lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20201225022700.GA22238@leoy-ThinkPad-X240s>
Date:   Fri, 25 Dec 2020 10:27:00 +0800
From:   Leo Yan <leo.yan@...aro.org>
To:     Arnaldo Carvalho de Melo <acme@...nel.org>
Cc:     Will Deacon <will@...nel.org>, John Garry <john.garry@...wei.com>,
        Mathieu Poirier <mathieu.poirier@...aro.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Ingo Molnar <mingo@...hat.com>,
        Mark Rutland <mark.rutland@....com>,
        Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
        Jiri Olsa <jolsa@...hat.com>,
        Namhyung Kim <namhyung@...nel.org>,
        Ian Rogers <irogers@...gle.com>,
        Alexandre Truong <alexandre.truong@....com>,
        Masami Hiramatsu <mhiramat@...nel.org>,
        He Zhe <zhe.he@...driver.com>,
        Thomas Richter <tmricht@...ux.ibm.com>,
        Sumanth Korikkar <sumanthk@...ux.ibm.com>,
        linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v1 1/2] perf probe: Fixup Arm64 SDT arguments

On Thu, Dec 24, 2020 at 10:51:39AM -0300, Arnaldo Carvalho de Melo wrote:

> Em Wed, Dec 23, 2020 at 02:39:04PM +0800, Leo Yan escreveu:
> > Arm64 ELF section '.note.stapsdt' uses string format "-4@[sp, NUM]" if
> > the probe is to access data in stack, e.g. below is an example for
> > dumping Arm64 ELF file and shows the argument format:
> > 
> >   Arguments: -4@[sp, 12] -4@[sp, 8] -4@[sp, 4]
> > 
> > Comparing against other archs' argument format, Arm64's argument
> > introduces an extra space character in the middle of square brackets,
> > due to argv_split() uses space as splitter, the argument is wrongly
> > divided into two items.
> > 
> > To support Arm64 SDT, this patch fixes up for this case, if any item
> > contains sub string "[sp", concatenates the two continuous items.  And
> > adds the detailed explaination in comment.
> > 
> > Signed-off-by: Leo Yan <leo.yan@...aro.org>
> > ---
> >  tools/perf/util/probe-file.c | 32 ++++++++++++++++++++++++++++++--
> >  1 file changed, 30 insertions(+), 2 deletions(-)
> > 
> > diff --git a/tools/perf/util/probe-file.c b/tools/perf/util/probe-file.c
> > index 064b63a6a3f3..60878c859e60 100644
> > --- a/tools/perf/util/probe-file.c
> > +++ b/tools/perf/util/probe-file.c
> > @@ -794,6 +794,8 @@ static char *synthesize_sdt_probe_command(struct sdt_note *note,
> >  	char *ret = NULL, **args;
> >  	int i, args_count, err;
> >  	unsigned long long ref_ctr_offset;
> > +	char *arg;
> > +	int arg_idx = 0;
> >  
> >  	if (strbuf_init(&buf, 32) < 0)
> >  		return NULL;
> > @@ -815,8 +817,34 @@ static char *synthesize_sdt_probe_command(struct sdt_note *note,
> >  	if (note->args) {
> >  		args = argv_split(note->args, &args_count);
> >  
> > -		for (i = 0; i < args_count; ++i) {
> > -			if (synthesize_sdt_probe_arg(&buf, i, args[i]) < 0)
> > +		for (i = 0; i < args_count; ) {
> > +			/*
> > +			 * FIXUP: Arm64 ELF section '.note.stapsdt' uses string
> > +			 * format "-4@[sp, NUM]" if a probe is to access data in
> > +			 * the stack, e.g. below is an example for the SDT
> > +			 * Arguments:
> > +			 *
> > +			 *   Arguments: -4@[sp, 12] -4@[sp, 8] -4@[sp, 4]
> > +			 *
> > +			 * Since the string introduces an extra space character
> > +			 * in the middle of square brackets, the argument is
> > +			 * divided into two items.  Fixup for this case, if an
> > +			 * item contains sub string "[sp,", need to concatenate
> > +			 * the two items.
> > +			 */
> > +			if (strstr(args[i], "[sp,") && (i+1) < args_count) {
> > +				arg = strcat(args[i], args[i+1]);
> > +				i += 2;
> > +			} else {
> > +				arg = strdup(args[i]);
> > +				i += 1;
> > +			}
> > +
> > +			err = synthesize_sdt_probe_arg(&buf, arg_idx, arg);
> > +			free(arg);
> 
> So you free here unconditionally because either you used something you
> got from argv_split() that strdup'ed all the entries in the array it
> returns, or that you strdup'ed in the else branch.


> But then you may not free all the things argv_split() returned, right?

Yes.

> Also, that strcat(args[i], args[i+1]), are you sure that is safe? strcat
> expects dest to have enough space for the concatenation, I don't see
> argv_split[] adding extra bytes, just a strdup().

Correct, will change to use asprintf().

> So probably you need asprintf() where you use strcat() and then, at the
> end of the loop, you need to free what argv_split() returned, using
> argv_free(), no?
> 
> Also please check strdup() (and then asprintf) managed to allocate, else
> synthesize_sdt_probe_arg() will receive its 'desc' argument as NULL, do
> _another_ strdup on it and boom.

Will add checking for the pointer from strdup()/asprintf().

> Or am I missing something? :)
> 
> I just looked ant synthesize_sdt_probe_command() is leaking the args it
> gets from argv_split()
> 
> So this patch is needed, ack?

Below change is good for me.  In the next respin, I will add this new
patch with your author name and send out.

Thanks a lot for the review, Masami & Arnaldo!

> diff --git a/tools/perf/util/probe-file.c b/tools/perf/util/probe-file.c
> index 064b63a6a3f311cd..bbecb449ea944395 100644
> --- a/tools/perf/util/probe-file.c
> +++ b/tools/perf/util/probe-file.c
> @@ -791,7 +791,7 @@ static char *synthesize_sdt_probe_command(struct sdt_note *note,
>  					const char *sdtgrp)
>  {
>  	struct strbuf buf;
> -	char *ret = NULL, **args;
> +	char *ret = NULL;
>  	int i, args_count, err;
>  	unsigned long long ref_ctr_offset;
>  
> @@ -813,12 +813,19 @@ static char *synthesize_sdt_probe_command(struct sdt_note *note,
>  		goto out;
>  
>  	if (note->args) {
> -		args = argv_split(note->args, &args_count);
> +		char **args = argv_split(note->args, &args_count);
> +
> +		if (args == NULL)
> +			goto error;
>  
>  		for (i = 0; i < args_count; ++i) {
> -			if (synthesize_sdt_probe_arg(&buf, i, args[i]) < 0)
> +			if (synthesize_sdt_probe_arg(&buf, i, args[i]) < 0) {
> +				argv_free(args);
>  				goto error;
> +			}
>  		}
> +
> +		argv_free(args);
>  	}
>  
>  out:

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ