| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aIVrSy8Z8s2JqqVO@google.com>
Date: Sat, 26 Jul 2025 16:56:59 -0700
From: Namhyung Kim <namhyung@...nel.org>
To: Ian Rogers <irogers@...gle.com>
Cc: Zecheng Li <zecheng@...gle.com>, Peter Zijlstra <peterz@...radead.org>,
Ingo Molnar <mingo@...hat.com>,
Arnaldo Carvalho de Melo <acme@...nel.org>,
Mark Rutland <mark.rutland@....com>,
Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
Jiri Olsa <jolsa@...nel.org>,
Adrian Hunter <adrian.hunter@...el.com>,
"Liang, Kan" <kan.liang@...ux.intel.com>,
Masami Hiramatsu <mhiramat@...nel.org>, Zecheng Li <zli94@...u.edu>,
Xu Liu <xliuprof@...gle.com>, linux-perf-users@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v1 1/6] perf dwarf-aux: Use signed comparison in
match_var_offset
On Fri, Jul 25, 2025 at 05:58:05PM -0700, Ian Rogers wrote:
> On Fri, Jul 25, 2025 at 1:28 PM Zecheng Li <zecheng@...gle.com> wrote:
> >
> > match_var_offset compares address offsets to determine if an access
> > falls within a variable's bounds. The offsets involved for those
> > relative to base registers from DW_OP_breg can be negative.
> >
> > The current implementation uses unsigned types (u64) for these offsets,
> > which rejects almost all negative values.
> >
> > This commit changes the local variables within match_var_offset to
> > signed types (s64) before performing comparisons. This ensures correct
> > behavior when addr_offset_ or addr_type_ are negative.
> >
> > Signed-off-by: Zecheng Li <zecheng@...gle.com>
> > ---
> > tools/perf/util/dwarf-aux.c | 6 ++++--
> > 1 file changed, 4 insertions(+), 2 deletions(-)
> >
> > diff --git a/tools/perf/util/dwarf-aux.c b/tools/perf/util/dwarf-aux.c
> > index 559c953ca172..bf906dff9ef0 100644
> > --- a/tools/perf/util/dwarf-aux.c
> > +++ b/tools/perf/util/dwarf-aux.c
> > @@ -1388,10 +1388,12 @@ struct find_var_data {
> > #define DWARF_OP_DIRECT_REGS 32
> >
> > static bool match_var_offset(Dwarf_Die *die_mem, struct find_var_data *data,
> > - u64 addr_offset, u64 addr_type, bool is_pointer)
> > + u64 addr_offset_, u64 addr_type_, bool is_pointer)
> > {
> > Dwarf_Die type_die;
> > Dwarf_Word size;
> > + s64 addr_offset = (s64)addr_offset_;
> > + s64 addr_type = (s64)addr_type_;
>
> Would it be better to make the function take signed types? I'm
> thinking if a 32-bit int is passed, with the signature as-is it is
> unclear if sign-extension will happen.
Hmm.. right. The addr_offset often from 'int' type so negative value
can have the sign-extension problem.
Zecheng, can you please update the function signature to s64 and check
if the final offset is negative or bigger than the size?
Thanks,
Namhyung
> >
> > if (addr_offset == addr_type) {
> > /* Update offset relative to the start of the variable */
> > @@ -1414,7 +1416,7 @@ static bool match_var_offset(Dwarf_Die *die_mem, struct find_var_data *data,
> > if (dwarf_aggregate_size(&type_die, &size) < 0)
> > return false;
> >
> > - if (addr_offset >= addr_type + size)
> > + if (addr_offset_ - addr_type_ >= size)
> > return false;
> >
> > /* Update offset relative to the start of the variable */
> > --
> > 2.50.1.470.g6ba607880d-goog
> >
Powered by blists - more mailing lists