Received: by 2002:a05:6512:2355:0:0:0:0 with SMTP id p21csp204956lfu; Wed, 30 Mar 2022 20:53:08 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxMLzv6IGKI9b4WqiJ7+ZcgsmNCqMSk0eL3noOlMQCFziy07MEbyTJd4UskEKH+jw3BF38z X-Received: by 2002:a17:902:7784:b0:151:a83a:5402 with SMTP id o4-20020a170902778400b00151a83a5402mr3072827pll.21.1648698788182; Wed, 30 Mar 2022 20:53:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1648698788; cv=none; d=google.com; s=arc-20160816; b=rHPp4dMqYdH+66fEKee1ncNwT3GPeLs4rHNwtgMUiOB9PhdIsXiTgi750wjqd3TW43 xJvBl0sKOEgQGZQP95D7UVZnlF0ayN5ABUm7i9Q+DRnwhzrDUoZdk8lKL9MaLogEA3j5 Znf04PGpcOmK10tzDba+Xi1pYPRsbPryY2fvcvIje5aCV6A9dh02ZThso+7y5YMKgoGY s4/7pWZi/hNbNV9HmKXC9JYTJ+FIEFiMT56ntiKcl7MCYunkttjuVw465RHMCKc65J3h 8x/n/+Koo4zmljnLxAKbyz2+C9N/+SRCdgFl+sQFghiFCLSS4cM+40sM72CCiDj8loaN hgeg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=qMOSf0Lj5bbF3ZRgfNaPEjG6ItHnHx3OB75c5QOmg9s=; b=s9hJvtpwDYRdLAPfb7at8fPBzl7XkrSR3sB8H07cVKZheALeI0ygE7psVm0yM2UoWI CjuaxM9XhZalLkHUx1+Zgm8bjg6RGWRNa08TV90RCL3KsBDvqk8OXxu6LGDNR6df/kzt SJ/2eidTg5VUBaU4z5vdz9jSE+boCO4dzbBuR7AdEJsOUsTEXQru7XS6uGDWgY8oMWDD Dy0lrNMEZDhazM6Rt4Xi0ZLU0Mr4hXZBWnbYDuk0483Thau0tDNTsCg42i2nlN1GitOc LBj/YcFt7N5Da+xl8HPzZ6as1MLQELbWlVK6yzmMqCgeKGmi6/VXJwgvODF9jdhsxmJH m2fA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b="gmmbgvz/"; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id r15-20020a170902be0f00b00153b2d1646fsi22391000pls.119.2022.03.30.20.53.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 30 Mar 2022 20:53:08 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b="gmmbgvz/"; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id D779A157585; Wed, 30 Mar 2022 20:06:06 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242231AbiC3DNm (ORCPT + 99 others); Tue, 29 Mar 2022 23:13:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52908 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242225AbiC3DNk (ORCPT ); Tue, 29 Mar 2022 23:13:40 -0400 Received: from mail-pg1-x52a.google.com (mail-pg1-x52a.google.com [IPv6:2607:f8b0:4864:20::52a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 53915939B2 for ; Tue, 29 Mar 2022 20:11:56 -0700 (PDT) Received: by mail-pg1-x52a.google.com with SMTP id c11so16434399pgu.11 for ; Tue, 29 Mar 2022 20:11:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=qMOSf0Lj5bbF3ZRgfNaPEjG6ItHnHx3OB75c5QOmg9s=; b=gmmbgvz/cW0duS4+2ManRgp07CHjwIDzZAkfZkSByTyTV4ZR5a4sLVKXI3CEH5L/wM gQttFPLd8XszFetubrHrGP31zyWllQchTkZT5raVbgy/zCy1ziOKW8lVwaYeOIMp4KnN fki495+fbWg3RucKrC0ZWPDrMtZdhO9cu7nec= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=qMOSf0Lj5bbF3ZRgfNaPEjG6ItHnHx3OB75c5QOmg9s=; b=hbG9+FbC/s7yeK+ZHil+vRylvNZnmgeZ0y+2lVAbdx5ZEDpfGrd2yJSwhVz6QpuGle WWFUaSsmvAM0kl26LJZuuIT7C6gsagDOFQTqaxisl9VcURcp4u7CfY+jPaFgox7oJa3V F0TuDuCkJlZmKpRZA/eMO2P/k62elFyb13XbaxsCXRBSEMvaGq4H6Dyq6QEPUwmBmwr/ Ik01d7LDQEygLYnVzDWKubFETqWrrnowH/Cj1ogVxFoCqERYIa5WXD4A3jArLHddIocO LhytJarpTNLOKhZx3wxy39PG41YiyIDFr3YR7Y6OcjeNFSkc4WAwsOQV255rWpUmIL0M /cVw== X-Gm-Message-State: AOAM5334JwPehMqB186MG9ORz0Wln6xMJDUEzcLbc2ISM0CEKCQzSnUX Kp/3SsYVJfojHv68G6h8Jcw1tw== X-Received: by 2002:aa7:8256:0:b0:4e0:78ad:eb81 with SMTP id e22-20020aa78256000000b004e078adeb81mr31206513pfn.30.1648609915762; Tue, 29 Mar 2022 20:11:55 -0700 (PDT) Received: from localhost ([2620:15c:2ce:200:e51b:b2e7:5cb6:c013]) by smtp.gmail.com with UTF8SMTPSA id u62-20020a638541000000b00382791c89efsm17279743pgd.13.2022.03.29.20.11.54 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 29 Mar 2022 20:11:55 -0700 (PDT) From: Denis Nikitin To: acme@kernel.org, linux-perf-users@vger.kernel.org Cc: jolsa@kernel.org, alexey.budankov@linux.intel.com, alexander.shishkin@linux.intel.com, namhyung@kernel.org, james.clark@arm.com, linux-kernel@vger.kernel.org, Denis Nikitin Subject: [PATCH] perf session: Remap buf if there is no space for event Date: Tue, 29 Mar 2022 20:11:30 -0700 Message-Id: <20220330031130.2152327-1-denik@chromium.org> X-Mailer: git-send-email 2.35.1.1021.g381101b075-goog MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org If a perf event doesn't fit into remaining buffer space return NULL to remap buf and fetch the event again. Keep the logic to error out on inadequate input from fuzzing. This fixes perf failing on ChromeOS (with 32b userspace): $ perf report -v -i perf.data ... prefetch_event: head=0x1fffff8 event->header_size=0x30, mmap_size=0x2000000: fuzzed or compressed perf.data? Error: failed to process sample Fixes: 57fc032ad643 ("perf session: Avoid infinite loop when seeing invalid header.size") Signed-off-by: Denis Nikitin --- tools/perf/util/session.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/tools/perf/util/session.c b/tools/perf/util/session.c index 3b8dfe603e50..45a30040ec8d 100644 --- a/tools/perf/util/session.c +++ b/tools/perf/util/session.c @@ -2095,6 +2095,7 @@ prefetch_event(char *buf, u64 head, size_t mmap_size, bool needs_swap, union perf_event *error) { union perf_event *event; + u16 event_size; /* * Ensure we have enough space remaining to read @@ -2107,15 +2108,23 @@ prefetch_event(char *buf, u64 head, size_t mmap_size, if (needs_swap) perf_event_header__bswap(&event->header); - if (head + event->header.size <= mmap_size) + event_size = event->header.size; + if (head + event_size <= mmap_size) return event; /* We're not fetching the event so swap back again */ if (needs_swap) perf_event_header__bswap(&event->header); - pr_debug("%s: head=%#" PRIx64 " event->header_size=%#x, mmap_size=%#zx:" - " fuzzed or compressed perf.data?\n",__func__, head, event->header.size, mmap_size); + /* Check if the event fits into the next mmapped buf. */ + if (event_size <= mmap_size - head % page_size) { + /* Remap buf and fetch again. */ + return NULL; + } + + /* Invalid input. Event size should never exceed mmap_size. */ + pr_debug("%s: head=%#" PRIx64 " event->header.size=%#x, mmap_size=%#zx:" + " fuzzed or compressed perf.data?\n", __func__, head, event_size, mmap_size); return error; } -- 2.35.1.1021.g381101b075-goog