| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 Dec 2015 10:39:10 +0000
From: Wang Nan <wangnan0@...wei.com>
To: <acme@...nel.org>, <masami.hiramatsu.pt@...achi.com>,
<jolsa@...nel.org>
CC: <linux-kernel@...r.kernel.org>, <pi3orama@....com>,
<lizefan@...wei.com>, Wang Nan <wangnan0@...wei.com>,
Arnaldo Carvalho de Melo <acme@...hat.com>,
Namhyung Kim <namhyung@...nel.org>
Subject: [PATCH v5 01/14] perf tests: Fix incorrect free and false TEST_OK result
Commit cc1121ab9687d660cc02f50b1a4974112f87a8e6 ('perf machine: Fix
machine.vmlinux_maps to make sure to clear the old one') reveals a bug
in 'perf test' that in all test cases which use setup_fake_machine()
incorrectly call free() when failure, because all users of
setup_fake_machine() use static allocated 'machines' structure, but
setup_fake_machine() calls machine__delete() which try to free() it.
If a normal user try those test cases this problem can be seen:
$ cat /proc/sys/kernel/kptr_restrict
1
$ ./perf test 'hist'
15: Test matching and linking multiple hists :*** Error in `./perf': munmap_chunk(): invalid pointer: 0x00007ffd6e900090 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x6eeef)[0x7fcec97e1eef]
/lib64/libc.so.6(+0x78cae)[0x7fcec97ebcae]
./perf(setup_fake_machine+0x1cd)[0x4721ad]
./perf(test__hists_link+0xbf)[0x472d3f]
./perf[0x4648df]
./perf(cmd_test+0x589)[0x464ec9]
./perf[0x47fd11]
./perf(main+0x5f6)[0x432b96]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7fcec9794bd5]
./perf[0x432cc5]
======= Memory map: ========
...
25: Test filtering hist entries :*** Error in `./perf': munmap_chunk(): invalid pointer: 0x00007ffd6e900080 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x6eeef)[0x7fcec97e1eef]
/lib64/libc.so.6(+0x78cae)[0x7fcec97ebcae]
./perf(setup_fake_machine+0x1cd)[0x4721ad]
./perf(test__hists_filter+0xc6)[0x4730f6]
./perf[0x4648df]
./perf(cmd_test+0x589)[0x464ec9]
./perf[0x47fd11]
./perf(main+0x5f6)[0x432b96]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7fcec9794bd5]
./perf[0x432cc5]
======= Memory map: ========
...
...
Actually, all users of 'machines__init()' should avoid calling
machine__delete(). We can further add a flag in machine structure to
enforce this restriction.
After changing machine__delete() to machine__exit() another problem
arises:
$ ./perf test 'hist'
15: Test matching and linking multiple hists : Ok
25: Test filtering hist entries : Ok
28: Test output sorting of hist entries : Ok
29: Test cumulation of child hist entries : Ok
The result is not true:
$ ./perf test -v 'hist'
15: Test matching and linking multiple hists :
--- start ---
test child forked, pid 17657
Not enough memory for machine setup
Not enough memory for machine setup
test child finished with 0
---- end ----
Test matching and linking multiple hists: Ok
25: Test filtering hist entries :
--- start ---
test child forked, pid 17658
Not enough memory for machine setup
Not enough memory for machine setup
test child finished with 0
---- end ----
Test filtering hist entries: Ok
28: Test output sorting of hist entries :
--- start ---
test child forked, pid 17659
Not enough memory for machine setup
Not enough memory for machine setup
test child finished with 0
---- end ----
Test output sorting of hist entries: Ok
29: Test cumulation of child hist entries :
--- start ---
test child forked, pid 17660
Not enough memory for machine setup
Not enough memory for machine setup
test child finished with 0
---- end ----
Test cumulation of child hist entries: Ok
Because the test body is not executed at all.
The reason is that *ALL* hists test cases forget to reset err after
using it to hold an error code:
err = TEST_FAIL;
...
err = parse_events(evlist, "cpu-clock", NULL);
if (err)
goto out;
/* err is already 0 here */
...
machine = setup_fake_machine(&machines);
if (!machine)
goto out;
...
out:
...
return err;
This patch ensure err is reset.
In case when kptr_restrict prevent normal user get kernel address, this
test should be skipped, not fail. This patch use linux/err.h to store
error code in return value of setup_fake_machine(), and let 'EACCES' to
indicate this problem.
Also, the debug message 'Not enough memory for machine setup' is not
true and should be fixed.
Here is the final result:
$ ./perf test 'hist'
15: Test matching and linking multiple hists : Skip
25: Test filtering hist entries : Skip
28: Test output sorting of hist entries : Skip
29: Test cumulation of child hist entries : Skip
$ ./perf test -v 'hist'
15: Test matching and linking multiple hists :
--- start ---
test child forked, pid 20177
Failed to create kernel maps
Hint: Check /proc/sys/kernel/kptr_restrict.
Failed for machine setup
test child finished with -2
---- end ----
Test matching and linking multiple hists: Skip
25: Test filtering hist entries
...
$ sudo ./perf test hist
15: Test matching and linking multiple hists : Ok
25: Test filtering hist entries : Ok
28: Test output sorting of hist entries : Ok
29: Test cumulation of child hist entries : Ok
Signed-off-by: Wang Nan <wangnan0@...wei.com>
Cc: Arnaldo Carvalho de Melo <acme@...hat.com>
Cc: Jiri Olsa <jolsa@...nel.org>
Cc: Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>
Cc: Namhyung Kim <namhyung@...nel.org>
---
tools/perf/tests/hists_common.c | 15 ++++++++++-----
tools/perf/tests/hists_common.h | 1 +
tools/perf/tests/hists_cumulate.c | 6 +++++-
tools/perf/tests/hists_filter.c | 6 +++++-
tools/perf/tests/hists_link.c | 6 +++++-
tools/perf/tests/hists_output.c | 6 +++++-
6 files changed, 31 insertions(+), 9 deletions(-)
diff --git a/tools/perf/tests/hists_common.c b/tools/perf/tests/hists_common.c
index 46f453b..4cd8cad 100644
--- a/tools/perf/tests/hists_common.c
+++ b/tools/perf/tests/hists_common.c
@@ -81,14 +81,19 @@ struct machine *setup_fake_machine(struct machines *machines)
{
struct machine *machine = machines__find(machines, HOST_KERNEL_ID);
size_t i;
+ int err = -ENOMEM;
if (machine == NULL) {
pr_debug("Not enough memory for machine setup\n");
- return NULL;
+ return ERR_PTR(-ENOMEM);
}
if (machine__create_kernel_maps(machine)) {
- pr_debug("Not enough memory for machine setup\n");
+ pr_debug("Failed to create kernel maps\n");
+ if (symbol_conf.kptr_restrict) {
+ pr_debug("Hint: Check /proc/sys/kernel/kptr_restrict.\n");
+ err = -EACCES;
+ }
goto out;
}
@@ -153,10 +158,10 @@ struct machine *setup_fake_machine(struct machines *machines)
return machine;
out:
- pr_debug("Not enough memory for machine setup\n");
+ pr_debug("Failed for machine setup\n");
machine__delete_threads(machine);
- machine__delete(machine);
- return NULL;
+ machine__exit(machine);
+ return ERR_PTR(err);
}
void print_hists_in(struct hists *hists)
diff --git a/tools/perf/tests/hists_common.h b/tools/perf/tests/hists_common.h
index 888254e..0252eae 100644
--- a/tools/perf/tests/hists_common.h
+++ b/tools/perf/tests/hists_common.h
@@ -1,5 +1,6 @@
#ifndef __PERF_TESTS__HISTS_COMMON_H__
#define __PERF_TESTS__HISTS_COMMON_H__
+#include <linux/err.h>
struct machine;
struct machines;
diff --git a/tools/perf/tests/hists_cumulate.c b/tools/perf/tests/hists_cumulate.c
index 8292948..c211075 100644
--- a/tools/perf/tests/hists_cumulate.c
+++ b/tools/perf/tests/hists_cumulate.c
@@ -706,13 +706,17 @@ int test__hists_cumulate(int subtest __maybe_unused)
err = parse_events(evlist, "cpu-clock", NULL);
if (err)
goto out;
+ err = TEST_FAIL;
machines__init(&machines);
/* setup threads/dso/map/symbols also */
machine = setup_fake_machine(&machines);
- if (!machine)
+ if (IS_ERR(machine)) {
+ if (PTR_ERR(machine) == -EACCES)
+ err = TEST_SKIP;
goto out;
+ }
if (verbose > 1)
machine__fprintf(machine, stderr);
diff --git a/tools/perf/tests/hists_filter.c b/tools/perf/tests/hists_filter.c
index ccb5b49..795a04d 100644
--- a/tools/perf/tests/hists_filter.c
+++ b/tools/perf/tests/hists_filter.c
@@ -120,6 +120,7 @@ int test__hists_filter(int subtest __maybe_unused)
err = parse_events(evlist, "task-clock", NULL);
if (err)
goto out;
+ err = TEST_FAIL;
/* default sort order (comm,dso,sym) will be used */
if (setup_sorting() < 0)
@@ -129,8 +130,11 @@ int test__hists_filter(int subtest __maybe_unused)
/* setup threads/dso/map/symbols also */
machine = setup_fake_machine(&machines);
- if (!machine)
+ if (IS_ERR(machine)) {
+ if (PTR_ERR(machine) == -EACCES)
+ err = TEST_SKIP;
goto out;
+ }
if (verbose > 1)
machine__fprintf(machine, stderr);
diff --git a/tools/perf/tests/hists_link.c b/tools/perf/tests/hists_link.c
index 6243e2b..f5f37ef9 100644
--- a/tools/perf/tests/hists_link.c
+++ b/tools/perf/tests/hists_link.c
@@ -293,6 +293,7 @@ int test__hists_link(int subtest __maybe_unused)
if (err)
goto out;
+ err = TEST_FAIL;
/* default sort order (comm,dso,sym) will be used */
if (setup_sorting() < 0)
goto out;
@@ -301,8 +302,11 @@ int test__hists_link(int subtest __maybe_unused)
/* setup threads/dso/map/symbols also */
machine = setup_fake_machine(&machines);
- if (!machine)
+ if (IS_ERR(machine)) {
+ if (PTR_ERR(machine) == -EACCES)
+ err = TEST_SKIP;
goto out;
+ }
if (verbose > 1)
machine__fprintf(machine, stderr);
diff --git a/tools/perf/tests/hists_output.c b/tools/perf/tests/hists_output.c
index 248beec..cc570cf 100644
--- a/tools/perf/tests/hists_output.c
+++ b/tools/perf/tests/hists_output.c
@@ -597,13 +597,17 @@ int test__hists_output(int subtest __maybe_unused)
err = parse_events(evlist, "cpu-clock", NULL);
if (err)
goto out;
+ err = TEST_FAIL;
machines__init(&machines);
/* setup threads/dso/map/symbols also */
machine = setup_fake_machine(&machines);
- if (!machine)
+ if (IS_ERR(machine)) {
+ if (PTR_ERR(machine) == -EACCES)
+ err = TEST_SKIP;
goto out;
+ }
if (verbose > 1)
machine__fprintf(machine, stderr);
--
1.8.3.4
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists