles -F 4000 -o "${perfdata}" -- sleep 1 2> /dev/null
[Severity: High]
Does removing this securely created temporary file before reusing its path
create a Time-Of-Check to Time-Of-Use (TOCTOU) race condition?
By deleting the file explicitly and then allowing perf record to create it
again, it appears to open a window where a local attacker could place a
symlink at this path. Since perf record does not use O_EXCL when opening
output files, couldn't this result in overwriting arbitrary system files or
leaking system-wide profiling data if the test is run with privileges?
> + then
> + echo "BPF annotation test [Skipped - perf record -a failed, probably no privileges]"
> + return 0
> + fi
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260609051759.405027-1-irogers@google.com?part=7
prev parent reply other threads:[~2026-06-09 5:36 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-09 5:17 [PATCH v1 0/7] perf annotate: Add elfutils libasm disassembler backend Ian Rogers
2026-06-09 5:17 ` [PATCH v1 1/7] tools build: Add feature check for elfutils libasm Ian Rogers
2026-06-09 5:28 ` sashiko-bot
2026-06-09 5:17 ` [PATCH v1 2/7] perf build: Add build support and capability " Ian Rogers
2026-06-09 5:28 ` sashiko-bot
2026-06-09 5:17 ` [PATCH v1 3/7] perf annotate: Implement elfutils libasm disassembler backend Ian Rogers
2026-06-09 5:30 ` sashiko-bot
2026-06-09 5:17 ` [PATCH v1 4/7] perf annotate: Add --disassembler command-line option Ian Rogers
2026-06-09 5:17 ` [PATCH v1 5/7] perf test: Enhance annotate test coverage and isolate config Ian Rogers
2026-06-09 5:28 ` sashiko-bot
2026-06-09 5:17 ` [PATCH v1 6/7] perf annotate: Support BPF JIT disassembly via genelf Ian Rogers
2026-06-09 5:33 ` sashiko-bot
2026-06-09 5:17 ` [PATCH v1 7/7] perf test: Add BPF JIT annotation test coverage for all disassemblers Ian Rogers
2026-06-09 5:36 ` sashiko-bot [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260609053610.E4C0C1F00893@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=irogers@google.com \
--cc=linux-perf-users@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox