From: sashiko-bot@kernel.org
To: "Ian Rogers" <irogers@google.com>
Cc: linux-perf-users@vger.kernel.org
Subject: Re: [PATCH v2 06/12] perf tests: Fix Python JIT dump profiling test failure
Date: Tue, 16 Jun 2026 06:27:08 +0000 [thread overview]
Message-ID: <20260616062709.024121F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260616061404.41929-7-irogers@google.com>
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [Medium] Predictable temporary file name allows an attacker to perform a symlink attack leading to arbitrary file overwrite.
--
commit 5cc8bb6cfd6331b267045e9aa8e8f0e141a7441e
Author: Ian Rogers <irogers@google.com>
perf tests: Fix Python JIT dump profiling test failure
This commit fixes PID parsing in the Python JIT dump profiling test by
resolving duplicate space-separated values. It also introduces a retry loop
that scales from 1M to 100M iterations to ensure JIT stack trampoline
samples are successfully captured.
> diff --git a/tools/perf/tests/shell/jitdump-python.sh b/tools/perf/tests/shell/jitdump-python.sh
> index ae86203b14a22..dd4a401cd2455 100755
> --- a/tools/perf/tests/shell/jitdump-python.sh
> +++ b/tools/perf/tests/shell/jitdump-python.sh
[ ... ]
> @@ -33,9 +36,16 @@ trap_cleanup() {
>
> trap trap_cleanup EXIT TERM INT
>
> -echo "Run python with -Xperf_jit"
> -cat <<EOF | perf record -k 1 -g --call-graph dwarf -o "${PERF_DATA}" \
> - -- ${PYTHON} -Xperf_jit
> +ALL_PIDS=""
> +NUM=0
> +for iterations in 1000000 10000000 50000000 100000000; do
> + echo "Running with $iterations iterations..."
> + rm -f "${PERF_DATA}.pid"
> + cat <<EOF | perf record -k 1 -g --call-graph dwarf -o "${PERF_DATA}" -- ${PYTHON} -Xperf_jit
> +import os
> +with open("${PERF_DATA}.pid", "w") as f:
[Severity: Medium]
Could this create a time-of-check to time-of-use race condition?
While the main perf data file is securely created using mktemp, this uses
a predictable filename in a shared directory for the PID file. Even though
the file is removed right before the python script runs:
rm -f "${PERF_DATA}.pid"
Is there a risk that a malicious symlink could be recreated at the
predictable path in the window between the removal and the python open()
call?
If the symlink is recreated and followed during the python script execution:
with open("${PERF_DATA}.pid", "w") as f:
f.write(str(os.getpid()))
Does this allow arbitrary file overwrites with the python process PID?
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260616061404.41929-1-irogers@google.com?part=6
next prev parent reply other threads:[~2026-06-16 6:27 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-16 1:27 [PATCH v1 00/12] perf tests: Enhancements, speedups, and flakiness fixes Ian Rogers
2026-06-16 1:27 ` [PATCH v1 01/12] perf parse-events: Restrict core PMU bypass to --cputype option Ian Rogers
2026-06-16 1:44 ` sashiko-bot
2026-06-16 1:27 ` [PATCH v1 02/12] perf test: Truncate test description to fit terminal width Ian Rogers
2026-06-16 1:38 ` sashiko-bot
2026-06-16 1:27 ` [PATCH v1 03/12] perf tests workloads: Support sub-second durations in noploop and thloop Ian Rogers
2026-06-16 1:35 ` sashiko-bot
2026-06-16 1:27 ` [PATCH v1 04/12] perf tests: Add robust record retry helper and use subsecond workloads Ian Rogers
2026-06-16 1:38 ` sashiko-bot
2026-06-16 1:27 ` [PATCH v1 05/12] perf tests: Skip metrics validation if system-wide recording lacks permission Ian Rogers
2026-06-16 1:41 ` sashiko-bot
2026-06-16 1:27 ` [PATCH v1 06/12] perf tests: Fix Python JIT dump profiling test failure Ian Rogers
2026-06-16 1:39 ` sashiko-bot
2026-06-16 1:27 ` [PATCH v1 07/12] perf tests: Fix flakiness in trace record and replay test Ian Rogers
2026-06-16 1:42 ` sashiko-bot
2026-06-16 1:27 ` [PATCH v1 08/12] perf tests: Fix flakiness in BPF counters test on hybrid systems Ian Rogers
2026-06-16 1:35 ` sashiko-bot
2026-06-16 1:27 ` [PATCH v1 09/12] perf tests: Fix flakiness in branch stack sampling tests Ian Rogers
2026-06-16 1:27 ` [PATCH v1 10/12] perf tests: Speed up off-cpu profiling tests Ian Rogers
2026-06-16 1:41 ` sashiko-bot
2026-06-16 1:27 ` [PATCH v1 11/12] perf tests: Speed up lock contention analysis shell test Ian Rogers
2026-06-16 1:27 ` [PATCH v1 12/12] perf tests: Speed up metrics checking shell tests Ian Rogers
2026-06-16 6:13 ` [PATCH v2 00/12] perf tests: Enhance robustness, speed up execution, and fix flakiness Ian Rogers
2026-06-16 6:13 ` [PATCH v2 01/12] perf parse-events: Restrict core PMU bypass to --cputype option Ian Rogers
2026-06-16 6:31 ` sashiko-bot
2026-06-16 6:13 ` [PATCH v2 02/12] perf test: Truncate test description to fit terminal width Ian Rogers
2026-06-16 6:24 ` sashiko-bot
2026-06-16 6:13 ` [PATCH v2 03/12] perf tests workloads: Support sub-second durations in noploop and thloop Ian Rogers
2026-06-16 6:22 ` sashiko-bot
2026-06-16 6:13 ` [PATCH v2 04/12] perf tests: Add robust record retry helper and use subsecond workloads Ian Rogers
2026-06-16 6:27 ` sashiko-bot
2026-06-16 6:13 ` [PATCH v2 05/12] perf tests: Skip metrics validation if system-wide recording lacks permission Ian Rogers
2026-06-16 6:13 ` [PATCH v2 06/12] perf tests: Fix Python JIT dump profiling test failure Ian Rogers
2026-06-16 6:27 ` sashiko-bot [this message]
2026-06-16 6:13 ` [PATCH v2 07/12] perf tests: Fix flakiness in trace record and replay test Ian Rogers
2026-06-16 6:27 ` sashiko-bot
2026-06-16 6:14 ` [PATCH v2 08/12] perf tests: Fix flakiness in BPF counters test on hybrid systems Ian Rogers
2026-06-16 6:14 ` [PATCH v2 09/12] perf tests: Fix flakiness in branch stack sampling tests Ian Rogers
2026-06-16 6:14 ` [PATCH v2 10/12] perf tests: Speed up off-cpu profiling tests Ian Rogers
2026-06-16 6:25 ` sashiko-bot
2026-06-16 6:14 ` [PATCH v2 11/12] perf tests: Speed up lock contention analysis shell test Ian Rogers
2026-06-16 6:14 ` [PATCH v2 12/12] perf tests: Speed up metrics checking shell tests Ian Rogers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260616062709.024121F000E9@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=irogers@google.com \
--cc=linux-perf-users@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox