lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 17 Jun 2015 20:24:07 +0200
From:	Jiri Olsa <jolsa@...hat.com>
To:	Wang Nan <wangnan0@...wei.com>
Cc:	acme@...nel.org, namhyung@...nel.org,
	masami.hiramatsu.pt@...achi.com, a.p.zijlstra@...llo.nl,
	mingo@...hat.com, jolsa@...nel.org, linux-kernel@...r.kernel.org,
	pi3orama@....com, lizefan@...wei.com
Subject: Re: [PATCH v2] perf tools: Fix a problem when opening old perf.data
 with different byte order

On Wed, Jun 17, 2015 at 09:56:39AM +0000, Wang Nan wrote:
> Following error occurs when trying to use 'perf report' on x86_64 to
> cross analysis a perf.data generated by an old perf on a big-endian
> machine:
> 
>  # perf report
>  *** Error in `/home/w00229757/perf': free(): invalid next size (fast): 0x00000000032c99f0 ***
>  ======= Backtrace: =========
>  /lib64/libc.so.6(+0x6eeef)[0x7ff6ff7e2eef]
>  /lib64/libc.so.6(+0x78cae)[0x7ff6ff7eccae]
>  /lib64/libc.so.6(+0x79987)[0x7ff6ff7ed987]
>  /path/to/perf[0x4ac734]
>  /path/to/perf[0x4ac829]
>  /path/to/perf(perf_header__process_sections+0x129)[0x4ad2c9]
>  /path/to/perf(perf_session__read_header+0x2e1)[0x4ad9e1]
>  /path/to/perf(perf_session__new+0x168)[0x4bd458]
>  /path/to/perf(cmd_report+0xfa0)[0x43eb70]
>  /path/to/perf[0x47adc3]
>  /path/to/perf(main+0x5f6)[0x42fd06]
>  /lib64/libc.so.6(__libc_start_main+0xf5)[0x7ff6ff795bd5]
>  /path/to/perf[0x42fe35]
>  ======= Memory map: ========
>  [SNIP]
> 
> The bug is in perf_event__attr_swap(). It swaps all fields in
> 'struct perf_event_attr' without checking whether the swapped field
> exist or not. In addition, in read_event_desc() allocs memory for attr
> according to size read from perf.data. Therefore, if the perf.data is
> collected by an old perf (without aux_watermark, for example),
> when perf_event__attr_swap() swaping attr->aux_watermark it destroy
> malloc's metadata.
> 
> This patch introduces boundary checking in perf_event__attr_swap(). It
> adds macros bswap_field_64 and bswap_field_32 into
> perf_event__attr_swap() to make it only swap exist fields.
> 
> Signed-off-by: Wang Nan <wangnan0@...wei.com>

Acked-by: Jiri Olsa <jolsa@...nel.org>

thanks,
jirka
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ