* [PATCH 1/3] perf symbols: Fix use-after-free in get_plt_got_name()
2023-03-16 19:41 [PATCH 0/3] perf tools: Address fixes Adrian Hunter
@ 2023-03-16 19:41 ` Adrian Hunter
2023-03-16 19:41 ` [PATCH 2/3] perf symbols: Fix unaligned access in get_x86_64_plt_disp() Adrian Hunter
` (3 subsequent siblings)
4 siblings, 0 replies; 7+ messages in thread
From: Adrian Hunter @ 2023-03-16 19:41 UTC (permalink / raw)
To: Arnaldo Carvalho de Melo
Cc: Jiri Olsa, Namhyung Kim, Ian Rogers, linux-kernel, linux-perf-users
Fix use-after-free in get_plt_got_name().
Discovered using EXTRA_CFLAGS="-fsanitize=undefined -fsanitize=address".
Reported-by: kernel test robot <yujie.liu@intel.com>
Link: https://lore.kernel.org/oe-lkp/202303061424.6ad43294-yujie.liu@intel.com
Fixes: ce4c8e7966f3 ("perf symbols: Get symbols for .plt.got for x86-64")
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
---
tools/perf/util/symbol-elf.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/tools/perf/util/symbol-elf.c b/tools/perf/util/symbol-elf.c
index c0a2de42c51b..7ef5f6d7d415 100644
--- a/tools/perf/util/symbol-elf.c
+++ b/tools/perf/util/symbol-elf.c
@@ -557,6 +557,7 @@ static bool get_plt_got_name(GElf_Shdr *shdr, size_t i,
const char *sym_name;
char *demangled;
GElf_Sym sym;
+ bool result;
u32 disp;
if (!di->sorted)
@@ -583,9 +584,11 @@ static bool get_plt_got_name(GElf_Shdr *shdr, size_t i,
snprintf(buf, buf_sz, "%s@plt", sym_name);
+ result = *sym_name;
+
free(demangled);
- return *sym_name;
+ return result;
}
static int dso__synthesize_plt_got_symbols(struct dso *dso, Elf *elf,
--
2.34.1
^ permalink raw reply related [flat|nested] 7+ messages in thread* [PATCH 2/3] perf symbols: Fix unaligned access in get_x86_64_plt_disp()
2023-03-16 19:41 [PATCH 0/3] perf tools: Address fixes Adrian Hunter
2023-03-16 19:41 ` [PATCH 1/3] perf symbols: Fix use-after-free in get_plt_got_name() Adrian Hunter
@ 2023-03-16 19:41 ` Adrian Hunter
2023-03-16 19:41 ` [PATCH 3/3] perf tools: Avoid warning in do_realloc_array_as_needed() Adrian Hunter
` (2 subsequent siblings)
4 siblings, 0 replies; 7+ messages in thread
From: Adrian Hunter @ 2023-03-16 19:41 UTC (permalink / raw)
To: Arnaldo Carvalho de Melo
Cc: Jiri Olsa, Namhyung Kim, Ian Rogers, linux-kernel, linux-perf-users
Use memcpy() to avoid unaligned access.
Discovered using EXTRA_CFLAGS="-fsanitize=undefined -fsanitize=address".
Reported-by: kernel test robot <yujie.liu@intel.com>
Link: https://lore.kernel.org/oe-lkp/202303061424.6ad43294-yujie.liu@intel.com
Fixes: ce4c8e7966f3 ("perf symbols: Get symbols for .plt.got for x86-64")
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
---
tools/perf/util/symbol-elf.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/tools/perf/util/symbol-elf.c b/tools/perf/util/symbol-elf.c
index 7ef5f6d7d415..ae810d4cf3cd 100644
--- a/tools/perf/util/symbol-elf.c
+++ b/tools/perf/util/symbol-elf.c
@@ -542,9 +542,12 @@ static u32 get_x86_64_plt_disp(const u8 *p)
n += 1;
/* jmp with 4-byte displacement */
if (p[n] == 0xff && p[n + 1] == 0x25) {
+ u32 disp;
+
n += 2;
/* Also add offset from start of entry to end of instruction */
- return n + 4 + le32toh(*(const u32 *)(p + n));
+ memcpy(&disp, p + n, sizeof(disp));
+ return n + 4 + le32toh(disp);
}
return 0;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 7+ messages in thread* [PATCH 3/3] perf tools: Avoid warning in do_realloc_array_as_needed()
2023-03-16 19:41 [PATCH 0/3] perf tools: Address fixes Adrian Hunter
2023-03-16 19:41 ` [PATCH 1/3] perf symbols: Fix use-after-free in get_plt_got_name() Adrian Hunter
2023-03-16 19:41 ` [PATCH 2/3] perf symbols: Fix unaligned access in get_x86_64_plt_disp() Adrian Hunter
@ 2023-03-16 19:41 ` Adrian Hunter
2023-03-16 21:21 ` [PATCH 0/3] perf tools: Address fixes Ian Rogers
2023-03-29 5:07 ` Adrian Hunter
4 siblings, 0 replies; 7+ messages in thread
From: Adrian Hunter @ 2023-03-16 19:41 UTC (permalink / raw)
To: Arnaldo Carvalho de Melo
Cc: Jiri Olsa, Namhyung Kim, Ian Rogers, linux-kernel, linux-perf-users
do_realloc_array_as_needed() used memcpy() of zero size with a NULL
pointer. Check the size first to avoid sanitize warning.
Discovered using EXTRA_CFLAGS="-fsanitize=undefined -fsanitize=address".
Reported-by: kernel test robot <yujie.liu@intel.com>
Link: https://lore.kernel.org/oe-lkp/202303061424.6ad43294-yujie.liu@intel.com
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
---
tools/perf/util/util.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tools/perf/util/util.c b/tools/perf/util/util.c
index b356c9f7f0c3..089208b51e68 100644
--- a/tools/perf/util/util.c
+++ b/tools/perf/util/util.c
@@ -524,7 +524,8 @@ int do_realloc_array_as_needed(void **arr, size_t *arr_sz, size_t x, size_t msz,
new_arr = calloc(new_sz, msz);
if (!new_arr)
return -ENOMEM;
- memcpy(new_arr, *arr, *arr_sz * msz);
+ if (*arr_sz)
+ memcpy(new_arr, *arr, *arr_sz * msz);
if (init_val) {
for (i = *arr_sz; i < new_sz; i++)
memcpy(new_arr + (i * msz), init_val, msz);
--
2.34.1
^ permalink raw reply related [flat|nested] 7+ messages in thread* Re: [PATCH 0/3] perf tools: Address fixes
2023-03-16 19:41 [PATCH 0/3] perf tools: Address fixes Adrian Hunter
` (2 preceding siblings ...)
2023-03-16 19:41 ` [PATCH 3/3] perf tools: Avoid warning in do_realloc_array_as_needed() Adrian Hunter
@ 2023-03-16 21:21 ` Ian Rogers
2023-03-29 5:07 ` Adrian Hunter
4 siblings, 0 replies; 7+ messages in thread
From: Ian Rogers @ 2023-03-16 21:21 UTC (permalink / raw)
To: Adrian Hunter
Cc: Arnaldo Carvalho de Melo, Jiri Olsa, Namhyung Kim, linux-kernel,
linux-perf-users
On Thu, Mar 16, 2023 at 12:42 PM Adrian Hunter <adrian.hunter@intel.com> wrote:
>
> Hi
>
> Here are 3 small fixes resulting from a report from a
> kernel test robot:
>
> https://lore.kernel.org/oe-lkp/202303061424.6ad43294-yujie.liu@intel.com
>
> Issues were revealed due to the use of build
> option:
>
> EXTRA_CFLAGS="-fsanitize=undefined -fsanitize=address"
>
>
> Adrian Hunter (3):
> perf symbols: Fix use-after-free in get_plt_got_name()
> perf symbols: Fix unaligned access in get_x86_64_plt_disp()
> perf tools: Avoid warning in do_realloc_array_as_needed()
All 3:
Acked-by: Ian Rogers <irogers@google.com>
Thanks,
Ian
> tools/perf/util/symbol-elf.c | 10 ++++++++--
> tools/perf/util/util.c | 3 ++-
> 2 files changed, 10 insertions(+), 3 deletions(-)
>
>
> Regards
> Adrian
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: [PATCH 0/3] perf tools: Address fixes
2023-03-16 19:41 [PATCH 0/3] perf tools: Address fixes Adrian Hunter
` (3 preceding siblings ...)
2023-03-16 21:21 ` [PATCH 0/3] perf tools: Address fixes Ian Rogers
@ 2023-03-29 5:07 ` Adrian Hunter
2023-03-29 12:39 ` Arnaldo Carvalho de Melo
4 siblings, 1 reply; 7+ messages in thread
From: Adrian Hunter @ 2023-03-29 5:07 UTC (permalink / raw)
To: Arnaldo Carvalho de Melo
Cc: Jiri Olsa, Namhyung Kim, Ian Rogers, linux-kernel, linux-perf-users
On 16/03/23 21:41, Adrian Hunter wrote:
> Hi
>
> Here are 3 small fixes resulting from a report from a
> kernel test robot:
>
> https://lore.kernel.org/oe-lkp/202303061424.6ad43294-yujie.liu@intel.com
>
> Issues were revealed due to the use of build
> option:
>
> EXTRA_CFLAGS="-fsanitize=undefined -fsanitize=address"
>
>
> Adrian Hunter (3):
> perf symbols: Fix use-after-free in get_plt_got_name()
> perf symbols: Fix unaligned access in get_x86_64_plt_disp()
> perf tools: Avoid warning in do_realloc_array_as_needed()
>
> tools/perf/util/symbol-elf.c | 10 ++++++++--
> tools/perf/util/util.c | 3 ++-
> 2 files changed, 10 insertions(+), 3 deletions(-)
These seem to be still outstanding.
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: [PATCH 0/3] perf tools: Address fixes
2023-03-29 5:07 ` Adrian Hunter
@ 2023-03-29 12:39 ` Arnaldo Carvalho de Melo
0 siblings, 0 replies; 7+ messages in thread
From: Arnaldo Carvalho de Melo @ 2023-03-29 12:39 UTC (permalink / raw)
To: Adrian Hunter
Cc: Jiri Olsa, Namhyung Kim, Ian Rogers, linux-kernel, linux-perf-users
Em Wed, Mar 29, 2023 at 08:07:42AM +0300, Adrian Hunter escreveu:
> On 16/03/23 21:41, Adrian Hunter wrote:
> > Hi
> >
> > Here are 3 small fixes resulting from a report from a
> > kernel test robot:
> >
> > https://lore.kernel.org/oe-lkp/202303061424.6ad43294-yujie.liu@intel.com
> >
> > Issues were revealed due to the use of build
> > option:
> >
> > EXTRA_CFLAGS="-fsanitize=undefined -fsanitize=address"
> >
> >
> > Adrian Hunter (3):
> > perf symbols: Fix use-after-free in get_plt_got_name()
> > perf symbols: Fix unaligned access in get_x86_64_plt_disp()
> > perf tools: Avoid warning in do_realloc_array_as_needed()
> >
> > tools/perf/util/symbol-elf.c | 10 ++++++++--
> > tools/perf/util/util.c | 3 ++-
> > 2 files changed, 10 insertions(+), 3 deletions(-)
>
> These seem to be still outstanding.
Thanks for the reminder, applied.
- Arnaldo
^ permalink raw reply [flat|nested] 7+ messages in thread