diff options
| author | Ian Rogers <irogers@google.com> | 2024-02-28 23:07:57 -0800 |
|---|---|---|
| committer | Namhyung Kim <namhyung@kernel.org> | 2024-02-29 13:57:02 -0800 |
| commit | 1947b92464c3268381604bbe2ac977a3fd78192f (patch) | |
| tree | 00225d57dabf9ad73da6169b0b0fa17b10ff3643 /tools/perf/builtin-version.c | |
| parent | b44d66536859393772c67cb1da65345127f692e0 (diff) | |
| download | linux-1947b92464c3268381604bbe2ac977a3fd78192f.tar.gz linux-1947b92464c3268381604bbe2ac977a3fd78192f.tar.bz2 linux-1947b92464c3268381604bbe2ac977a3fd78192f.zip | |
libperf evlist: Avoid out-of-bounds access
Parallel testing appears to show a race between allocating and setting
evsel ids. As there is a bounds check on the xyarray it yields a segv
like:
```
AddressSanitizer:DEADLYSIGNAL
=================================================================
==484408==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010
==484408==The signal is caused by a WRITE memory access.
==484408==Hint: address points to the zero page.
#0 0x55cef5d4eff4 in perf_evlist__id_hash tools/lib/perf/evlist.c:256
#1 0x55cef5d4f132 in perf_evlist__id_add tools/lib/perf/evlist.c:274
#2 0x55cef5d4f545 in perf_evlist__id_add_fd tools/lib/perf/evlist.c:315
#3 0x55cef5a1923f in store_evsel_ids util/evsel.c:3130
#4 0x55cef5a19400 in evsel__store_ids util/evsel.c:3147
#5 0x55cef5888204 in __run_perf_stat tools/perf/builtin-stat.c:832
#6 0x55cef5888c06 in run_perf_stat tools/perf/builtin-stat.c:960
#7 0x55cef58932db in cmd_stat tools/perf/builtin-stat.c:2878
...
```
Avoid this crash by early exiting the perf_evlist__id_add_fd and
perf_evlist__id_add is the access is out-of-bounds.
Signed-off-by: Ian Rogers <irogers@google.com>
Cc: Yang Jihong <yangjihong1@huawei.com>
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Link: https://lore.kernel.org/r/20240229070757.796244-1-irogers@google.com
Diffstat (limited to 'tools/perf/builtin-version.c')
0 files changed, 0 insertions, 0 deletions