lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20160420030456.GJ3677@kernel.org>
Date:	Wed, 20 Apr 2016 00:04:56 -0300
From:	Arnaldo Carvalho de Melo <acme@...nel.org>
To:	Chris Phlipot <cphlipot0@...il.com>
Cc:	mingo@...hat.com, peterz@...radead.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] perf script: fix segfault when printing callchains using
 builtin-script

Em Tue, Apr 19, 2016 at 07:32:11PM -0700, Chris Phlipot escreveu:
> This fixes a bug caused by an unitialized callchain cursor. The crash
> frist appeared in:
> 6f736735e30f ("perf evsel: Require that callchains be resolved before
> calling fprintf_{sym,callchain}")
> 
> The callchain cursor is a struct that contains pointers, that when
> uninitialized will cause unpredictable behavior (usually a crash)
> when trying to append to the callchain.
> 
> The existing implementation has the following issues:
> 1. The callchain cursor used is not initialized, resulting in
> 	unpredictable behavior when used.
> 2. The cursor is declared on the stack. Even if it is properly initalized,
> 	the implmentation will leak memory when the function returns,
> 	since all the references to the callchain_nodes allocated by
> 	callchain_cursor_append will be lost when the cursor goes out of
> 	scope.
> 3. Storing the cursor on the stack is inefficient. Even if memory is
> 	properly freed when it goes out of scope, a performance penalty
> 	will be incurred due to reallocation of callchain nodes.
> 	callchain_cursor_append is designed to avoid these reallocations
> 	when an existing cursor is reused.
> 
> This patch fixes the crash by replacing cursor_callchain with a reference
> to the global callchain_cursor which also resolves all 3 issues mentioned
> above.
> 
> How to reproduce the crash:
> $ perf record --call-graph=dwarf stress -t 1 -c 1
> $ perf script > /dev/null
> Segfault

My bad, applying the patch, thanks!

- Arnaldo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ