From: Arnaldo Carvalho de Melo <acme@kernel.org>
To: Ian Rogers <irogers@google.com>
Cc: Peter Zijlstra <peterz@infradead.org>,
Ingo Molnar <mingo@redhat.com>,
Mark Rutland <mark.rutland@arm.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Jiri Olsa <jolsa@redhat.com>, Namhyung Kim <namhyung@kernel.org>,
Leo Yan <leo.yan@linaro.org>,
Andre Przywara <andre.przywara@arm.com>,
Will Deacon <will@kernel.org>, Dave Martin <Dave.Martin@arm.com>,
linux-kernel@vger.kernel.org,
Stephane Eranian <eranian@google.com>
Subject: Re: [PATCH] perf arm-spe: Avoid potential buffer overrun.
Date: Wed, 7 Apr 2021 16:24:36 -0300 [thread overview]
Message-ID: <YG4G9Fb8NO3MYYQa@kernel.org> (raw)
In-Reply-To: <20210407153955.317215-1-irogers@google.com>
Em Wed, Apr 07, 2021 at 08:39:55AM -0700, Ian Rogers escreveu:
> SPE extended headers are >1 byte so ensure the buffer contains at
> least this before reading. This issue was detected by fuzzing.
Thanks, applied.
- Arnaldo
> Signed-off-by: Ian Rogers <irogers@google.com>
> ---
> tools/perf/util/arm-spe-decoder/arm-spe-pkt-decoder.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/tools/perf/util/arm-spe-decoder/arm-spe-pkt-decoder.c b/tools/perf/util/arm-spe-decoder/arm-spe-pkt-decoder.c
> index f3ac9d40cebf..2e5eff4f8f03 100644
> --- a/tools/perf/util/arm-spe-decoder/arm-spe-pkt-decoder.c
> +++ b/tools/perf/util/arm-spe-decoder/arm-spe-pkt-decoder.c
> @@ -210,8 +210,10 @@ static int arm_spe_do_get_packet(const unsigned char *buf, size_t len,
>
> if ((hdr & SPE_HEADER0_MASK2) == SPE_HEADER0_EXTENDED) {
> /* 16-bit extended format header */
> - ext_hdr = 1;
> + if (len == 1)
> + return ARM_SPE_BAD_PACKET;
>
> + ext_hdr = 1;
> hdr = buf[1];
> if (hdr == SPE_HEADER1_ALIGNMENT)
> return arm_spe_get_alignment(buf, len, packet);
> --
> 2.31.0.208.g409f899ff0-goog
>
--
- Arnaldo
prev parent reply other threads:[~2021-04-07 19:24 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-07 15:39 [PATCH] perf arm-spe: Avoid potential buffer overrun Ian Rogers
2021-04-07 19:24 ` Arnaldo Carvalho de Melo [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YG4G9Fb8NO3MYYQa@kernel.org \
--to=acme@kernel.org \
--cc=Dave.Martin@arm.com \
--cc=alexander.shishkin@linux.intel.com \
--cc=andre.przywara@arm.com \
--cc=eranian@google.com \
--cc=irogers@google.com \
--cc=jolsa@redhat.com \
--cc=leo.yan@linaro.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=mingo@redhat.com \
--cc=namhyung@kernel.org \
--cc=peterz@infradead.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox