lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAP-5=fVWgHGxUqvn2pw8+dfQ7gXpLHJA0ewQUuR-sgH10744aA@mail.gmail.com>
Date:   Thu, 19 Jan 2023 08:57:21 -0800
From:   Ian Rogers <irogers@...gle.com>
To:     Arnaldo Carvalho de Melo <acme@...nel.org>
Cc:     Peter Zijlstra <peterz@...radead.org>,
        Ingo Molnar <mingo@...hat.com>,
        Mark Rutland <mark.rutland@....com>,
        Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
        Jiri Olsa <jolsa@...nel.org>,
        Namhyung Kim <namhyung@...nel.org>,
        Nathan Chancellor <nathan@...nel.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Tom Rix <trix@...hat.com>,
        Adrian Hunter <adrian.hunter@...el.com>,
        Leo Yan <leo.yan@...aro.org>, linux-perf-users@...r.kernel.org,
        linux-kernel@...r.kernel.org, llvm@...ts.linux.dev,
        Stephane Eranian <eranian@...gle.com>
Subject: Re: [PATCH] perf buildid: Avoid copy of uninitialized memory

On Thu, Jan 19, 2023 at 8:39 AM Arnaldo Carvalho de Melo
<acme@...nel.org> wrote:
>
> Em Thu, Jan 19, 2023 at 01:29:30PM -0300, Arnaldo Carvalho de Melo escreveu:
> > Em Thu, Jan 19, 2023 at 08:08:13AM -0800, Ian Rogers escreveu:
> > > On Fri, Jan 13, 2023 at 10:57 AM Ian Rogers <irogers@...gle.com> wrote:
> > > >
> > > > build_id__init only copies the buildid data up to size leaving the
> > > > rest of the data array uninitialized. Copying the full array during
> > > > synthesis means the written event contains uninitialized memory.  This
> > > > was detected by the Clang/LLVM memory sanitizer.
> > > >
> > > > Signed-off-by: Ian Rogers <irogers@...gle.com>
> > > > ---
> > > >  tools/perf/util/synthetic-events.c | 2 +-
> > > >  1 file changed, 1 insertion(+), 1 deletion(-)
> > > >
> > > > diff --git a/tools/perf/util/synthetic-events.c b/tools/perf/util/synthetic-events.c
> > > > index 3ab6a92b1a6d..348d05e4ec03 100644
> > > > --- a/tools/perf/util/synthetic-events.c
> > > > +++ b/tools/perf/util/synthetic-events.c
> > > > @@ -2219,7 +2219,7 @@ int perf_event__synthesize_build_id(struct perf_tool *tool, struct dso *pos, u16
> > > >
> > > >         len = pos->long_name_len + 1;
> > > >         len = PERF_ALIGN(len, NAME_ALIGN);
> > > > -       memcpy(&ev.build_id.build_id, pos->bid.data, sizeof(pos->bid.data));
> > > > +       memcpy(&ev.build_id.build_id, pos->bid.data, pos->bid.size);
> > >
> > > Ping. Should be an uncontroversial change to fix a copy of
> > > uninitialized memory into the perf.data file during synthesis.
> >
> > Indeed, applied.
>
> Humm, don't we better do it as:
>
> +       memcpy(&ev.build_id.build_id, pos->bid.data, min(pos->bid.size, sizeof(pos->bid.data));
>
> Lemme check what is setting that pos->bid.size....
>
> Things like sysfs__read_build_id() that does such checks, but perhaps we
> should be defensive and do it in this function as well?

Defensive is good, another option would be an assert but they can be
compiled out. Do you want me to repost?

Thanks,
Ian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ