lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 11 Jan 2016 13:48:07 +0000
From:	Wang Nan <wangnan0@...wei.com>
To:	<acme@...nel.org>
CC:	<linux-kernel@...r.kernel.org>, <pi3orama@....com>,
	<lizefan@...wei.com>, <netdev@...r.kernel.org>,
	<davem@...emloft.net>, Wang Nan <wangnan0@...wei.com>,
	Arnaldo Carvalho de Melo <acme@...hat.com>,
	He Kuang <hekuang@...wei.com>,
	Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>,
	Namhyung Kim <namhyung@...nel.org>
Subject: [PATCH 16/53] perf tools: Fix mmap2 event allocation in synthesize code

perf_event__synthesize_mmap_events() issues mmap2 events, but the
memory of that event is allocated using:

 mmap_event = malloc(sizeof(mmap_event->mmap) + machine->id_hdr_size);

If path of mmap source file is long (near PATH_MAX), random crash
would happen. Should use sizeof(mmap_event->mmap2).

Fix two memory allocations and rename all mmap_event to mmap2_event
to make it clear.

Signed-off-by: Wang Nan <wangnan0@...wei.com>
Acked-by: Jiri Olsa <jolsa@...nel.org>
Cc: Arnaldo Carvalho de Melo <acme@...hat.com>
Cc: He Kuang <hekuang@...wei.com>
Cc: Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>
Cc: Namhyung Kim <namhyung@...nel.org>
Cc: Zefan Li <lizefan@...wei.com>
Cc: pi3orama@....com
---
 tools/perf/util/event.c | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/tools/perf/util/event.c b/tools/perf/util/event.c
index cd61bb1..cde8228 100644
--- a/tools/perf/util/event.c
+++ b/tools/perf/util/event.c
@@ -413,7 +413,7 @@ int perf_event__synthesize_modules(struct perf_tool *tool,
 }
 
 static int __event__synthesize_thread(union perf_event *comm_event,
-				      union perf_event *mmap_event,
+				      union perf_event *mmap2_event,
 				      union perf_event *fork_event,
 				      pid_t pid, int full,
 					  perf_event__handler_t process,
@@ -436,7 +436,7 @@ static int __event__synthesize_thread(union perf_event *comm_event,
 		if (tgid == -1)
 			return -1;
 
-		return perf_event__synthesize_mmap_events(tool, mmap_event, pid, tgid,
+		return perf_event__synthesize_mmap_events(tool, mmap2_event, pid, tgid,
 							  process, machine, mmap_data,
 							  proc_map_timeout);
 	}
@@ -478,7 +478,7 @@ static int __event__synthesize_thread(union perf_event *comm_event,
 		rc = 0;
 		if (_pid == pid) {
 			/* process the parent's maps too */
-			rc = perf_event__synthesize_mmap_events(tool, mmap_event, pid, tgid,
+			rc = perf_event__synthesize_mmap_events(tool, mmap2_event, pid, tgid,
 						process, machine, mmap_data, proc_map_timeout);
 			if (rc)
 				break;
@@ -496,15 +496,15 @@ int perf_event__synthesize_thread_map(struct perf_tool *tool,
 				      bool mmap_data,
 				      unsigned int proc_map_timeout)
 {
-	union perf_event *comm_event, *mmap_event, *fork_event;
+	union perf_event *comm_event, *mmap2_event, *fork_event;
 	int err = -1, thread, j;
 
 	comm_event = malloc(sizeof(comm_event->comm) + machine->id_hdr_size);
 	if (comm_event == NULL)
 		goto out;
 
-	mmap_event = malloc(sizeof(mmap_event->mmap) + machine->id_hdr_size);
-	if (mmap_event == NULL)
+	mmap2_event = malloc(sizeof(mmap2_event->mmap2) + machine->id_hdr_size);
+	if (mmap2_event == NULL)
 		goto out_free_comm;
 
 	fork_event = malloc(sizeof(fork_event->fork) + machine->id_hdr_size);
@@ -513,7 +513,7 @@ int perf_event__synthesize_thread_map(struct perf_tool *tool,
 
 	err = 0;
 	for (thread = 0; thread < threads->nr; ++thread) {
-		if (__event__synthesize_thread(comm_event, mmap_event,
+		if (__event__synthesize_thread(comm_event, mmap2_event,
 					       fork_event,
 					       thread_map__pid(threads, thread), 0,
 					       process, tool, machine,
@@ -539,7 +539,7 @@ int perf_event__synthesize_thread_map(struct perf_tool *tool,
 
 			/* if not, generate events for it */
 			if (need_leader &&
-			    __event__synthesize_thread(comm_event, mmap_event,
+			    __event__synthesize_thread(comm_event, mmap2_event,
 						       fork_event,
 						       comm_event->comm.pid, 0,
 						       process, tool, machine,
@@ -551,7 +551,7 @@ int perf_event__synthesize_thread_map(struct perf_tool *tool,
 	}
 	free(fork_event);
 out_free_mmap:
-	free(mmap_event);
+	free(mmap2_event);
 out_free_comm:
 	free(comm_event);
 out:
@@ -567,7 +567,7 @@ int perf_event__synthesize_threads(struct perf_tool *tool,
 	DIR *proc;
 	char proc_path[PATH_MAX];
 	struct dirent dirent, *next;
-	union perf_event *comm_event, *mmap_event, *fork_event;
+	union perf_event *comm_event, *mmap2_event, *fork_event;
 	int err = -1;
 
 	if (machine__is_default_guest(machine))
@@ -577,8 +577,8 @@ int perf_event__synthesize_threads(struct perf_tool *tool,
 	if (comm_event == NULL)
 		goto out;
 
-	mmap_event = malloc(sizeof(mmap_event->mmap) + machine->id_hdr_size);
-	if (mmap_event == NULL)
+	mmap2_event = malloc(sizeof(mmap2_event->mmap2) + machine->id_hdr_size);
+	if (mmap2_event == NULL)
 		goto out_free_comm;
 
 	fork_event = malloc(sizeof(fork_event->fork) + machine->id_hdr_size);
@@ -601,7 +601,7 @@ int perf_event__synthesize_threads(struct perf_tool *tool,
  		 * We may race with exiting thread, so don't stop just because
  		 * one thread couldn't be synthesized.
  		 */
-		__event__synthesize_thread(comm_event, mmap_event, fork_event, pid,
+		__event__synthesize_thread(comm_event, mmap2_event, fork_event, pid,
 					   1, process, tool, machine, mmap_data,
 					   proc_map_timeout);
 	}
@@ -611,7 +611,7 @@ int perf_event__synthesize_threads(struct perf_tool *tool,
 out_free_fork:
 	free(fork_event);
 out_free_mmap:
-	free(mmap_event);
+	free(mmap2_event);
 out_free_comm:
 	free(comm_event);
 out:
-- 
1.8.3.4

Powered by blists - more mailing lists