| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190714205505.GB8120@krava>
Date: Sun, 14 Jul 2019 22:55:05 +0200
From: Jiri Olsa <jolsa@...hat.com>
To: Numfor Mbiziwo-Tiapo <nums@...gle.com>
Cc: peterz@...radead.org, mingo@...hat.com, acme@...nel.org,
alexander.shishkin@...ux.intel.com, namhyung@...nel.org,
songliubraving@...com, mbd@...com, linux-kernel@...r.kernel.org,
irogers@...gle.com, eranian@...gle.com
Subject: Re: [PATCH] Fix perf stat repeat segfault
On Sun, Jul 14, 2019 at 10:44:36PM +0200, Jiri Olsa wrote:
> On Wed, Jul 10, 2019 at 01:45:40PM -0700, Numfor Mbiziwo-Tiapo wrote:
> > When perf stat is called with event groups and the repeat option,
> > a segfault occurs because the cpu ids are stored on each iteration
> > of the repeat, when they should only be stored on the first iteration,
> > which causes a buffer overflow.
> >
> > This can be replicated by running (from the tip directory):
> >
> > make -C tools/perf
> >
> > then running:
> >
> > tools/perf/perf stat -e '{cycles,instructions}' -r 10 ls
> >
> > Since run_idx keeps track of the current iteration of the repeat,
> > only storing the cpu ids on the first iteration (when run_idx < 1)
> > fixes this issue.
> >
> > Signed-off-by: Numfor Mbiziwo-Tiapo <nums@...gle.com>
> > ---
> > tools/perf/builtin-stat.c | 7 ++++---
> > 1 file changed, 4 insertions(+), 3 deletions(-)
> >
> > diff --git a/tools/perf/builtin-stat.c b/tools/perf/builtin-stat.c
> > index 63a3afc7f32b..92d6694367e4 100644
> > --- a/tools/perf/builtin-stat.c
> > +++ b/tools/perf/builtin-stat.c
> > @@ -378,9 +378,10 @@ static void workload_exec_failed_signal(int signo __maybe_unused, siginfo_t *inf
> > workload_exec_errno = info->si_value.sival_int;
> > }
> >
> > -static bool perf_evsel__should_store_id(struct perf_evsel *counter)
> > +static bool perf_evsel__should_store_id(struct perf_evsel *counter, int run_idx)
> > {
> > - return STAT_RECORD || counter->attr.read_format & PERF_FORMAT_ID;
> > + return STAT_RECORD || counter->attr.read_format & PERF_FORMAT_ID
> > + && run_idx < 1;
>
> we create counters for every iteration, so this can't be
> based on iteration
>
> I think that's just a workaround for memory corruption,
> that's happening for repeating groupped events stats,
> I'll check on this
how about something like this? we did not cleanup
ids on evlist close, so it kept on raising and
causing corruption in next iterations
jirka
---
diff --git a/tools/perf/util/evsel.c b/tools/perf/util/evsel.c
index ebb46da4dfe5..52459dd5ad0c 100644
--- a/tools/perf/util/evsel.c
+++ b/tools/perf/util/evsel.c
@@ -1291,6 +1291,7 @@ static void perf_evsel__free_id(struct perf_evsel *evsel)
xyarray__delete(evsel->sample_id);
evsel->sample_id = NULL;
zfree(&evsel->id);
+ evsel->ids = 0;
}
static void perf_evsel__free_config_terms(struct perf_evsel *evsel)
@@ -2077,6 +2078,7 @@ void perf_evsel__close(struct perf_evsel *evsel)
perf_evsel__close_fd(evsel);
perf_evsel__free_fd(evsel);
+ perf_evsel__free_id(evsel);
}
int perf_evsel__open_per_cpu(struct perf_evsel *evsel,
Powered by blists - more mailing lists