openkylin
/
linux
mirror of https://gitee.com/openkylin/linux.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity
linux/tools/perf/util
History
Anton Blanchard b832796caa perf tools: Incorrect use of snprintf results in SEGV 
I have a workload where perf top scribbles over the stack and we SEGV.
What makes it interesting is that an snprintf is causing this.

The workload is a c++ gem that has method names over 3000 characters
long, but snprintf is designed to avoid overrunning buffers. So what
went wrong?

The problem is we assume snprintf returns the number of characters
written:

    ret += repsep_snprintf(bf + ret, size - ret, "[%c] ", self->level);
...
    ret += repsep_snprintf(bf + ret, size - ret, "%s", self->ms.sym->name);

Unfortunately this is not how snprintf works. snprintf returns the
number of characters that would have been written if there was enough
space. In the above case, if the first snprintf returns a value larger
than size, we pass a negative size into the second snprintf and happily
scribble over the stack. If you have 3000 character c++ methods thats a
lot of stack to trample.

This patch fixes repsep_snprintf by clamping the value at size - 1 which
is the maximum snprintf can write before adding the NULL terminator.

I get the sinking feeling that there are a lot of other uses of snprintf
that have this same bug, we should audit them all.

Cc: David Ahern <dsahern@gmail.com>
Cc: Eric B Munson <emunson@mgebm.net>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Yanmin Zhang <yanmin_zhang@linux.intel.com>
Cc: stable@kernel.org
Link: http://lkml.kernel.org/r/20120307114249.44275ca3@kryten
Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
 		2012-03-14 12:36:19 -03:00
..
include perf tools: Use for_each_set_bit() to iterate over feature flags 2011-12-23 17:03:36 -02:00
scripting-engines perf script: Add generic perl handler to process events 2011-12-23 17:05:48 -02:00
ui perf tools: Fix broken build by defining _GNU_SOURCE in Makefile 2012-01-30 22:19:54 -02:00
PERF-VERSION-GEN perf: clear out make flags when calling kernel make kernelver 2011-06-15 22:12:55 +02:00
abspath.c perf tools: Remove some unused functions 2010-05-18 23:03:35 -03:00
alias.c perf_counter tools: Add more warnings and fix/annotate them 2009-07-01 12:49:48 +02:00
annotate.c perf tools: Fix truncated annotation 2011-12-23 16:39:19 -02:00
annotate.h perf symbols: Add nr_events to symbol_conf 2011-11-28 10:37:11 -02:00
bitmap.c perf tools: Don't use code surrounded by __KERNEL__ 2010-05-02 12:00:44 -03:00
build-id.c perf tools: Rename perf_event_ops to perf_tool 2011-11-28 10:39:28 -02:00
build-id.h perf tools: Rename perf_event_ops to perf_tool 2011-11-28 10:39:28 -02:00
cache.h perf tools: Don't fallback to setup_pager unconditionally 2011-01-31 18:08:39 -02:00
callchain.c perf tools: Kill event_t typedef, use 'union perf_event' instead 2011-01-29 16:25:37 -02:00
callchain.h perf tools: Pass tool context in the the perf_event_ops functions 2011-11-28 10:38:56 -02:00
cgroup.c perf tools: Eliminate duplicate code and use PATH_MAX consistently 2011-11-28 10:11:04 -02:00
cgroup.h perf tool: Add cgroup support 2011-02-16 13:30:48 +01:00
color.c perf stat: Add -o and --append options 2011-08-18 07:46:13 -03:00
color.h perf hist: Replace ->print() routines by ->snprintf() equivalents 2010-04-02 16:28:15 -03:00
config.c perf tools: Remove stale git headlines from top comment 2011-12-20 13:43:36 -02:00
cpumap.c perf tools: Add missing cpu_map__delete() 2011-01-22 19:56:30 -02:00
cpumap.h perf tools: Add missing cpu_map__delete() 2011-01-22 19:56:30 -02:00
ctype.c perf tools: Move graph_line and graph_dotted_line from top 2009-11-23 21:55:20 +01:00
debug.c perf ui browser: Handle K_RESIZE in dialog windows 2011-10-26 13:15:07 -02:00
debug.h perf ui browser: Handle K_RESIZE in dialog windows 2011-10-26 13:15:07 -02:00
debugfs.c perf tools: Simplify debugfs mountpoint handling code 2011-11-28 10:11:28 -02:00
debugfs.h perf tools: Simplify debugfs mountpoint handling code 2011-11-28 10:11:28 -02:00
dwarf-aux.c perf probe: Filter out redundant inline-instances 2011-08-12 09:34:35 -03:00
dwarf-aux.h perf probe: Search concrete out-of-line instances 2011-08-12 09:32:10 -03:00
environment.c
event.c perf tools: Ensure comm string is properly terminated 2012-02-29 18:29:45 -03:00
event.h perf tools: Add ability to synthesize event according to a sample 2011-12-12 08:44:00 -02:00
evlist.c perf evlist: Return first evsel for non-sample event on old kernel 2012-02-29 18:29:44 -03:00
evlist.h perf evlist: Always do automatic allocation of pollfd and mmap structures 2011-11-29 08:05:52 -02:00
evsel.c perf evsel: Fix an issue where perf report fails to show the proper percentage 2012-02-06 18:59:38 -02:00
evsel.h perf tools: Save some loops using perf_evlist__id2evsel 2011-11-28 17:57:40 -02:00
exec_cmd.c perf tools: Makefile: Remove various and sundry cruft 2011-02-18 07:43:06 -02:00
exec_cmd.h perf tools: Remove some unused functions 2010-05-18 23:03:35 -03:00
generate-cmdlist.sh
header.c perf tools: Fix strlen() bug in perf_event__synthesize_event_type() 2012-01-30 22:29:12 -02:00
header.h perf tools: Use for_each_set_bit() to iterate over feature flags 2011-12-23 17:03:36 -02:00
help.c perf tools: Remove some unused functions 2010-05-18 23:03:35 -03:00
help.h perf tools: Protect header files with a consistent style 2009-09-24 21:27:51 +02:00
hist.c perf report: Fix --stdio output alignment when --showcpuutilization used 2012-01-08 13:32:51 -02:00
hist.h perf hists: Stop using 'self' for struct hist_entry 2012-01-06 15:42:52 -02:00
hweight.c perf tools: Don't use code surrounded by __KERNEL__ 2010-05-02 12:00:44 -03:00
levenshtein.c
levenshtein.h perf tools: Protect header files with a consistent style 2009-09-24 21:27:51 +02:00
map.c perf session: Move threads to struct machine 2011-11-28 10:35:31 -02:00
map.h perf tools: Resolve machine earlier and pass it to perf_event_ops 2011-11-28 10:39:12 -02:00
pager.c perf_counter tools: Remove dead code 2009-06-27 06:06:39 +02:00
parse-events.c perf record: Fix buffer overrun bug in tracepoint_id_to_path() 2012-03-13 17:01:28 +01:00
parse-events.h perf tools: Simplify debugfs mountpoint handling code 2011-11-28 10:11:28 -02:00
parse-options.c perf options: Type check all the remaining OPT_ variants 2010-05-17 16:22:41 -03:00
parse-options.h perf options: add OPT_CALLBACK_DEFAULT_NOOPT 2010-12-06 15:33:29 -02:00
path.c perf tools: add test for strlcpy() 2010-08-21 11:22:47 -03:00
probe-event.c perf probe: Ensure offset provided is not greater than function length without DWARF info too 2012-02-29 18:29:46 -03:00
probe-event.h perf probe: Add probed module in front of function 2011-07-15 16:19:08 -04:00
probe-finder.c perf probe: Ensure offset provided is not greater than function length 2012-02-29 18:29:45 -03:00
probe-finder.h perf tools: Eliminate duplicate code and use PATH_MAX consistently 2011-11-28 10:11:04 -02:00
pstack.c perf newt: Make <- zoom out filters 2010-05-14 20:05:21 -03:00
pstack.h perf ui: Move hists browser to util/ui/browsers/ 2010-08-10 16:11:08 -03:00
python.c perf evlist: Fix grouping of multiple events 2011-10-26 10:25:02 -02:00
quote.c perf tools: Remove some unused functions 2010-05-18 23:03:35 -03:00
quote.h perf tools: Remove some unused functions 2010-05-18 23:03:35 -03:00
run-command.c perf tools: Remove some unused functions 2010-05-18 23:03:35 -03:00
run-command.h perf tools: Remove some unused functions 2010-05-18 23:03:35 -03:00
session.c perf session: Remove impossible condition check 2012-01-03 14:35:02 -02:00
session.h perf tools: Fix out-of-bound access to struct perf_session 2011-12-23 16:57:41 -02:00
setup.py perf evlist: Introduce add_tracepoints method 2011-11-28 10:25:11 -02:00
sigchain.c perf tools: Remove some unused functions 2010-05-18 23:03:35 -03:00
sigchain.h perf tools: Remove some unused functions 2010-05-18 23:03:35 -03:00
sort.c perf tools: Incorrect use of snprintf results in SEGV 2012-03-14 12:36:19 -03:00
sort.h perf hists: Don't free decayed entries if in the annotation browser 2011-10-13 08:01:33 -03:00
strbuf.c perf tools: Remove some unused functions 2010-05-18 23:03:35 -03:00
strbuf.h perf tools: Remove some unused functions 2010-05-18 23:03:35 -03:00
strfilter.c perf: Fix missing strndup declaration 2011-03-04 01:17:18 +01:00
strfilter.h perf tools: Add strfilter for general purpose string filter 2011-01-28 09:19:38 -02:00
string.c perf probe: Move strtailcmp to string.c 2011-07-15 16:00:47 -04:00
strlist.c perf probe: Fix --del to update current event list 2009-12-15 20:22:01 +01:00
strlist.h perf tools: Add for_each macros for strlist 2009-12-15 20:22:02 +01:00
svghelper.c perf timechart: Fix black idle boxes in the title 2011-02-28 08:56:14 +01:00
svghelper.h perf tools: Protect header files with a consistent style 2009-09-24 21:27:51 +02:00
symbol.c perf tools: Fix broken build by defining _GNU_SOURCE in Makefile 2012-01-30 22:19:54 -02:00
symbol.h perf symbols: Add nr_events to symbol_conf 2011-11-28 10:37:11 -02:00
thread.c perf session: Move threads to struct machine 2011-11-28 10:35:31 -02:00
thread.h perf tools: Resolve machine earlier and pass it to perf_event_ops 2011-11-28 10:39:12 -02:00
thread_map.c perf threads: Move thread_map to separate file 2011-01-24 10:59:00 -02:00
thread_map.h perf threads: Move thread_map to separate file 2011-01-24 10:59:00 -02:00
tool.h perf tools: Save some loops using perf_evlist__id2evsel 2011-11-28 17:57:40 -02:00
top.c perf top: Reuse the 'report' hist_entry/hists classes 2011-10-07 16:56:44 -03:00
top.h perf tools: Handle kernels that don't support attr.exclude_{guest,host} 2012-03-03 12:19:56 -03:00
trace-event-info.c perf tools: Fix compile error on x86_64 Ubuntu 2012-01-08 13:34:55 -02:00
trace-event-parse.c perf tools: Fix broken build by defining _GNU_SOURCE in Makefile 2012-01-30 22:19:54 -02:00
trace-event-read.c perf: Use read() instead of lseek() in trace_event_read.c:skip() 2010-05-20 08:37:17 +02:00
trace-event-scripting.c perf tools: Resolve machine earlier and pass it to perf_event_ops 2011-11-28 10:39:12 -02:00
trace-event.h perf tools: Resolve machine earlier and pass it to perf_event_ops 2011-11-28 10:39:12 -02:00
types.h perf tools: Fix 64 bit integer format strings 2011-01-22 23:41:57 -02:00
usage.c perf tools: Remove stale git headlines from top comment 2011-12-20 13:43:36 -02:00
util.c perf tools: Change perf_guest default back to false 2012-03-03 12:13:41 -03:00
util.h perf tools: Fix broken build by defining _GNU_SOURCE in Makefile 2012-01-30 22:19:54 -02:00
values.c perf tools: Fix a memory leak on perf_read_values_destroy 2011-12-20 13:41:34 -02:00
values.h perf tools: Protect header files with a consistent style 2009-09-24 21:27:51 +02:00
wrapper.c perf tools: remove xstrndup, xmalloc, xzalloc 2010-05-18 23:05:28 -03:00
xyarray.c perf tools: Introduce event selectors 2011-01-03 16:39:04 -02:00
xyarray.h perf tools: Introduce event selectors 2011-01-03 16:39:04 -02:00