| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 3 Nov 2019 23:24:41 +0100
From: Jiri Olsa <jolsa@...hat.com>
To: Alexey Budankov <alexey.budankov@...ux.intel.com>,
Arnaldo Carvalho de Melo <acme@...nel.org>
Cc: Peter Zijlstra <peterz@...radead.org>,
Ingo Molnar <mingo@...hat.com>,
Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
Namhyung Kim <namhyung@...nel.org>,
Andi Kleen <ak@...ux.intel.com>,
linux-kernel <linux-kernel@...r.kernel.org>
Subject: [RFC] perf session: Fix compression processing
hi,
I'm not sure I follow everything on compression,
so I might have missed something, but patch below
fixes the issue for me.
jirka
---
The compressed data processing occasionally fails with:
$ perf report --stdio -vv
decomp (B): 44519 to 163000
decomp (B): 48119 to 174800
decomp (B): 65527 to 131072
fetch_mmaped_event: head=0x1ffe0 event->header_size=0x28, mmap_size=0x20000: fuzzed perf.data?
Error:
failed to process sample
...
It's caused by recent fuzzer fix that does not take into account
that compressed data do not need to by fully present in the buffer,
so it's ok to just return NULL and not to fail.
Fixes: 57fc032ad643 ("perf session: Avoid infinite loop when seeing invalid header.size")
Link: http://lkml.kernel.org/n/tip-q1biqscs4stcmc9bs1iokfro@git.kernel.org
Signed-off-by: Jiri Olsa <jolsa@...nel.org>
---
tools/perf/util/session.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/tools/perf/util/session.c b/tools/perf/util/session.c
index f07b8ecb91bc..3589ed14a629 100644
--- a/tools/perf/util/session.c
+++ b/tools/perf/util/session.c
@@ -1959,7 +1959,7 @@ static int __perf_session__process_pipe_events(struct perf_session *session)
static union perf_event *
fetch_mmaped_event(struct perf_session *session,
- u64 head, size_t mmap_size, char *buf)
+ u64 head, size_t mmap_size, char *buf, bool decomp)
{
union perf_event *event;
@@ -1979,6 +1979,8 @@ fetch_mmaped_event(struct perf_session *session,
/* We're not fetching the event so swap back again */
if (session->header.needs_swap)
perf_event_header__bswap(&event->header);
+ if (decomp)
+ return NULL;
pr_debug("%s: head=%#" PRIx64 " event->header_size=%#x, mmap_size=%#zx: fuzzed perf.data?\n",
__func__, head, event->header.size, mmap_size);
return ERR_PTR(-EINVAL);
@@ -1997,7 +1999,7 @@ static int __perf_session__process_decomp_events(struct perf_session *session)
return 0;
while (decomp->head < decomp->size && !session_done()) {
- union perf_event *event = fetch_mmaped_event(session, decomp->head, decomp->size, decomp->data);
+ union perf_event *event = fetch_mmaped_event(session, decomp->head, decomp->size, decomp->data, true);
if (IS_ERR(event))
return PTR_ERR(event);
@@ -2100,7 +2102,7 @@ reader__process_events(struct reader *rd, struct perf_session *session,
}
more:
- event = fetch_mmaped_event(session, head, mmap_size, buf);
+ event = fetch_mmaped_event(session, head, mmap_size, buf, false);
if (IS_ERR(event))
return PTR_ERR(event);
--
2.21.0
Powered by blists - more mailing lists