lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <587603d3-c707-49d8-08a9-193a22e5e227@intel.com>
Date:   Mon, 7 Jun 2021 08:44:36 +0300
From:   Adrian Hunter <adrian.hunter@...el.com>
To:     Leo Yan <leo.yan@...aro.org>,
        Arnaldo Carvalho de Melo <acme@...nel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Ingo Molnar <mingo@...hat.com>,
        Mark Rutland <mark.rutland@....com>,
        Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
        Jiri Olsa <jolsa@...hat.com>,
        Namhyung Kim <namhyung@...nel.org>,
        Kan Liang <kan.liang@...ux.intel.com>,
        linux-perf-users@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] perf session: Correct buffer copying when peek event

On 5/06/21 8:29 am, Leo Yan wrote:
> When peek an event, it has a short path and a long path.  The short path
> uses the session pointer "one_mmap_addr" to directly fetch event; and
> the long path needs to read out the event header and the followed event
> data from file and fill into the buffer pointer passed through the
> argument "buf".
> 
> The issue is in the long path that it copies the event header and event
> data into the same destination address which pointer "buf", this means
> the event header is overwritten.  We are just lucky to run into the
> short path in most cases, so we don't hit the issue in the long path.
> 
> This patch adds the offset "hdr_sz" to the pointer "buf" when copying
> the event data, so that it can reserve the event header which can be
> used properly by its caller.
> 
> Fixes: 5a52f33adf02 ("perf session: Add perf_session__peek_event()")
> Signed-off-by: Leo Yan <leo.yan@...aro.org>

Acked-by: Adrian Hunter <adrian.hunter@...el.com>

> ---
>  tools/perf/util/session.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/tools/perf/util/session.c b/tools/perf/util/session.c
> index 106b3d60881a..e59242c361ce 100644
> --- a/tools/perf/util/session.c
> +++ b/tools/perf/util/session.c
> @@ -1723,6 +1723,7 @@ int perf_session__peek_event(struct perf_session *session, off_t file_offset,
>  	if (event->header.size < hdr_sz || event->header.size > buf_sz)
>  		return -1;
>  
> +	buf += hdr_sz;
>  	rest = event->header.size - hdr_sz;
>  
>  	if (readn(fd, buf, rest) != (ssize_t)rest)
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ