lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20230830090539.68206-1-adrian.hunter@intel.com>
Date:   Wed, 30 Aug 2023 12:05:39 +0300
From:   Adrian Hunter <adrian.hunter@...el.com>
To:     Arnaldo Carvalho de Melo <acme@...nel.org>
Cc:     Jiri Olsa <jolsa@...nel.org>, Namhyung Kim <namhyung@...nel.org>,
        Ian Rogers <irogers@...gle.com>, linux-kernel@...r.kernel.org,
        linux-perf-users@...r.kernel.org
Subject: [PATCH] perf dlfilter: Avoid leak in v0 API test use of resolve_address()

The introduction of reference counting causes the v0 API
perf_dlfilter_fns.resolve_address() to leak. v2 API introduced
perf_dlfilter_fns.al_cleanup() to prevent that. For the v0 API, avoid the
leak by exiting the addr_location immediately, since the documentation
makes it clear that pointers obtained via perf_dlfilter_fns are not
necessarily valid (dereferenceable) after 'filter_event' and
'filter_event_early' return.

Reported-by: kernel test robot <oliver.sang@...el.com>
Closes: https://lore.kernel.org/oe-lkp/202308232146.94d82cb4-oliver.sang@intel.com
Signed-off-by: Adrian Hunter <adrian.hunter@...el.com>
---
 tools/perf/util/dlfilter.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tools/perf/util/dlfilter.c b/tools/perf/util/dlfilter.c
index e0f822ebb9b9..1dbf27822ee2 100644
--- a/tools/perf/util/dlfilter.c
+++ b/tools/perf/util/dlfilter.c
@@ -187,6 +187,8 @@ static __s32 dlfilter__resolve_address(void *ctx, __u64 address, struct perf_dlf
 
 	if (has_priv(d_al_p))
 		d_al_p->priv = memdup(&al, sizeof(al));
+	else /* Avoid leak for v0 API */
+		addr_location__exit(&al);
 
 	return 0;
 }
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ