[3/3] perf session: Avoid infinite loop if an event is truncated
diff mbox series

Message ID 20201124095923.3683-3-oss@malat.biz
State New, archived
Headers show
Series
  • [1/3] Revert "perf session: Fix decompression of PERF_RECORD_COMPRESSED records"
Related show

Commit Message

Petr Malat Nov. 24, 2020, 9:59 a.m. UTC
If an event was truncated at the end of a perf.data file larger than
MAP_SIZE, the event reading code ended up in an infinite loop. Break
this loop by making sure the mapping window is always shifting
towards the end of the file.

Fixes: bb1835a3b86c ("perf session: Fix decompression of PERF_RECORD_COMPRESSED records")
Fixes: 57fc032ad643 ("perf session: Avoid infinite loop when seeing invalid header.size")
Signed-off-by: Petr Malat <oss@malat.biz>
---
 tools/perf/util/session.c | 6 ++++++
 1 file changed, 6 insertions(+)

Comments

Petr Malat Nov. 24, 2020, 10:21 a.m. UTC | #1
I made a rebase mistake and picked old change, I will send the series
again rebased on v5.10-rc5. Sorry for the inconvenience.
  Petr

On Tue, Nov 24, 2020 at 10:59:21AM +0100, Petr Malat wrote:
> If an event was truncated at the end of a perf.data file larger than
> MAP_SIZE, the event reading code ended up in an infinite loop. Break
> this loop by making sure the mapping window is always shifting
> towards the end of the file.
> 
> Fixes: bb1835a3b86c ("perf session: Fix decompression of PERF_RECORD_COMPRESSED records")
> Fixes: 57fc032ad643 ("perf session: Avoid infinite loop when seeing invalid header.size")
> Signed-off-by: Petr Malat <oss@malat.biz>
> ---
>  tools/perf/util/session.c | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/tools/perf/util/session.c b/tools/perf/util/session.c
> index e57b0d09d196..b73b85d99628 100644
> --- a/tools/perf/util/session.c
> +++ b/tools/perf/util/session.c
> @@ -2168,6 +2168,12 @@ reader__process_events(struct reader *rd, struct perf_session *session,
>  		}
>  
>  		page_offset = page_size * (head / page_size);
> +		if (!page_offset) {
> +			pr_err("%#" PRIx64 " [%#x]: truncated event\n",
> +					file_offset + head);
> +			err = -EINVAL;
> +			goto out;
> +		}
>  		file_offset += page_offset;
>  		head -= page_offset;
>  		goto remap;
> -- 
> 2.20.1
>

Patch
diff mbox series

diff --git a/tools/perf/util/session.c b/tools/perf/util/session.c
index e57b0d09d196..b73b85d99628 100644
--- a/tools/perf/util/session.c
+++ b/tools/perf/util/session.c
@@ -2168,6 +2168,12 @@  reader__process_events(struct reader *rd, struct perf_session *session,
 		}
 
 		page_offset = page_size * (head / page_size);
+		if (!page_offset) {
+			pr_err("%#" PRIx64 " [%#x]: truncated event\n",
+					file_offset + head);
+			err = -EINVAL;
+			goto out;
+		}
 		file_offset += page_offset;
 		head -= page_offset;
 		goto remap;