[PATCH] perf: fix infinite loop with corrupted header

[PATCH] perf: fix infinite loop with corrupted header

[Sonny Rao]

We recently ran into a corrupt perf data file which mostly looked okay
but the section size for data was set to 0.  This caused perf report to
get into an infinite loop in __perf_session_process_events().  Let's
just avoid this by bailing early and reporting it if there's an
invalid header.

Signed-off-by: Sonny Rao <sonnyrao@chromium.org>
---
 tools/perf/util/header.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c
index 26441d0..085ef76 100644
--- a/tools/perf/util/header.c
+++ b/tools/perf/util/header.c
@@ -2582,6 +2582,10 @@ int perf_file_header__read(struct perf_file_header *header,
 	ph->data_offset  = header->data.offset;
 	ph->data_size	 = header->data.size;
 	ph->feat_offset  = header->data.offset + header->data.size;
+
+	if (!header->data.size)
+		die("corrupted header, invalid size 0 for data section\n");
+
 	return 0;
 }
 
-- 
1.8.4

Re: [PATCH] perf: fix infinite loop with corrupted header

[David Ahern]

On 9/25/13 11:20 PM, Sonny Rao wrote:
> We recently ran into a corrupt perf data file which mostly looked okay
> but the section size for data was set to 0.  This caused perf report to
> get into an infinite loop in __perf_session_process_events().  Let's
> just avoid this by bailing early and reporting it if there's an
> invalid header.

Been suggested before:
https://lkml.org/lkml/2013/5/9/405

Other changes went in around that time as well. Are you still seeing the 
loop on latest source?

David

Re: [PATCH] perf: fix infinite loop with corrupted header

[Arnaldo Carvalho de Melo]

Em Thu, Sep 26, 2013 at 07:34:56AM -0600, David Ahern escreveu:
> On 9/25/13 11:20 PM, Sonny Rao wrote:
> >We recently ran into a corrupt perf data file which mostly looked okay
> >but the section size for data was set to 0.  This caused perf report to
> >get into an infinite loop in __perf_session_process_events().  Let's
> >just avoid this by bailing early and reporting it if there's an
> >invalid header.
> 
> Been suggested before:
> https://lkml.org/lkml/2013/5/9/405

Thanks for the pointer (and this latest patch as well), looking at it
now.

- Arnaldo
 
> Other changes went in around that time as well. Are you still seeing
> the loop on latest source?
> 
> David

Re: [PATCH] perf: fix infinite loop with corrupted header

[Namhyung Kim]

2013-09-26 (목), 10:46 -0300, Arnaldo Carvalho de Melo:
> Em Thu, Sep 26, 2013 at 07:34:56AM -0600, David Ahern escreveu:
> > On 9/25/13 11:20 PM, Sonny Rao wrote:
> > >We recently ran into a corrupt perf data file which mostly looked okay
> > >but the section size for data was set to 0.  This caused perf report to
> > >get into an infinite loop in __perf_session_process_events().  Let's
> > >just avoid this by bailing early and reporting it if there's an
> > >invalid header.
> > 
> > Been suggested before:
> > https://lkml.org/lkml/2013/5/9/405
> 
> Thanks for the pointer (and this latest patch as well), looking at it
> now.
> 
> - Arnaldo
>  
> > Other changes went in around that time as well. Are you still seeing
> > the loop on latest source?

Did you mean this?

https://lkml.org/lkml/2013/5/9/670


Thanks,
Namhyung

Re: [PATCH] perf: fix infinite loop with corrupted header

[Arnaldo Carvalho de Melo]

Em Thu, Sep 26, 2013 at 10:59:37PM +0900, Namhyung Kim escreveu:
> 2013-09-26 (목), 10:46 -0300, Arnaldo Carvalho de Melo:
> > Em Thu, Sep 26, 2013 at 07:34:56AM -0600, David Ahern escreveu:
> > > On 9/25/13 11:20 PM, Sonny Rao wrote:
> > > >We recently ran into a corrupt perf data file which mostly looked okay
> > > >but the section size for data was set to 0.  This caused perf report to
> > > >get into an infinite loop in __perf_session_process_events().  Let's
> > > >just avoid this by bailing early and reporting it if there's an
> > > >invalid header.
> > > 
> > > Been suggested before:
> > > https://lkml.org/lkml/2013/5/9/405
> > 
> > Thanks for the pointer (and this latest patch as well), looking at it
> > now.
> > 
> > - Arnaldo
> >  
> > > Other changes went in around that time as well. Are you still seeing
> > > the loop on latest source?
> 
> Did you mean this?

Not at that moment, but yes, I looked up the discussion and found this,
which I think is sensible, would like just to do some testing, and if
you could submit a patch combining your change with David's, I think it
would be good.

Thanks,

- Arnaldo
 
> https://lkml.org/lkml/2013/5/9/670
> 
> 
> Thanks,
> Namhyung
> 

Re: [PATCH] perf: fix infinite loop with corrupted header

[Sonny Rao]

On Thu, Sep 26, 2013 at 6:34 AM, David Ahern <dsahern@gmail.com> wrote:
> On 9/25/13 11:20 PM, Sonny Rao wrote:
>>
>> We recently ran into a corrupt perf data file which mostly looked okay
>> but the section size for data was set to 0.  This caused perf report to
>> get into an infinite loop in __perf_session_process_events().  Let's
>> just avoid this by bailing early and reporting it if there's an
>> invalid header.
>
>
> Been suggested before:
> https://lkml.org/lkml/2013/5/9/405
>
> Other changes went in around that time as well. Are you still seeing the
> loop on latest source?

I'm still seeing it on 3.12-rc1.  I haven't tested anything newer or
in the perf git tree.
Thanks

>
> David

Re: [PATCH] perf: fix infinite loop with corrupted header

[Namhyung Kim]

Hi,

On Thu, 26 Sep 2013 11:06:13 -0300, Arnaldo Carvalho de Melo wrote:
> Em Thu, Sep 26, 2013 at 10:59:37PM +0900, Namhyung Kim escreveu:
>> 2013-09-26 (목), 10:46 -0300, Arnaldo Carvalho de Melo:
>> > Em Thu, Sep 26, 2013 at 07:34:56AM -0600, David Ahern escreveu:
>> > > Other changes went in around that time as well. Are you still seeing
>> > > the loop on latest source?
>> 
>> Did you mean this?
>
> Not at that moment, but yes, I looked up the discussion and found this,
> which I think is sensible, would like just to do some testing, and if
> you could submit a patch combining your change with David's, I think it
> would be good.

I'll resend it after some testing.

Thanks,
Namhyung