From: German Gomez <german.gomez@arm.com>
To: Arnaldo Carvalho de Melo <acme@kernel.org>,
kajoljain <kjain@linux.ibm.com>
Cc: linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org,
John Garry <john.garry@huawei.com>, Will Deacon <will@kernel.org>,
Mathieu Poirier <mathieu.poirier@linaro.org>,
Leo Yan <leo.yan@linaro.org>, Mark Rutland <mark.rutland@arm.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Jiri Olsa <jolsa@redhat.com>, Namhyung Kim <namhyung@kernel.org>,
linux-arm-kernel@lists.infradead.org, linux-csky@vger.kernel.org,
linux-riscv@lists.infradead.org
Subject: Re: [PATCH v1 1/4] perf tools: Prevent out-of-bounds access to registers
Date: Fri, 10 Dec 2021 15:28:56 +0000 [thread overview]
Message-ID: <42c6ea29-5904-bb8b-d9c6-a0516c3a564f@arm.com> (raw)
In-Reply-To: <YbNYUC1poqzrWynP@kernel.org>
On 10/12/2021 13:38, Arnaldo Carvalho de Melo wrote:
> Em Fri, Dec 10, 2021 at 02:47:49PM +0530, kajoljain escreveu:
>>
>> On 12/1/21 6:03 PM, German Gomez wrote:
>>> The size of the cache of register values is arch-dependant
>>> (PERF_REGS_MAX). This has the potential of causing an out-of-bounds
>>> access in the function "perf_reg_value" if the local architecture
>>> contains less registers than the one the perf.data file was recorded on.
>>>
>>> Since the maximum number of registers is bound by the bitmask "u64
>>> cache_mask", and the size of the cache when running under x86 systems is
>>> 64 already, fix the size to 64 and add a range-check to the function
>>> "perf_reg_value" to prevent out-of-bounds access.
>>>
>> Patch looks good to me.
>>
>> Reviewed-by: Kajol Jain<kjain@linux.ibm.com>
> Thanks, applied.
>
> - Arnaldo
Thanks Arnaldo, and the rest for the review.
I did send a v2 of this patch afterwards. The only difference was to
give credit to the reporter in the commit message with:
Reported-by: Alexandre Truong <alexandre.truong@arm.com>
Thanks,
German
>
>> Thanks,
>> Kajol Jain
>>
>>> Signed-off-by: German Gomez <german.gomez@arm.com>
>>> ---
>>> tools/perf/util/event.h | 5 ++++-
>>> tools/perf/util/perf_regs.c | 3 +++
>>> 2 files changed, 7 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/tools/perf/util/event.h b/tools/perf/util/event.h
>>> index 95ffed663..c59331eea 100644
>>> --- a/tools/perf/util/event.h
>>> +++ b/tools/perf/util/event.h
>>> @@ -44,13 +44,16 @@ struct perf_event_attr;
>>> /* perf sample has 16 bits size limit */
>>> #define PERF_SAMPLE_MAX_SIZE (1 << 16)
>>>
>>> +/* number of register is bound by the number of bits in regs_dump::mask (64) */
>>> +#define PERF_SAMPLE_REGS_CACHE_SIZE (8 * sizeof(u64))
>>> +
>>> struct regs_dump {
>>> u64 abi;
>>> u64 mask;
>>> u64 *regs;
>>>
>>> /* Cached values/mask filled by first register access. */
>>> - u64 cache_regs[PERF_REGS_MAX];
>>> + u64 cache_regs[PERF_SAMPLE_REGS_CACHE_SIZE];
>>> u64 cache_mask;
>>> };
>>>
>>> diff --git a/tools/perf/util/perf_regs.c b/tools/perf/util/perf_regs.c
>>> index 5ee47ae15..06a7461ba 100644
>>> --- a/tools/perf/util/perf_regs.c
>>> +++ b/tools/perf/util/perf_regs.c
>>> @@ -25,6 +25,9 @@ int perf_reg_value(u64 *valp, struct regs_dump *regs, int id)
>>> int i, idx = 0;
>>> u64 mask = regs->mask;
>>>
>>> + if ((u64)id >= PERF_SAMPLE_REGS_CACHE_SIZE)
>>> + return -EINVAL;
>>> +
>>> if (regs->cache_mask & (1ULL << id))
>>> goto out;
>>>
>>>
WARNING: multiple messages have this Message-ID (diff)
From: German Gomez <german.gomez@arm.com>
To: Arnaldo Carvalho de Melo <acme@kernel.org>,
kajoljain <kjain@linux.ibm.com>
Cc: linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org,
John Garry <john.garry@huawei.com>, Will Deacon <will@kernel.org>,
Mathieu Poirier <mathieu.poirier@linaro.org>,
Leo Yan <leo.yan@linaro.org>, Mark Rutland <mark.rutland@arm.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Jiri Olsa <jolsa@redhat.com>, Namhyung Kim <namhyung@kernel.org>,
linux-arm-kernel@lists.infradead.org, linux-csky@vger.kernel.org,
linux-riscv@lists.infradead.org
Subject: Re: [PATCH v1 1/4] perf tools: Prevent out-of-bounds access to registers
Date: Fri, 10 Dec 2021 15:28:56 +0000 [thread overview]
Message-ID: <42c6ea29-5904-bb8b-d9c6-a0516c3a564f@arm.com> (raw)
In-Reply-To: <YbNYUC1poqzrWynP@kernel.org>
On 10/12/2021 13:38, Arnaldo Carvalho de Melo wrote:
> Em Fri, Dec 10, 2021 at 02:47:49PM +0530, kajoljain escreveu:
>>
>> On 12/1/21 6:03 PM, German Gomez wrote:
>>> The size of the cache of register values is arch-dependant
>>> (PERF_REGS_MAX). This has the potential of causing an out-of-bounds
>>> access in the function "perf_reg_value" if the local architecture
>>> contains less registers than the one the perf.data file was recorded on.
>>>
>>> Since the maximum number of registers is bound by the bitmask "u64
>>> cache_mask", and the size of the cache when running under x86 systems is
>>> 64 already, fix the size to 64 and add a range-check to the function
>>> "perf_reg_value" to prevent out-of-bounds access.
>>>
>> Patch looks good to me.
>>
>> Reviewed-by: Kajol Jain<kjain@linux.ibm.com>
> Thanks, applied.
>
> - Arnaldo
Thanks Arnaldo, and the rest for the review.
I did send a v2 of this patch afterwards. The only difference was to
give credit to the reporter in the commit message with:
Reported-by: Alexandre Truong <alexandre.truong@arm.com>
Thanks,
German
>
>> Thanks,
>> Kajol Jain
>>
>>> Signed-off-by: German Gomez <german.gomez@arm.com>
>>> ---
>>> tools/perf/util/event.h | 5 ++++-
>>> tools/perf/util/perf_regs.c | 3 +++
>>> 2 files changed, 7 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/tools/perf/util/event.h b/tools/perf/util/event.h
>>> index 95ffed663..c59331eea 100644
>>> --- a/tools/perf/util/event.h
>>> +++ b/tools/perf/util/event.h
>>> @@ -44,13 +44,16 @@ struct perf_event_attr;
>>> /* perf sample has 16 bits size limit */
>>> #define PERF_SAMPLE_MAX_SIZE (1 << 16)
>>>
>>> +/* number of register is bound by the number of bits in regs_dump::mask (64) */
>>> +#define PERF_SAMPLE_REGS_CACHE_SIZE (8 * sizeof(u64))
>>> +
>>> struct regs_dump {
>>> u64 abi;
>>> u64 mask;
>>> u64 *regs;
>>>
>>> /* Cached values/mask filled by first register access. */
>>> - u64 cache_regs[PERF_REGS_MAX];
>>> + u64 cache_regs[PERF_SAMPLE_REGS_CACHE_SIZE];
>>> u64 cache_mask;
>>> };
>>>
>>> diff --git a/tools/perf/util/perf_regs.c b/tools/perf/util/perf_regs.c
>>> index 5ee47ae15..06a7461ba 100644
>>> --- a/tools/perf/util/perf_regs.c
>>> +++ b/tools/perf/util/perf_regs.c
>>> @@ -25,6 +25,9 @@ int perf_reg_value(u64 *valp, struct regs_dump *regs, int id)
>>> int i, idx = 0;
>>> u64 mask = regs->mask;
>>>
>>> + if ((u64)id >= PERF_SAMPLE_REGS_CACHE_SIZE)
>>> + return -EINVAL;
>>> +
>>> if (regs->cache_mask & (1ULL << id))
>>> goto out;
>>>
>>>
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
WARNING: multiple messages have this Message-ID (diff)
From: German Gomez <german.gomez@arm.com>
To: Arnaldo Carvalho de Melo <acme@kernel.org>,
kajoljain <kjain@linux.ibm.com>
Cc: linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org,
John Garry <john.garry@huawei.com>, Will Deacon <will@kernel.org>,
Mathieu Poirier <mathieu.poirier@linaro.org>,
Leo Yan <leo.yan@linaro.org>, Mark Rutland <mark.rutland@arm.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Jiri Olsa <jolsa@redhat.com>, Namhyung Kim <namhyung@kernel.org>,
linux-arm-kernel@lists.infradead.org, linux-csky@vger.kernel.org,
linux-riscv@lists.infradead.org
Subject: Re: [PATCH v1 1/4] perf tools: Prevent out-of-bounds access to registers
Date: Fri, 10 Dec 2021 15:28:56 +0000 [thread overview]
Message-ID: <42c6ea29-5904-bb8b-d9c6-a0516c3a564f@arm.com> (raw)
In-Reply-To: <YbNYUC1poqzrWynP@kernel.org>
On 10/12/2021 13:38, Arnaldo Carvalho de Melo wrote:
> Em Fri, Dec 10, 2021 at 02:47:49PM +0530, kajoljain escreveu:
>>
>> On 12/1/21 6:03 PM, German Gomez wrote:
>>> The size of the cache of register values is arch-dependant
>>> (PERF_REGS_MAX). This has the potential of causing an out-of-bounds
>>> access in the function "perf_reg_value" if the local architecture
>>> contains less registers than the one the perf.data file was recorded on.
>>>
>>> Since the maximum number of registers is bound by the bitmask "u64
>>> cache_mask", and the size of the cache when running under x86 systems is
>>> 64 already, fix the size to 64 and add a range-check to the function
>>> "perf_reg_value" to prevent out-of-bounds access.
>>>
>> Patch looks good to me.
>>
>> Reviewed-by: Kajol Jain<kjain@linux.ibm.com>
> Thanks, applied.
>
> - Arnaldo
Thanks Arnaldo, and the rest for the review.
I did send a v2 of this patch afterwards. The only difference was to
give credit to the reporter in the commit message with:
Reported-by: Alexandre Truong <alexandre.truong@arm.com>
Thanks,
German
>
>> Thanks,
>> Kajol Jain
>>
>>> Signed-off-by: German Gomez <german.gomez@arm.com>
>>> ---
>>> tools/perf/util/event.h | 5 ++++-
>>> tools/perf/util/perf_regs.c | 3 +++
>>> 2 files changed, 7 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/tools/perf/util/event.h b/tools/perf/util/event.h
>>> index 95ffed663..c59331eea 100644
>>> --- a/tools/perf/util/event.h
>>> +++ b/tools/perf/util/event.h
>>> @@ -44,13 +44,16 @@ struct perf_event_attr;
>>> /* perf sample has 16 bits size limit */
>>> #define PERF_SAMPLE_MAX_SIZE (1 << 16)
>>>
>>> +/* number of register is bound by the number of bits in regs_dump::mask (64) */
>>> +#define PERF_SAMPLE_REGS_CACHE_SIZE (8 * sizeof(u64))
>>> +
>>> struct regs_dump {
>>> u64 abi;
>>> u64 mask;
>>> u64 *regs;
>>>
>>> /* Cached values/mask filled by first register access. */
>>> - u64 cache_regs[PERF_REGS_MAX];
>>> + u64 cache_regs[PERF_SAMPLE_REGS_CACHE_SIZE];
>>> u64 cache_mask;
>>> };
>>>
>>> diff --git a/tools/perf/util/perf_regs.c b/tools/perf/util/perf_regs.c
>>> index 5ee47ae15..06a7461ba 100644
>>> --- a/tools/perf/util/perf_regs.c
>>> +++ b/tools/perf/util/perf_regs.c
>>> @@ -25,6 +25,9 @@ int perf_reg_value(u64 *valp, struct regs_dump *regs, int id)
>>> int i, idx = 0;
>>> u64 mask = regs->mask;
>>>
>>> + if ((u64)id >= PERF_SAMPLE_REGS_CACHE_SIZE)
>>> + return -EINVAL;
>>> +
>>> if (regs->cache_mask & (1ULL << id))
>>> goto out;
>>>
>>>
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-12-10 15:29 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-01 12:33 [PATCH v1 0/4] Support register names from all architectures German Gomez
2021-12-01 12:33 ` German Gomez
2021-12-01 12:33 ` German Gomez
2021-12-01 12:33 ` [PATCH v1 1/4] perf tools: Prevent out-of-bounds access to registers German Gomez
2021-12-01 12:33 ` German Gomez
2021-12-01 12:33 ` German Gomez
2021-12-08 21:35 ` Jiri Olsa
2021-12-08 21:35 ` Jiri Olsa
2021-12-08 21:35 ` Jiri Olsa
2021-12-10 9:17 ` kajoljain
2021-12-10 9:17 ` kajoljain
2021-12-10 9:17 ` kajoljain
2021-12-10 13:38 ` Arnaldo Carvalho de Melo
2021-12-10 13:38 ` Arnaldo Carvalho de Melo
2021-12-10 13:38 ` Arnaldo Carvalho de Melo
2021-12-10 15:28 ` German Gomez [this message]
2021-12-10 15:28 ` German Gomez
2021-12-10 15:28 ` German Gomez
2021-12-10 16:19 ` Arnaldo Carvalho de Melo
2021-12-10 16:19 ` Arnaldo Carvalho de Melo
2021-12-10 16:19 ` Arnaldo Carvalho de Melo
2021-12-01 12:33 ` [PATCH v1 2/4] perf script: Add "struct machine" parameter to process_event callback German Gomez
2021-12-01 12:33 ` German Gomez
2021-12-01 12:33 ` German Gomez
2021-12-02 16:03 ` Athira Rajeev
2021-12-02 16:03 ` Athira Rajeev
2021-12-02 16:03 ` Athira Rajeev
2021-12-03 12:00 ` German Gomez
2021-12-03 12:00 ` German Gomez
2021-12-03 12:00 ` German Gomez
2021-12-13 18:22 ` Arnaldo Carvalho de Melo
2021-12-13 18:22 ` Arnaldo Carvalho de Melo
2021-12-13 18:22 ` Arnaldo Carvalho de Melo
2021-12-13 18:31 ` German Gomez
2021-12-13 18:31 ` German Gomez
2021-12-13 18:31 ` German Gomez
2021-12-13 19:59 ` Arnaldo Carvalho de Melo
2021-12-13 19:59 ` Arnaldo Carvalho de Melo
2021-12-13 19:59 ` Arnaldo Carvalho de Melo
2021-12-01 12:33 ` [PATCH v1 3/4] perf tools: Crete header files with register names German Gomez
2021-12-01 12:33 ` German Gomez
2021-12-01 12:33 ` German Gomez
2021-12-01 12:33 ` [PATCH v1 4/4] perf tools: Support register names from all architectures German Gomez
2021-12-01 12:33 ` German Gomez
2021-12-01 12:33 ` German Gomez
2021-12-03 9:38 ` German Gomez
2021-12-03 9:38 ` German Gomez
2021-12-03 9:38 ` German Gomez
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=42c6ea29-5904-bb8b-d9c6-a0516c3a564f@arm.com \
--to=german.gomez@arm.com \
--cc=acme@kernel.org \
--cc=alexander.shishkin@linux.intel.com \
--cc=john.garry@huawei.com \
--cc=jolsa@redhat.com \
--cc=kjain@linux.ibm.com \
--cc=leo.yan@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-csky@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-perf-users@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=mark.rutland@arm.com \
--cc=mathieu.poirier@linaro.org \
--cc=namhyung@kernel.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.