| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20220310104741.209834-1-naveen.n.rao@linux.vnet.ibm.com>
Date: Thu, 10 Mar 2022 16:17:41 +0530
From: "Naveen N. Rao" <naveen.n.rao@...ux.vnet.ibm.com>
To: Arnaldo Carvalho de Melo <acme@...nel.org>
Cc: <linux-kernel@...r.kernel.org>, cclaudio@...ux.ibm.com
Subject: [PATCH] perf trace: Fix SIGSEGV when processing augmented args
On powerpc, 'perf trace' is crashing with a SIGSEGV when trying to
process a perf data file created with 'perf trace record -p':
#0 0x00000001225b8988 in syscall_arg__scnprintf_augmented_string <snip> at builtin-trace.c:1492
#1 syscall_arg__scnprintf_filename <snip> at builtin-trace.c:1492
#2 syscall_arg__scnprintf_filename <snip> at builtin-trace.c:1486
#3 0x00000001225bdd9c in syscall_arg_fmt__scnprintf_val <snip> at builtin-trace.c:1973
#4 syscall__scnprintf_args <snip> at builtin-trace.c:2041
#5 0x00000001225bff04 in trace__sys_enter <snip> at builtin-trace.c:2319
The size captured in the augmented arg looks corrupt, resulting in the
augmented arg pointer being adjusted incorrectly. Fix this by checking
that the size is reasonable.
Reported-by: Claudio Carvalho <cclaudio@...ux.ibm.com>
Signed-off-by: Naveen N. Rao <naveen.n.rao@...ux.vnet.ibm.com>
---
While this resolves the 'perf trace' crash, I'm not yet sure why the
size for the augmented arg is corrupt. This looks to be happening when
processing the sample for 'read' syscall. Any pointers?
Thanks,
- Naveen
tools/perf/builtin-trace.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/tools/perf/builtin-trace.c b/tools/perf/builtin-trace.c
index 52b137a184a66a..150c9cbe3316b8 100644
--- a/tools/perf/builtin-trace.c
+++ b/tools/perf/builtin-trace.c
@@ -1487,10 +1487,12 @@ static size_t syscall_arg__scnprintf_augmented_string(struct syscall_arg *arg, c
* So that the next arg with a payload can consume its augmented arg, i.e. for rename* syscalls
* we would have two strings, each prefixed by its size.
*/
- int consumed = sizeof(*augmented_arg) + augmented_arg->size;
+ int consumed = sizeof(*augmented_arg) + (unsigned int)augmented_arg->size;
- arg->augmented.args = ((void *)arg->augmented.args) + consumed;
- arg->augmented.size -= consumed;
+ if (consumed < arg->augmented.size) {
+ arg->augmented.args = ((void *)arg->augmented.args) + consumed;
+ arg->augmented.size -= consumed;
+ }
return printed;
}
base-commit: e314fe9c2ad65adcb62fa98376a5f35502e4f4dd
--
2.35.1
Powered by blists - more mailing lists