| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <tip-35bb59c10a6d0578806dd500477dae9cb4be344e@git.kernel.org>
Date: Thu, 2 May 2019 22:57:02 -0700
From: tip-bot for Leo Yan <tipbot@...or.com>
To: linux-tip-commits@...r.kernel.org
Cc: acme@...hat.com, tglx@...utronix.de, jolsa@...hat.com,
leo.yan@...aro.org, robert.walker@....com,
linux-kernel@...r.kernel.org, suzuki.poulose@....com,
alexander.shishkin@...ux.intel.com, hpa@...or.com,
mike.leach@...aro.org, namhyung@...nel.org, mingo@...nel.org,
mathieu.poirier@...aro.org
Subject: [tip:perf/urgent] perf cs-etm: Always allocate memory for
cs_etm_queue::prev_packet
Commit-ID: 35bb59c10a6d0578806dd500477dae9cb4be344e
Gitweb: https://git.kernel.org/tip/35bb59c10a6d0578806dd500477dae9cb4be344e
Author: Leo Yan <leo.yan@...aro.org>
AuthorDate: Sun, 28 Apr 2019 16:32:27 +0800
Committer: Arnaldo Carvalho de Melo <acme@...hat.com>
CommitDate: Thu, 2 May 2019 16:00:20 -0400
perf cs-etm: Always allocate memory for cs_etm_queue::prev_packet
Robert Walker reported a segmentation fault is observed when process
CoreSight trace data; this issue can be easily reproduced by the command
'perf report --itrace=i1000i' for decoding tracing data.
If neither the 'b' flag (synthesize branches events) nor 'l' flag
(synthesize last branch entries) are specified to option '--itrace',
cs_etm_queue::prev_packet will not been initialised. After merging the
code to support exception packets and sample flags, there introduced a
number of uses of cs_etm_queue::prev_packet without checking whether it
is valid, for these cases any accessing to uninitialised prev_packet
will cause crash.
As cs_etm_queue::prev_packet is used more widely now and it's already
hard to follow which functions have been called in a context where the
validity of cs_etm_queue::prev_packet has been checked, this patch
always allocates memory for cs_etm_queue::prev_packet.
Reported-by: Robert Walker <robert.walker@....com>
Suggested-by: Robert Walker <robert.walker@....com>
Signed-off-by: Leo Yan <leo.yan@...aro.org>
Tested-by: Robert Walker <robert.walker@....com>
Cc: Alexander Shishkin <alexander.shishkin@...ux.intel.com>
Cc: Jiri Olsa <jolsa@...hat.com>
Cc: Mathieu Poirier <mathieu.poirier@...aro.org>
Cc: Mike Leach <mike.leach@...aro.org>
Cc: Namhyung Kim <namhyung@...nel.org>
Cc: Suzuki K Poulouse <suzuki.poulose@....com>
Cc: linux-arm-kernel@...ts.infradead.org
Fixes: 7100b12cf474 ("perf cs-etm: Generate branch sample for exception packet")
Fixes: 24fff5eb2b93 ("perf cs-etm: Avoid stale branch samples when flush packet")
Link: http://lkml.kernel.org/r/20190428083228.20246-1-leo.yan@linaro.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@...hat.com>
---
tools/perf/util/cs-etm.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/tools/perf/util/cs-etm.c b/tools/perf/util/cs-etm.c
index 7777cfc1ad8c..de488b43f440 100644
--- a/tools/perf/util/cs-etm.c
+++ b/tools/perf/util/cs-etm.c
@@ -422,11 +422,9 @@ static struct cs_etm_queue *cs_etm__alloc_queue(struct cs_etm_auxtrace *etm)
if (!etmq->packet)
goto out_free;
- if (etm->synth_opts.last_branch || etm->sample_branches) {
- etmq->prev_packet = zalloc(szp);
- if (!etmq->prev_packet)
- goto out_free;
- }
+ etmq->prev_packet = zalloc(szp);
+ if (!etmq->prev_packet)
+ goto out_free;
if (etm->synth_opts.last_branch) {
size_t sz = sizeof(struct branch_stack);
Powered by blists - more mailing lists