git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Ian Rogers <irogers@google.com>
	Thu, 29 Feb 2024 07:07:57 +0000 (23:07 -0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 13 Apr 2024 11:07:36 +0000 (13:07 +0200)
commit	d0e2f7ae04bbbf8cc8b8fdb26113fbf67d201e75
tree	a781c53961afec9d918b6020faebf46dd761f036	tree
parent	a822f30afada6ab1ea0f3e93a903d27304445bff	commit \| diff

libperf evlist: Avoid out-of-bounds access

[ Upstream commit 1947b92464c3268381604bbe2ac977a3fd78192f ]

Parallel testing appears to show a race between allocating and setting
evsel ids. As there is a bounds check on the xyarray it yields a segv
like:

```
AddressSanitizer:DEADLYSIGNAL

=================================================================

==484408==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010

==484408==The signal is caused by a WRITE memory access.

==484408==Hint: address points to the zero page.

    #0 0x55cef5d4eff4 in perf_evlist__id_hash tools/lib/perf/evlist.c:256
    #1 0x55cef5d4f132 in perf_evlist__id_add tools/lib/perf/evlist.c:274
    #2 0x55cef5d4f545 in perf_evlist__id_add_fd tools/lib/perf/evlist.c:315
    #3 0x55cef5a1923f in store_evsel_ids util/evsel.c:3130
    #4 0x55cef5a19400 in evsel__store_ids util/evsel.c:3147
    #5 0x55cef5888204 in __run_perf_stat tools/perf/builtin-stat.c:832
    #6 0x55cef5888c06 in run_perf_stat tools/perf/builtin-stat.c:960
    #7 0x55cef58932db in cmd_stat tools/perf/builtin-stat.c:2878
...
```

Avoid this crash by early exiting the perf_evlist__id_add_fd and
perf_evlist__id_add is the access is out-of-bounds.

Signed-off-by: Ian Rogers <irogers@google.com>
Cc: Yang Jihong <yangjihong1@huawei.com>
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Link: https://lore.kernel.org/r/20240229070757.796244-1-irogers@google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>

tools/lib/perf/evlist.c		diff \| blob \| blame \| history
tools/lib/perf/include/internal/evlist.h		diff \| blob \| blame \| history