[GIT PULL] perf tools updates

May 21st, 2011 - 09:50 pm ET by Frederic Weisbecker | Report spam

Ingo, Arnaldo,

Please pull the perf/core branch that can be found at:

git://git.kernel.org/pub/scm/linux/...racing.git
perf/core

Thanks,
Frederic

Frederic Weisbecker (6):
perf tools: Check we are able to read the event size on mmap
perf tools: Remove junk code in mmap size handling
perf tools: Move evlist sample helpers to evlist area
perf tools: Pre-check sample size before parsing
perf tools: Robustify dynamic sample content fetch
perf tools: Propagate event parse error handling

tools/perf/builtin-test.c | 9 ++++++++-
tools/perf/builtin-top.c | 7 ++++++-
tools/perf/util/event.c | 16 ++++++++++++++++
tools/perf/util/event.h | 12 +++++++++++-
tools/perf/util/evlist.c | 31 +++++++++++++++++++++++++++++++
tools/perf/util/evlist.h | 3 +++
tools/perf/util/evsel.c | 32 +++++++++++++++++++++++++++++++-
tools/perf/util/header.c | 31 -
tools/perf/util/header.h | 2 --
tools/perf/util/python.c | 13 ++++++++++
tools/perf/util/session.c | 25 ++++++++++++++++++-
tools/perf/util/session.h | 2 ++
12 files changed, 136 insertions(+), 47 deletions(-)
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Follow the discussion Replies

8 replies

Make a reply

Replies

#1 Frederic Weisbecker

May 21st, 2011 - 09:50 pm ET | Report spam

Ensure the size of the dynamic fields such as callchains
or raw events don't overlap the whole event boundaries.

This prevents from dereferencing junk if the given size of
the callchain goes too eager.

Reported-by: Linus Torvalds
Reported-by: Ingo Molnar
Signed-off-by: Frederic Weisbecker
Cc: Ingo Molnar
Cc: Peter Zijlstra
Cc: Arnaldo Carvalho de Melo
Cc: Stephane Eranian

tools/perf/util/evsel.c | 26 ++++++++++++++++++++++++++
1 files changed, 26 insertions(+), 0 deletions(-)

diff --git a/tools/perf/util/evsel.c b/tools/perf/util/evsel.c
index bfce8bf..ee0fe0d 100644
a/tools/perf/util/evsel.c
+++ b/tools/perf/util/evsel.c
@@ -303,6 +303,17 @@ static int perf_event__parse_id_sample(const union perf_event *event, u64 type,
return 0;
}

+static bool sample_overlap(const union perf_event *event,
+ const void *offset, u64 size)
+{
+ const void *base = event;
+
+ if (offset + size > base + event->header.size)
+ return true;
+
+ return false;
+}
+
int perf_event__parse_sample(const union perf_event *event, u64 type,
int sample_size, bool sample_id_all,
struct perf_sample *data)
@@ -373,14 +384,29 @@ int perf_event__parse_sample(const union perf_event *event, u64 type,
}

if (type & PERF_SAMPLE_CALLCHAIN) {
+ if (sample_overlap(event, array, sizeof(data->callchain->nr)))
+ return -EFAULT;
+
data->callchain = (struct ip_callchain *)array;
+
+ if (sample_overlap(event, array, data->callchain->nr))
+ return -EFAULT;
+
array += 1 + data->callchain->nr;
}

if (type & PERF_SAMPLE_RAW) {
u32 *p = (u32 *)array;
+
+ if (sample_overlap(event, array, sizeof(u32)))
+ return -EFAULT;
+
data->raw_size = *p;
p++;
+
+ if (sample_overlap(event, p, data->raw_size))
+ return -EFAULT;
+
data->raw_data = p;
}

1.7.3.2

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Read all the answers

[GIT PULL] perf tools updates

Replies

Similar topics