From: tip-bot for Adrian Hunter <tipbot@zytor.com>
To: linux-tip-commits@vger.kernel.org
Cc: acme@redhat.com, linux-kernel@vger.kernel.org,
eranian@google.com, paulus@samba.org, hpa@zytor.com,
mingo@kernel.org, peterz@infradead.org, efault@gmx.de,
namhyung@gmail.com, jolsa@redhat.com, fweisbec@gmail.com,
adrian.hunter@intel.com, dsahern@gmail.com, tglx@linutronix.de
Subject: [tip:perf/core] perf tools: Validate perf event header size
Date: Fri, 19 Jul 2013 00:50:03 -0700 [thread overview]
Message-ID: <tip-27389d7823f573be8eaff32fb4abe564e181eb71@git.kernel.org> (raw)
In-Reply-To: <1372944040-32690-9-git-send-email-adrian.hunter@intel.com>
Commit-ID: 27389d7823f573be8eaff32fb4abe564e181eb71
Gitweb: http://git.kernel.org/tip/27389d7823f573be8eaff32fb4abe564e181eb71
Author: Adrian Hunter <adrian.hunter@intel.com>
AuthorDate: Thu, 4 Jul 2013 16:20:27 +0300
Committer: Arnaldo Carvalho de Melo <acme@redhat.com>
CommitDate: Fri, 12 Jul 2013 13:53:48 -0300
perf tools: Validate perf event header size
The 'size' variable includes the header so must be at least
'sizeof(struct perf_event_header)'. Error out immediately if that is
not the case. Also don't byte-swap the header until it is actually
"fetched" from the mmap region.
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Namhyung Kim <namhyung@gmail.com>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Link: http://lkml.kernel.org/r/1372944040-32690-9-git-send-email-adrian.hunter@intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
---
tools/perf/util/session.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/tools/perf/util/session.c b/tools/perf/util/session.c
index 6b71b88..951a1cf 100644
--- a/tools/perf/util/session.c
+++ b/tools/perf/util/session.c
@@ -1094,8 +1094,10 @@ more:
perf_event_header__bswap(&event->header);
size = event->header.size;
- if (size == 0)
- size = 8;
+ if (size < sizeof(struct perf_event_header)) {
+ pr_err("bad event header size\n");
+ goto out_err;
+ }
if (size > cur_size) {
void *new = realloc(buf, size);
@@ -1164,8 +1166,12 @@ fetch_mmaped_event(struct perf_session *session,
if (session->header.needs_swap)
perf_event_header__bswap(&event->header);
- if (head + event->header.size > mmap_size)
+ if (head + event->header.size > mmap_size) {
+ /* We're not fetching the event so swap back again */
+ if (session->header.needs_swap)
+ perf_event_header__bswap(&event->header);
return NULL;
+ }
return event;
}
@@ -1245,7 +1251,7 @@ more:
size = event->header.size;
- if (size == 0 ||
+ if (size < sizeof(struct perf_event_header) ||
perf_session__process_event(session, event, tool, file_pos) < 0) {
pr_err("%#" PRIx64 " [%#x]: failed to process type: %d\n",
file_offset + head, event->header.size,
next prev parent reply other threads:[~2013-07-19 7:50 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-04 13:20 [PATCH V4 00/15] perf tools: some fixes and tweaks Adrian Hunter
2013-07-04 13:20 ` [PATCH V4 01/21] perf tools: remove unused parameter Adrian Hunter
2013-07-19 7:49 ` [tip:perf/core] perf inject: Remove " tip-bot for Adrian Hunter
2013-07-04 13:20 ` [PATCH V4 02/21] perf tools: fix missing tool parameter Adrian Hunter
2013-07-19 7:49 ` [tip:perf/core] perf tools: Fix " tip-bot for Adrian Hunter
2013-07-04 13:20 ` [PATCH V4 03/21] perf tools: fix missing 'finished_round' Adrian Hunter
2013-07-19 7:49 ` [tip:perf/core] perf inject: Add " tip-bot for Adrian Hunter
2013-07-04 13:20 ` [PATCH V4 04/21] perf tools: fix parse_events_terms() segfault on error path Adrian Hunter
2013-07-12 8:51 ` [tip:perf/urgent] perf tools: Fix " tip-bot for Adrian Hunter
2013-07-04 13:20 ` [PATCH V4 05/21] perf tools: fix new_term() missing free " Adrian Hunter
2013-07-12 8:51 ` [tip:perf/urgent] perf tools: Fix " tip-bot for Adrian Hunter
2013-07-04 13:20 ` [PATCH V4 06/21] perf tools: add const specifier to perf_pmu__find name parameter Adrian Hunter
2013-07-19 7:49 ` [tip:perf/core] perf tools: Add " tip-bot for Adrian Hunter
2013-07-04 13:20 ` [PATCH V4 07/21] perf tools: tidy duplicated munmap code Adrian Hunter
2013-07-19 7:49 ` [tip:perf/core] perf evlist: Tidy " tip-bot for Adrian Hunter
2013-07-04 13:20 ` [PATCH V4 08/21] perf tools: validate perf event header size Adrian Hunter
2013-07-19 7:50 ` tip-bot for Adrian Hunter [this message]
2013-07-04 13:20 ` [PATCH V4 09/21] perf tools: add debug prints Adrian Hunter
2013-07-05 16:59 ` Arnaldo Carvalho de Melo
2013-07-04 13:20 ` [PATCH V4 10/21] perf tools: fix symbol_conf.nr_events Adrian Hunter
2013-07-12 8:51 ` [tip:perf/urgent] perf tools: Update symbol_conf.nr_events when processing attribute events tip-bot for Adrian Hunter
2013-07-04 13:20 ` [PATCH V4 11/21] perf tools: allow non-matching sample types Adrian Hunter
2013-07-04 13:20 ` [PATCH V4 12/21] perf tools: struct thread has a tid not a pid Adrian Hunter
2013-07-19 7:50 ` [tip:perf/core] " tip-bot for Adrian Hunter
2013-07-04 13:20 ` [PATCH V4 13/21] perf tools: add pid to struct thread Adrian Hunter
2013-07-04 13:20 ` [PATCH V4 14/21] perf tools: change "machine" functions to set thread pid Adrian Hunter
2013-07-06 15:58 ` David Ahern
2013-07-04 13:20 ` [PATCH V4 15/21] perf tools: fix missing increment in sample parsing Adrian Hunter
2013-07-05 17:08 ` Arnaldo Carvalho de Melo
2013-07-12 8:51 ` [tip:perf/urgent] perf evsel: Fix " tip-bot for Adrian Hunter
2013-07-04 13:20 ` [PATCH V4 16/21] perf tools: tidy up sample parsing overflow checking Adrian Hunter
2013-07-04 13:20 ` [PATCH V4 17/21] perf tools: remove unnecessary callchain validation Adrian Hunter
2013-07-04 13:20 ` [PATCH V4 18/21] perf tools: remove references to struct ip_event Adrian Hunter
2013-07-04 13:20 ` [PATCH V4 19/21] perf tools: move " Adrian Hunter
2013-07-04 13:20 ` [PATCH V4 20/21] perf: make events stream always parsable Adrian Hunter
2013-07-05 13:24 ` Namhyung Kim
2013-07-11 13:26 ` Adrian Hunter
2013-07-04 13:20 ` [PATCH V4 21/21] perf tools: add support for PERF_SAMPLE_IDENTFIER Adrian Hunter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=tip-27389d7823f573be8eaff32fb4abe564e181eb71@git.kernel.org \
--to=tipbot@zytor.com \
--cc=acme@redhat.com \
--cc=adrian.hunter@intel.com \
--cc=dsahern@gmail.com \
--cc=efault@gmx.de \
--cc=eranian@google.com \
--cc=fweisbec@gmail.com \
--cc=hpa@zytor.com \
--cc=jolsa@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-tip-commits@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=namhyung@gmail.com \
--cc=paulus@samba.org \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).