| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 Sep 2015 18:15:22 +0800
From: "Wangnan (F)" <wangnan0@...wei.com>
To: Namhyung Kim <namhyung@...nel.org>
CC: <acme@...nel.org>, <lizefan@...wei.com>,
<linux-kernel@...r.kernel.org>, <pi3orama@....com>
Subject: Re: [PATCH] perf tools: Fix segfault in 'perf top'
On 2015/9/12 0:22, Namhyung Kim wrote:
> On Fri, Sep 11, 2015 at 04:59:11AM +0000, Wang Nan wrote:
>> 'perf top' segfaults with following operation:
>>
>> # perf top -e page-faults -p 15173 # 15173 never generate page-fault
>>
>> Then on the resulting empty interface, press right key:
>>
>> # ./perf top -e page-faults -p 11400
>> perf: Segmentation fault
>> -------- backtrace --------
>> ./perf[0x535428]
>> /lib64/libc.so.6(+0x3545f)[0x7f0dd360745f]
>> ./perf[0x531d46]
>> ./perf(perf_evlist__tui_browse_hists+0x96)[0x5340d6]
>> ./perf[0x44ba2f]
>> /lib64/libpthread.so.0(+0x81d0)[0x7f0dd49dc1d0]
>> /lib64/libc.so.6(clone+0x6c)[0x7f0dd36b90dc]
>>
>> The bug reside in perf_evsel__hists_browse() that, in the above circumstance
>> browser->selection can be NULL, but code after skip_annotation doesn't consider
>> it.
>>
>> This patch fix it by checing browser->selection before fetching
>> browser->selection->map and browser->selection->sym.
> I'm ok with this change, just a nitpick below..
>
>
>> Signed-off-by: Wang Nan <wangnan0@...wei.com>
>> Cc: Arnaldo Carvalho de Melo <acme@...nel.org>
>> Cc: Namhyung Kim <namhyung@...nel.org>
>> ---
>> tools/perf/ui/browsers/hists.c | 8 ++++++--
>> 1 file changed, 6 insertions(+), 2 deletions(-)
>>
>> diff --git a/tools/perf/ui/browsers/hists.c b/tools/perf/ui/browsers/hists.c
>> index e4fd40f..b00fa92 100644
>> --- a/tools/perf/ui/browsers/hists.c
>> +++ b/tools/perf/ui/browsers/hists.c
>> @@ -2017,7 +2017,8 @@ skip_annotation:
>> &options[nr_options], dso);
>> nr_options += add_map_opt(browser, &actions[nr_options],
>> &options[nr_options],
>> - browser->selection->map);
>> + browser->selection ?
>> + browser->selection->map : NULL);
>> nr_options += add_socket_opt(browser, &actions[nr_options],
>> &options[nr_options],
>> socket);
>> @@ -2030,7 +2031,10 @@ skip_annotation:
>> nr_options += add_script_opt(browser,
>> &actions[nr_options],
>> &options[nr_options],
>> - NULL, browser->selection->sym);
>> + NULL,
>> + browser->selection ?
>> + browser->selection->sym :
>> + NULL);
> Is this really needed? IIUC browser->selection is not NULL if
> browser->he_selection is not NULL. Did you see a case it's NULL?
> Also passing a NULL thread and a NULL sym is meaningless here since
> it's a duplication..
Actually I didn't see the case when browser->he_selection is not NULL but
browser->selection is NULL. I add the testing only for safety reason because
we have
if (browser->selection == NULL)
goto skip_annotation;
So I guess we'd better to check browser->selection in the codeblock
leading by
skip_annotation, so if someone breaks the assumption the code still work.
But yes, we can add the checker back when the assumption *does* be broken.
Currently let's add a comment here for code readers.
Please have a look for v2 patch.
Thank you.
> Thanks,
> Namhyung
>
>
>> }
>> nr_options += add_script_opt(browser, &actions[nr_options],
>> &options[nr_options], NULL, NULL);
>> --
>> 1.8.3.4
>>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists