AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2025-01-14 10:46:07 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
70a2cba972
linux_dsm_epyc7002/tools/perf
History
Andrey Ryabinin 70a2cba972 perf buildid: Fix off-by-one in write_buildid() 
write_buildid() increments 'name_len' with intention to take into
account trailing zero byte. However, 'name_len' was already incremented
in machine__write_buildid_table() before.  So this leads to
out-of-bounds read in do_write():

  $ ./perf record sleep 0
  [ perf record: Woken up 1 times to write data ]
  =================================================================
  ==15899==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000099fc92 at pc 0x7f1aa9c7eab5 bp 0x7fff940f84d0 sp 0x7fff940f7c78
  READ of size 19 at 0x00000099fc92 thread T0
      #0 0x7f1aa9c7eab4  (/usr/lib/gcc/x86_64-pc-linux-gnu/5.3.0/libasan.so.2+0x44ab4)
      #1 0x649c5b in do_write util/header.c:67
      #2 0x649c5b in write_padded util/header.c:82
      #3 0x57e8bc in write_buildid util/build-id.c:239
      #4 0x57e8bc in machine__write_buildid_table util/build-id.c:278
  ...

  0x00000099fc92 is located 0 bytes to the right of global variable '*.LC99' defined in 'util/symbol.c' (0x99fc80) of size 18
    '*.LC99' is ascii string '[kernel.kallsyms]'
  ...

  Shadow bytes around the buggy address:
    0x00008012bf80: f9 f9 f9 f9 00 00 00 00 00 00 03 f9 f9 f9 f9 f9
  =>0x00008012bf90: 00 00[02]f9 f9 f9 f9 f9 00 00 00 00 00 05 f9 f9
    0x00008012bfa0: f9 f9 f9 f9 00 03 f9 f9 f9 f9 f9 f9 00 00 00 00

Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: http://lkml.kernel.org/r/1461053847-5633-1-git-send-email-aryabinin@virtuozzo.com
[ Remove the off-by one at the origin, to keep len(s) == strlen(s) assumption ]
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
2016-04-25 12:49:16 -03:00
..
arch perf evsel: Do not use globals in config() 2016-04-11 22:18:20 -03:00
bench perf tools: Remove needless 'extern' from function prototypes 2016-03-23 15:06:35 -03:00
config perf tools: Build syscall table .c header from kernel's syscall_64.tbl 2016-04-08 09:58:14 -03:00
Documentation perf trace: Bump --mmap-pages when --call-graph is used by the root user 2016-04-15 17:52:34 -03:00
jvmti perf jit: Add support for using TSC as a timestamp 2016-04-01 18:42:55 -03:00
python perf python: Support the PERF_RECORD_SWITCH event 2015-10-07 19:41:50 -03:00
scripts perf script: Fix postgresql ubuntu install instructions 2016-04-19 12:36:54 -03:00
tests perf test: Add missing verbose output explaining the reason for failure 2016-04-19 12:39:36 -03:00
trace perf trace: Move socket_type beautifier to tools/perf/trace/beauty/ 2016-04-14 13:53:10 -03:00
ui perf hists browser: Fold two consecutive symbol_conf.use_callchain ifs 2016-04-18 12:26:27 -03:00
util perf buildid: Fix off-by-one in write_buildid() 2016-04-25 12:49:16 -03:00
.gitignore perf tools: Add Intel PT instruction decoder 2015-08-17 11:11:36 -03:00
Build perf tools: Set and pass DOCDIR to builtin-report.c 2016-01-12 12:42:07 -03:00
builtin-annotate.c perf machine: Rename perf_event__preprocess_sample to machine__resolve 2016-03-23 12:03:08 -03:00
builtin-bench.c perf subcmd: Create subcmd library 2015-12-17 14:27:14 -03:00
builtin-buildid-cache.c perf tools: Move timestamp creation to util 2016-01-29 17:30:06 -03:00
builtin-buildid-list.c perf subcmd: Create subcmd library 2015-12-17 14:27:14 -03:00
builtin-config.c perf config: Make show_config() use perf_config_set 2016-04-14 09:15:47 -03:00
builtin-data.c perf subcmd: Create subcmd library 2015-12-17 14:27:14 -03:00
builtin-diff.c perf machine: Rename perf_event__preprocess_sample to machine__resolve 2016-03-23 12:03:08 -03:00
builtin-evlist.c perf evlist: Add --trace-fields option to show trace fields 2016-01-08 14:23:02 -03:00
builtin-help.c perf help: Use asprintf instead of adhoc equivalents 2016-03-23 16:36:07 -03:00
builtin-inject.c perf tools: Add time conversion event 2016-03-31 10:52:24 -03:00
builtin-kmem.c perf callchain: Start moving away from global per thread cursors 2016-04-14 14:48:07 -03:00
builtin-kvm.c perf evsel: Do not use globals in config() 2016-04-11 22:18:20 -03:00
builtin-list.c perf subcmd: Create subcmd library 2015-12-17 14:27:14 -03:00
builtin-lock.c perf subcmd: Create subcmd library 2015-12-17 14:27:14 -03:00
builtin-mem.c perf mem: Add -U/-K (--all-user/--all-kernel) options 2016-03-30 11:14:07 -03:00
builtin-probe.c perf subcmd: Create subcmd library 2015-12-17 14:27:14 -03:00
builtin-record.c perf tools: Ditch record_opts.callgraph_set 2016-04-18 12:26:27 -03:00
builtin-report.c perf report: Use callchain_param.enabled instead of tool specific knob 2016-04-18 12:26:25 -03:00
builtin-sched.c perf sched map: Display only given cpus 2016-04-13 10:11:52 -03:00
builtin-script.c perf script: Check sample->callchain before using it 2016-04-18 11:31:46 -03:00
builtin-stat.c perf stat: Add --metric-only support for -A 2016-03-10 16:50:47 -03:00
builtin-timechart.c perf machine: Rename perf_event__preprocess_sample to machine__resolve 2016-03-23 12:03:08 -03:00
builtin-top.c perf top: Use callchain_param.enabled instead of symbol_conf.use_callchain 2016-04-18 12:30:16 -03:00
builtin-trace.c perf tools: Ditch record_opts.callgraph_set 2016-04-18 12:26:27 -03:00
builtin-version.c perf tools: Move cmd_version() to builtin-version.c 2015-12-09 13:42:03 -03:00
builtin.h perf tools: Remove needless 'extern' from function prototypes 2016-03-23 15:06:35 -03:00
command-list.txt perf tools: Do not show trace command if it's not compiled in 2016-01-08 12:46:17 -03:00
CREDITS
design.txt perf tools: Update some code references in design.txt 2014-03-18 18:17:06 -03:00
Makefile perf build tests: Do parallell builds with 'build-test' 2016-02-04 15:57:00 -03:00
Makefile.perf perf tools: Build syscall table .c header from kernel's syscall_64.tbl 2016-04-08 09:58:14 -03:00
MANIFEST perf bench: Fix detached tarball building due to missing 'perf bench memcpy' headers 2016-03-24 12:28:57 -03:00
perf-archive.sh
perf-completion.sh perf tools: Avoid confusion with preloaded bash function for perf bash completion 2015-03-19 13:53:27 -03:00
perf-read-vdso.c perf tools: Build programs to copy 32-bit compatibility 2014-10-29 10:32:48 -02:00
perf-sys.h perf tools: Move generic barriers out of perf-sys.h 2015-05-08 16:05:08 -03:00
perf-with-kcore.sh perf tools: Fix perf-with-kcore handling of arguments containing spaces 2015-08-06 16:48:27 -03:00
perf.c perf config: Remove duplicated set_buildid_dir calls 2016-03-30 11:14:08 -03:00
perf.h perf tools: Ditch record_opts.callgraph_set 2016-04-18 12:26:27 -03:00