| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f5a7ff48-659a-bce1-2ad0-54f334c27379@windriver.com>
Date: Fri, 6 Mar 2020 15:20:55 +0800
From: He Zhe <zhe.he@...driver.com>
To: Arnaldo Carvalho de Melo <acme@...hat.com>
Cc: Andi Kleen <ak@...ux.intel.com>, jolsa@...nel.org, meyerk@....com,
Jiri Olsa <jolsa@...hat.com>, linux-kernel@...r.kernel.org,
acme@...nel.org
Subject: Re: [PATCH] perf: Fix crash due to null pointer dereference when
iterating cpu map
On 3/6/20 3:58 AM, Arnaldo Carvalho de Melo wrote:
> Em Thu, Mar 05, 2020 at 10:32:06AM -0800, Andi Kleen escreveu:
>> On Thu, Mar 05, 2020 at 12:27:55PM -0300, Arnaldo Carvalho de Melo wrote:
>>> Em Thu, Mar 05, 2020 at 06:47:19PM +0800, zhe.he@...driver.com escreveu:
>>>> From: He Zhe <zhe.he@...driver.com>
>>>>
>>>> NULL pointer may be passed to perf_cpu_map__cpu and then cause the
>>>> following crash.
>>>>
>>>> perf ftrace -G start_kernel ls
>>>> failed to set tracing filters
>>>> [ 208.710716] perf[341]: segfault at 4 ip 00000000567c7c98
>>>> sp 00000000ff937ae0 error 4 in perf[56630000+1b2000]
>>>> [ 208.724778] Code: fc ff ff e8 aa 9b 01 00 8d b4 26 00 00 00 00 8d
>>>> 76 00 55 89 e5 83 ec 18 65 8b 0d 14 00 00 00 89
>>>> 4d f4 31 c9 8b 45 08 8b9
>>>> Segmentation fault
>>> I'm not being able to repro this here, what is the tree you are using?
>> I believe that's the same bug that Jann Horn reported recently for perf trace.
>> I thought the patch for that went in.
> Ok, Zhe, that patch is at the end of this message, and it is in:
>
> [acme@...e perf]$ git tag --contains cb71f7d43ece3d5a4f400f510c61b2ec7c9ce9a1 | grep ^v
> v5.6-rc1
> v5.6-rc2
> v5.6-rc3
> v5.6-rc4
> [acme@...e perf]$
>
> Can you try with that?
Thanks, that does fix the issue I met.
BTW, my change in perf_cpu_map__cpu can be used as a preventive check
and the "1" in perf_cpu_map__cpu should be "0", and assigning a NULL in
perf_evlist__exit makes the clearing complete. So are they worth a new patch?
Regards,
Zhe
>
> - Arnaldo
>
> commit cb71f7d43ece3d5a4f400f510c61b2ec7c9ce9a1
> Author: Jiri Olsa <jolsa@...nel.org>
> Date: Fri Jan 10 16:15:37 2020 +0100
>
> libperf: Setup initial evlist::all_cpus value
>
> Jann Horn reported crash in perf ftrace because evlist::all_cpus isn't
> initialized if there's evlist without events, which is the case for perf
> ftrace.
>
> Adding initial initialization of evlist::all_cpus from given cpus,
> regardless of events in the evlist.
>
> Fixes: 7736627b865d ("perf stat: Use affinity for closing file descriptors")
> Reported-by: Jann Horn <jannh@...gle.com>
> Signed-off-by: Jiri Olsa <jolsa@...nel.org>
> Acked-by: Andi Kleen <ak@...ux.intel.com>
> Cc: Alexander Shishkin <alexander.shishkin@...ux.intel.com>
> Cc: Michael Petlan <mpetlan@...hat.com>
> Cc: Namhyung Kim <namhyung@...nel.org>
> Cc: Peter Zijlstra <peterz@...radead.org>
> Link: http://lore.kernel.org/lkml/20200110151537.153012-1-jolsa@kernel.org
> Signed-off-by: Arnaldo Carvalho de Melo <acme@...hat.com>
>
> diff --git a/tools/lib/perf/evlist.c b/tools/lib/perf/evlist.c
> index ae9e65aa2491..5b9f2ca50591 100644
> --- a/tools/lib/perf/evlist.c
> +++ b/tools/lib/perf/evlist.c
> @@ -164,6 +164,9 @@ void perf_evlist__set_maps(struct perf_evlist *evlist,
> evlist->threads = perf_thread_map__get(threads);
> }
>
> + if (!evlist->all_cpus && cpus)
> + evlist->all_cpus = perf_cpu_map__get(cpus);
> +
> perf_evlist__propagate_maps(evlist);
> }
>
>
Powered by blists - more mailing lists