lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <61f11ffe-473c-a36e-c51d-9e526a6fd375@arm.com>
Date:   Mon, 24 Jul 2023 16:38:10 +0100
From:   James Clark <james.clark@....com>
To:     Ruidong Tian <tianruidong@...ux.alibaba.com>,
        coresight@...ts.linaro.org
Cc:     mike.leach@...aro.org, alexander.shishkin@...ux.intel.com,
        linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [RESEND PATCH] coresight: tmc: Explicit type conversions to
 prevent integer overflow



On 14/07/2023 09:43, Ruidong Tian wrote:
> Perf cs_etm session will failed when AUX buffer > 1G.
> 
>   perf record -C 0 -m ,2G -e cs_etm// -- taskset -c 0 ls
>   failed to mmap with 12 (Cannot allocate memory)
> 
> In coresight tmc driver, "nr_pages << PAGE_SHIFT" will overflow when
> nr_pages >= 0x80000(correspond to 1G AUX buffer). Explicit convert nr_pages
> to 64 bit to avoid overflow.
> 

Hi Ruidong,

I couldn't reproduce this exact issue with the error message in the
commit message. Is it not another manifestation related to this change
[1]? I don't actually get any error message, but I was able to get a
warning in dmesg even with [1] applied.

Does the overflow not result in a successful session but with the wrong
buffer size?

I think the change makes sense, but maybe we also need a check for
MAX_ORDER because I can trigger the same WARN_ON from [1]. Or maybe I'm
a bit confused because of the other change and not being able to
reproduce this exactly coming at the same time.

[1]:
https://lore.kernel.org/bpf/20230711014120.53461-1-xueshuai@linux.alibaba.com/

Thanks
James

> Signed-off-by: Ruidong Tian <tianruidong@...ux.alibaba.com>
> ---
>  drivers/hwtracing/coresight/coresight-tmc-etr.c | 2 +-
>  drivers/hwtracing/coresight/coresight-tmc.h     | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/hwtracing/coresight/coresight-tmc-etr.c b/drivers/hwtracing/coresight/coresight-tmc-etr.c
> index 766325de0e29..1425ecd1cf78 100644
> --- a/drivers/hwtracing/coresight/coresight-tmc-etr.c
> +++ b/drivers/hwtracing/coresight/coresight-tmc-etr.c
> @@ -1267,7 +1267,7 @@ alloc_etr_buf(struct tmc_drvdata *drvdata, struct perf_event *event,
>  	 * than the size requested via sysfs.
>  	 */
>  	if ((nr_pages << PAGE_SHIFT) > drvdata->size) {
> -		etr_buf = tmc_alloc_etr_buf(drvdata, (nr_pages << PAGE_SHIFT),
> +		etr_buf = tmc_alloc_etr_buf(drvdata, ((ssize_t)nr_pages << PAGE_SHIFT),
>  					    0, node, NULL);
>  		if (!IS_ERR(etr_buf))
>  			goto done;
> diff --git a/drivers/hwtracing/coresight/coresight-tmc.h b/drivers/hwtracing/coresight/coresight-tmc.h
> index b97da39652d2..0ee48c5ba764 100644
> --- a/drivers/hwtracing/coresight/coresight-tmc.h
> +++ b/drivers/hwtracing/coresight/coresight-tmc.h
> @@ -325,7 +325,7 @@ ssize_t tmc_sg_table_get_data(struct tmc_sg_table *sg_table,
>  static inline unsigned long
>  tmc_sg_table_buf_size(struct tmc_sg_table *sg_table)
>  {
> -	return sg_table->data_pages.nr_pages << PAGE_SHIFT;
> +	return (unsigned long)sg_table->data_pages.nr_pages << PAGE_SHIFT;
>  }
>  
>  struct coresight_device *tmc_etr_get_catu_device(struct tmc_drvdata *drvdata);

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ