Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp1349406imm; Wed, 8 Aug 2018 15:34:48 -0700 (PDT) X-Google-Smtp-Source: AA+uWPyaOp0LjmvsJCbsN79wJbBfHyJQFA2anJupZtioEiTIo/1u0YORrm/UAbK10aKBLQHlBd1o X-Received: by 2002:a17:902:28a4:: with SMTP id f33-v6mr4171139plb.297.1533767688616; Wed, 08 Aug 2018 15:34:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533767688; cv=none; d=google.com; s=arc-20160816; b=0dXPtTxlqDD1Sn+lVhwTDZE0edSFAMvbBhEUq0KU7Bi+pkrpvEl0+zwz570hWdmBat OuXW8qq6+lBzju1jE9Dgkv2+ZoaaDZWTcJ10n79Wg4jgYbwh6Nk0LVkXbJOb0PfIDORL 6JGFqP2M2WPv5a+gQfB5UXxkBtLENSeTtgzvYw836Ttad685VgHN4HvrFWHjzevTf/bW 0c7Iy5sYmYCs33s4ujS2hh52W6mHoJgyEw9c9iNYXp7Za5aul57KSnet5MGyW0pfJC54 gFnBgdD5+M7dDnqHa6vzg5aBf0AXzov0GOp2DtI1nxsOvmkoc5K4Fern34DloABYP6lB o4sg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=FaqBxE9vdVdgvDb/KJqUSVRZ6PmE81yE4JWG9JL0RMk=; b=ud2uTO13Q3RRZ0hl1HFvuaau3hx00K/kMIS7JtVkVyy4BWO0ATGRvuuq3xVNd47Uw7 blYIPEIxL+MOO2EAPA1+9VU7ZcQwj05wWhDntC1+AnTR6OEC9GnanS8Qcq9kDaR16Tje gSuximi8XASHW7cYyJNGRbKWOrZLlfcpAkhslD1KpqBjtYJtMaTmklagtgWCLJK+VqeD XpNZEpTPFwY1cJsGKlmL+5UMn/9xYnKkkYLdVP0C5IYRYzL5ZQW4X0PtkbTMVK7ptNkv cNUmwIO/LGtOnDEcfdGXCFltNUUOsMbBcL8tZQ0nRg7g/cFwo5FLAog14OiJELHS4UlK yv6A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="r9p5Q/hK"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a24-v6si5279768pgi.515.2018.08.08.15.34.33; Wed, 08 Aug 2018 15:34:48 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="r9p5Q/hK"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731727AbeHIAzO (ORCPT + 99 others); Wed, 8 Aug 2018 20:55:14 -0400 Received: from mail-pg1-f196.google.com ([209.85.215.196]:45198 "EHLO mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731123AbeHIAzO (ORCPT ); Wed, 8 Aug 2018 20:55:14 -0400 Received: by mail-pg1-f196.google.com with SMTP id f1-v6so1731738pgq.12 for ; Wed, 08 Aug 2018 15:33:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=FaqBxE9vdVdgvDb/KJqUSVRZ6PmE81yE4JWG9JL0RMk=; b=r9p5Q/hK/MgKq9Bv776i9oXsHg61ho12yaq1QOM7I6RVGu7sZhosuCASsIkKOwSgl7 +BDEQFY/y4NL3xmO+qiEnZU3sKMdd3cgWMRSeJPhYHJac4njptqMVfdKr/Jljvsn+Tuv iuV+m5VWzMoa5AR+GKMPllQC558DnhIR24HfBkJoRBUAodk/JwquJUIvXMa2rLqGNX5G EPPcAODfluIaL4eaGARZaWTNGS3m2uv2ncZeNmDIJQFOUWvidtRqnsmkYqijbRq4BrO3 TUXuBhWQs3/vsix4DDIS+o/SRAqmEM9y9NinLwQGpcWA3v2BgCl9oOsq2ZJZANUhlngw VBSw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=FaqBxE9vdVdgvDb/KJqUSVRZ6PmE81yE4JWG9JL0RMk=; b=Zrp1kjeX+Ynk2kOYBLfcKhvXRmgVmz8OoShZuk03z+SHh7wDY/f1IZVzDFaaNgZ+sY fLU0LPGgBxi70AhWdesRHy51OAcrHi1EcU9w9jp7IO4nkF+m+4Ys955ZPj3KG0qVU6qF RAQzxybR2nb8RrUHnN9SMn/KlKlqKJKg3Dg9SbRjmzYWROuPL1m2SFZFi0172JhdLDPC gMsoxlg4ABSFlX4mNR1NsSe56WT7QkHS9W/Zx4uGni5Ia4sA6AodfhONHl9PQGxJCfnI jUI48CVpXt9KOp/GG5ZEmL0ZvFB6YZrEJL+lpm/O9VozaxaX5ql8sa/v43l3qTenWxtb BkYg== X-Gm-Message-State: AOUpUlHHVyGtQZyT7IEk5wcWBDYTAt8meGT336IXu7IeqcNEcwATFEkv Bb9XFNTdvaUOjlTHX9lfOtEk5ikRM3Q= X-Received: by 2002:a62:45d2:: with SMTP id n79-v6mr4820002pfi.137.1533767609199; Wed, 08 Aug 2018 15:33:29 -0700 (PDT) Received: from localhost (c-67-169-55-77.hsd1.ca.comcast.net. [67.169.55.77]) by smtp.gmail.com with ESMTPSA id d132-v6sm6430733pgc.93.2018.08.08.15.33.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 Aug 2018 15:33:28 -0700 (PDT) From: Stephane Eranian To: linux-kernel@vger.kernel.org Cc: acme@redhat.com, peterz@infradead.org, mingo@elte.hu, jolsa@redhat.com Subject: [PATCH v2] perf ordered_events: fix crash in free_dup_event() Date: Wed, 8 Aug 2018 15:33:20 -0700 Message-Id: <1533767600-7794-1-git-send-email-eranian@google.com> X-Mailer: git-send-email 2.7.4 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This patch fixes a bug in ordered_event.c:alloc_event(). An ordered_event struct was not initialized properly potentially causing crashes later on in free_dup_event() depending on the content of the memory. If it was NULL, then it would work fine, otherwise, it could cause crashes such as: $ perf record -o - -e cycles date | perf inject -b -i - >/dev/null Tue Aug 7 12:03:48 PDT 2018 [ perf record: Woken up 1 times to write data ] [ perf record: Captured and wrote 0.000 MB - ] Segmentation fault (core dumped): (gdb) r inject -b -i - < tt >/dev/null Program received signal SIGSEGV, Segmentation fault. free_dup_event (oe=0x26a39a0, event=0xffffffff00000000) at util/ordered-events.c:85 (gdb) bt #0 free_dup_event (oe=0x26a39a0, event=0xffffffff00000000) at util/ordered-events.c:85 #1 ordered_events__free (oe=0x26a39a0) at util/ordered-events.c:310 #2 0x00000000004b5a56 in __perf_session__process_pipe_events (session=) at util/session.c:1753 #3 perf_session__process_events (session=) at util/session.c:1932 #4 0x000000000043a2eb in __cmd_inject (inject=) at builtin-inject.c:750 #5 cmd_inject (argc=, argv=) at builtin-inject.c:924 #6 0x000000000046b175 in run_builtin (p=0xabc640 , argc=4, argv=0x7fffffffe560) at perf.c:297 #7 0x000000000046b062 in handle_internal_command (argc=4, argv=0x7fffffffe560) at perf.c:349 #8 0x000000000046a5e8 in run_argv (argcp=, argv=) at perf.c:393 #9 main (argc=4, argv=0x7fffffffe560) at perf.c:531 Signed-off-by: Stephane Eranian --- tools/perf/util/ordered-events.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tools/perf/util/ordered-events.c b/tools/perf/util/ordered-events.c index a90dbe5df019..95c91e5a3754 100644 --- a/tools/perf/util/ordered-events.c +++ b/tools/perf/util/ordered-events.c @@ -118,6 +118,12 @@ static struct ordered_event *alloc_event(struct ordered_events *oe, pr("alloc size %" PRIu64 "B (+%zu), max %" PRIu64 "B\n", oe->cur_alloc_size, size, oe->max_alloc_size); + /* + * must initialize event pointer of commandeered first + * entry to avoid crash in free_dup_event() due to random + * value for this field. + */ + oe->buffer->event = NULL; oe->cur_alloc_size += size; list_add(&oe->buffer->list, &oe->to_free); -- 2.18.0.597.ga71716f1ad-goog