linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Numfor Mbiziwo-Tiapo <nums@google.com>
To: peterz@infradead.org, mingo@redhat.com, acme@kernel.org,
	alexander.shishkin@linux.intel.com, jolsa@redhat.com,
	namhyung@kernel.org, songliubraving@fb.com, mbd@fb.com
Cc: linux-kernel@vger.kernel.org, irogers@google.com,
	eranian@google.com, Numfor Mbiziwo-Tiapo <nums@google.com>
Subject: [PATCH v2] Fix annotate.c use of uninitialized value error
Date: Tue, 30 Jul 2019 17:40:32 -0700	[thread overview]
Message-ID: <20190731004032.74676-1-nums@google.com> (raw)
In-Reply-To: <20190726192859.GG20482@kernel.org>

Our local MSAN (Memory Sanitizer) build of perf throws a warning
that comes from the "dso__disassemble_filename" function in
"tools/perf/util/annotate.c" when running perf record.

The warning stems from the call to readlink, in which "build_id_path"
was being read into "linkname". Since readlink does not null terminate,
an uninitialized memory access would later occur when "linkname" is
passed into the strstr function. This is simply fixed by null-terminating
"linkname" after the call to readlink.

To reproduce this warning, build perf by running:
make -C tools/perf CLANG=1 CC=clang EXTRA_CFLAGS="-fsanitize=memory\
 -fsanitize-memory-track-origins"

(Additionally, llvm might have to be installed and clang might have to
be specified as the compiler - export CC=/usr/bin/clang)

then running:
tools/perf/perf record -o - ls / | tools/perf/perf --no-pager annotate\
 -i - --stdio

Please see the cover letter for why false positive warnings may be
generated.

Signed-off-by: Numfor Mbiziwo-Tiapo <nums@google.com>
---
 tools/perf/util/annotate.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c
index 70de8f6b3aee..e1b075b52dce 100644
--- a/tools/perf/util/annotate.c
+++ b/tools/perf/util/annotate.c
@@ -1627,6 +1627,7 @@ static int dso__disassemble_filename(struct dso *dso, char *filename, size_t fil
 	char *build_id_filename;
 	char *build_id_path = NULL;
 	char *pos;
+	int len;
 
 	if (dso->symtab_type == DSO_BINARY_TYPE__KALLSYMS &&
 	    !dso__is_kcore(dso))
@@ -1655,10 +1656,16 @@ static int dso__disassemble_filename(struct dso *dso, char *filename, size_t fil
 	if (pos && strlen(pos) < SBUILD_ID_SIZE - 2)
 		dirname(build_id_path);
 
-	if (dso__is_kcore(dso) ||
-	    readlink(build_id_path, linkname, sizeof(linkname)) < 0 ||
-	    strstr(linkname, DSO__NAME_KALLSYMS) ||
-	    access(filename, R_OK)) {
+	if (dso__is_kcore(dso))
+		goto fallback;
+
+	len = readlink(build_id_path, linkname, sizeof(linkname) - 1);
+	if (len < 0)
+		goto fallback;
+
+	linkname[len] = '\0';
+	if (strstr(linkname, DSO__NAME_KALLSYMS) ||
+		access(filename, R_OK)) {
 fallback:
 		/*
 		 * If we don't have build-ids or the build-id file isn't in the
-- 
2.22.0.709.g102302147b-goog


  reply	other threads:[~2019-07-31  0:40 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-07-24 23:44 [PATCH 0/3] Perf uninitialized value fixes Numfor Mbiziwo-Tiapo
2019-07-24 23:44 ` [PATCH 1/3] Fix util.c use of unitialized value warning Numfor Mbiziwo-Tiapo
2019-07-26 19:19   ` Arnaldo Carvalho de Melo
2019-07-29 21:35   ` [tip:perf/urgent] perf header: Fix " tip-bot for Numfor Mbiziwo-Tiapo
2019-07-24 23:44 ` [PATCH 2/3] Fix annotate.c use of uninitialized value error Numfor Mbiziwo-Tiapo
2019-07-26 19:28   ` Arnaldo Carvalho de Melo
2019-07-31  0:40     ` Numfor Mbiziwo-Tiapo [this message]
2019-07-24 23:45 ` [PATCH 3/3] Fix sched-messaging.c use of uninitialized value errors Numfor Mbiziwo-Tiapo
2019-07-26 19:32   ` Arnaldo Carvalho de Melo
2019-07-26 23:52     ` Ian Rogers
2019-08-07 20:38 ` [PATCH 0/3] Perf uninitialized value fixes Arnaldo Carvalho de Melo
2019-08-22 21:29   ` Ian Rogers
2019-07-26 19:40 [PATCH 1/3] Fix backward-ring-buffer.c format-truncation error Arnaldo Carvalho de Melo
2019-07-29 20:57 ` [PATCH v2] Fix annotate.c use of uninitialized value error Numfor Mbiziwo-Tiapo
2019-08-07 11:32   ` Jiri Olsa
2019-10-25 22:11     ` Ian Rogers
2020-07-09  0:54       ` Ian Rogers
2020-07-09 15:38         ` Arnaldo Carvalho de Melo

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190731004032.74676-1-nums@google.com \
    --to=nums@google.com \
    --cc=acme@kernel.org \
    --cc=alexander.shishkin@linux.intel.com \
    --cc=eranian@google.com \
    --cc=irogers@google.com \
    --cc=jolsa@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mbd@fb.com \
    --cc=mingo@redhat.com \
    --cc=namhyung@kernel.org \
    --cc=peterz@infradead.org \
    --cc=songliubraving@fb.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).