| Message ID | 20230427012841.231729-1-yangjihong1@huawei.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp610266vqo;
Wed, 26 Apr 2023 18:41:40 -0700 (PDT)
X-Google-Smtp-Source:
ACHHUZ58Mk9Yt1Lszt/KxO0wmT4z/1ezD0MWG6t7UrrPKHetdCmJIc/dyZu4o9+WdRTh+LGC9Pxg
X-Received: by 2002:a05:6a00:2d24:b0:63b:2102:a1d4 with SMTP id
fa36-20020a056a002d2400b0063b2102a1d4mr23535pfb.13.1682559699701;
Wed, 26 Apr 2023 18:41:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1682559699; cv=none;
d=google.com; s=arc-20160816;
b=fPZK9L4zURKvaeAuNgBxbgRKFKa7LfecVsO2xce9heRQXsUkRCcxgWA5zIXLVLID3M
c8GxPN2oKJ7wqCR/GkNGz8YgVeiljEr6gs22fp1/JSgnnWYFmn1+huTlJ7SaENzeIM+v
DGY/K1xbE/ghTy4yRGEN0jO5WP6vnYysajphOXcOpeEjRp1EGpS9Gll2mji5uxPu4Zg1
Ginj+nUWZxBqwZg9JcJ7D/D8kQ42/u70DPeLg9CMbKi2J4c34y8AmpzVfRrpjGEowTq5
2CN1FBXG76WJiBObpvfRJtD1fzmKqlqRb5q1n6idmEnxA820CFdUuFw5T5JmufIMjTpu
KG3g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from;
bh=JJJ9GNOktEDMsIQh8tPRssoqPVemKIENPCJQ8t3CG4M=;
b=VeWblpJb+W+e02zPEBRlDYAR9JEDgdIbW/XMEFPTlhlQvv/o7AXE/pbWDFAu1iXkj6
1w3HyQ8z1wfDtG+mTrE3S7AlpDkgxu1ZLqx2/eobpw8Z/IzknGOjTvEo7dJZbs6C7zT/
I8a5rLLk/BV7ecCIjvPmTLhpNKhgyD8NnuBCVl+wKZx1fi/jCUVfdbD898iF9lOrldAQ
xrOivW8X9dmJFoWU6VRT4pvS20sMbcv7IOD1oxAi8KTZdOd77lD5DmQizLQGXNHxSMt/
z8Ywighn5PNXMkE+IMwVievtekICWGpB0iUAO0+HyDHsIT9Jva9y2apz+yP3qtR4DXoG
WplQ==
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
q22-20020aa79836000000b0063b54679d0dsi18086656pfl.44.2023.04.26.18.41.21;
Wed, 26 Apr 2023 18:41:39 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S242727AbjD0Bax (ORCPT <rfc822;zxc52fgh@gmail.com> + 99 others);
Wed, 26 Apr 2023 21:30:53 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48332 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S232094AbjD0Bav (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Wed, 26 Apr 2023 21:30:51 -0400
Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [45.249.212.187])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E0D7F26BC;
Wed, 26 Apr 2023 18:30:49 -0700 (PDT)
Received: from kwepemm600003.china.huawei.com (unknown [172.30.72.54])
by szxga01-in.huawei.com (SkyGuard) with ESMTP id 4Q6J4F70RtzpTCX;
Thu, 27 Apr 2023 09:26:53 +0800 (CST)
Received: from localhost.localdomain (10.67.174.95) by
kwepemm600003.china.huawei.com (7.193.23.202) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.2507.23; Thu, 27 Apr 2023 09:30:47 +0800
From: Yang Jihong <yangjihong1@huawei.com>
To: <peterz@infradead.org>, <mingo@redhat.com>, <acme@kernel.org>,
<mark.rutland@arm.com>, <alexander.shishkin@linux.intel.com>,
<jolsa@kernel.org>, <namhyung@kernel.org>, <irogers@google.com>,
<adrian.hunter@intel.com>, <leo.yan@linaro.org>,
<eranian@google.com>, <linux-perf-users@vger.kernel.org>,
<linux-kernel@vger.kernel.org>
CC: <yangjihong1@huawei.com>
Subject: [PATCH] perf symbols: Fix return incorrect build_id size in
elf_read_build_id()
Date: Thu, 27 Apr 2023 01:28:41 +0000
Message-ID: <20230427012841.231729-1-yangjihong1@huawei.com>
X-Mailer: git-send-email 2.30.GIT
MIME-Version: 1.0
Content-Transfer-Encoding: 7BIT
Content-Type: text/plain; charset=US-ASCII
X-Originating-IP: [10.67.174.95]
X-ClientProxiedBy: dggems701-chm.china.huawei.com (10.3.19.178) To
kwepemm600003.china.huawei.com (7.193.23.202)
X-CFilter-Loop: Reflected
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1764291719763700466?=
X-GMAIL-MSGID: =?utf-8?q?1764291719763700466?=
|
| Series |
perf symbols: Fix return incorrect build_id size in elf_read_build_id()
|
|
Commit Message
Yang Jihong
April 27, 2023, 1:28 a.m. UTC
In elf_read_build_id(), if gnu build_id is found, should return the size of
the actually copied data. If descsz is greater thanBuild_ID_SIZE,
write_buildid data access may occur.
Fixes: be96ea8ffa78 ("perf symbols: Fix issue with binaries using 16-bytes buildids (v2)")
Reported-by: Will Ochowicz <Will.Ochowicz@genusplc.com>
Link: https://lore.kernel.org/lkml/CWLP265MB49702F7BA3D6D8F13E4B1A719C649@CWLP265MB4970.GBRP265.PROD.OUTLOOK.COM/T/
Tested-by: Will Ochowicz <Will.Ochowicz@genusplc.com>
Signed-off-by: Yang Jihong <yangjihong1@huawei.com>
---
tools/perf/util/symbol-elf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
On 27/04/23 04:28, Yang Jihong wrote: > In elf_read_build_id(), if gnu build_id is found, should return the size of > the actually copied data. If descsz is greater thanBuild_ID_SIZE, > write_buildid data access may occur. > > Fixes: be96ea8ffa78 ("perf symbols: Fix issue with binaries using 16-bytes buildids (v2)") > Reported-by: Will Ochowicz <Will.Ochowicz@genusplc.com> > Link: https://lore.kernel.org/lkml/CWLP265MB49702F7BA3D6D8F13E4B1A719C649@CWLP265MB4970.GBRP265.PROD.OUTLOOK.COM/T/ > Tested-by: Will Ochowicz <Will.Ochowicz@genusplc.com> > Signed-off-by: Yang Jihong <yangjihong1@huawei.com> As an aside, note that the build ID on the ELF file triggering the bug was 62363266373430613439613534633666326432323334653665623530396566343938656130663039 which is 80 ASCII characters, which would have been a 20 byte binary number i.e. $ echo -en "0000: 62363266373430613439613534633666\n0010: 32643232333465366562353039656634\n0020: 3938656130663039" | xxd -r | od -c -A d 0000000 b 6 2 f 7 4 0 a 4 9 a 5 4 c 6 f 0000016 2 d 2 2 3 4 e 6 e b 5 0 9 e f 4 0000032 9 8 e a 0 f 0 9 0000040 So perhaps a mistake in the creation of the build ID on that ELF file. In any case, for the fix: Acked-by: Adrian Hunter <adrian.hunter@intel.com> > --- > tools/perf/util/symbol-elf.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/tools/perf/util/symbol-elf.c b/tools/perf/util/symbol-elf.c > index 41882ae8452e..059f88eca630 100644 > --- a/tools/perf/util/symbol-elf.c > +++ b/tools/perf/util/symbol-elf.c > @@ -903,7 +903,7 @@ static int elf_read_build_id(Elf *elf, void *bf, size_t size) > size_t sz = min(size, descsz); > memcpy(bf, ptr, sz); > memset(bf + sz, 0, size - sz); > - err = descsz; > + err = sz; > break; > } > }
Hello, On 2023/4/27 14:02, Adrian Hunter wrote: > On 27/04/23 04:28, Yang Jihong wrote: >> In elf_read_build_id(), if gnu build_id is found, should return the size of >> the actually copied data. If descsz is greater thanBuild_ID_SIZE, >> write_buildid data access may occur. >> >> Fixes: be96ea8ffa78 ("perf symbols: Fix issue with binaries using 16-bytes buildids (v2)") >> Reported-by: Will Ochowicz <Will.Ochowicz@genusplc.com> >> Link: https://lore.kernel.org/lkml/CWLP265MB49702F7BA3D6D8F13E4B1A719C649@CWLP265MB4970.GBRP265.PROD.OUTLOOK.COM/T/ >> Tested-by: Will Ochowicz <Will.Ochowicz@genusplc.com> >> Signed-off-by: Yang Jihong <yangjihong1@huawei.com> > > As an aside, note that the build ID on the ELF file triggering the bug was > 62363266373430613439613534633666326432323334653665623530396566343938656130663039 > which is 80 ASCII characters, which would have been a 20 byte binary number i.e. > > $ echo -en "0000: 62363266373430613439613534633666\n0010: 32643232333465366562353039656634\n0020: 3938656130663039" | xxd -r | od -c -A d > 0000000 b 6 2 f 7 4 0 a 4 9 a 5 4 c 6 f > 0000016 2 d 2 2 3 4 e 6 e b 5 0 9 e f 4 > 0000032 9 8 e a 0 f 0 9 > 0000040 > > So perhaps a mistake in the creation of the build ID on that ELF file. > Yes, it may be an error, or it may be that the build-id was specified when the elf file was created. I tried ld can specify a build-id larger than 160-bit hexadecimal digits: $ ld -o test test.o --build-id=0x62363266373430613439613534633666326432323334653665623530396566343938656130663039 $ readelf -n test Displaying notes found in: .note.gnu.build-id Owner Data size Description GNU 0x00000028 NT_GNU_BUILD_ID (unique build ID bitstring) Build ID: 62363266373430613439613534633666326432323334653665623530396566343938656130663039 All in all, it feels like a rare scene :) > In any case, for the fix: > > Acked-by: Adrian Hunter <adrian.hunter@intel.com> > Thanks for the acked-by. Thanks, Yang
Em Thu, Apr 27, 2023 at 09:02:06AM +0300, Adrian Hunter escreveu: > On 27/04/23 04:28, Yang Jihong wrote: > > In elf_read_build_id(), if gnu build_id is found, should return the size of > > the actually copied data. If descsz is greater thanBuild_ID_SIZE, > > write_buildid data access may occur. > > > > Fixes: be96ea8ffa78 ("perf symbols: Fix issue with binaries using 16-bytes buildids (v2)") > > Reported-by: Will Ochowicz <Will.Ochowicz@genusplc.com> > > Link: https://lore.kernel.org/lkml/CWLP265MB49702F7BA3D6D8F13E4B1A719C649@CWLP265MB4970.GBRP265.PROD.OUTLOOK.COM/T/ > > Tested-by: Will Ochowicz <Will.Ochowicz@genusplc.com> > > Signed-off-by: Yang Jihong <yangjihong1@huawei.com> > > As an aside, note that the build ID on the ELF file triggering the bug was > 62363266373430613439613534633666326432323334653665623530396566343938656130663039 > which is 80 ASCII characters, which would have been a 20 byte binary number i.e. > > $ echo -en "0000: 62363266373430613439613534633666\n0010: 32643232333465366562353039656634\n0020: 3938656130663039" | xxd -r | od -c -A d > 0000000 b 6 2 f 7 4 0 a 4 9 a 5 4 c 6 f > 0000016 2 d 2 2 3 4 e 6 e b 5 0 9 e f 4 > 0000032 9 8 e a 0 f 0 9 > 0000040 > > So perhaps a mistake in the creation of the build ID on that ELF file. > > In any case, for the fix: > > Acked-by: Adrian Hunter <adrian.hunter@intel.com> Thanks, applied. - Arnaldo > > --- > > tools/perf/util/symbol-elf.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/tools/perf/util/symbol-elf.c b/tools/perf/util/symbol-elf.c > > index 41882ae8452e..059f88eca630 100644 > > --- a/tools/perf/util/symbol-elf.c > > +++ b/tools/perf/util/symbol-elf.c > > @@ -903,7 +903,7 @@ static int elf_read_build_id(Elf *elf, void *bf, size_t size) > > size_t sz = min(size, descsz); > > memcpy(bf, ptr, sz); > > memset(bf + sz, 0, size - sz); > > - err = descsz; > > + err = sz; > > break; > > } > > } >
diff --git a/tools/perf/util/symbol-elf.c b/tools/perf/util/symbol-elf.c index 41882ae8452e..059f88eca630 100644 --- a/tools/perf/util/symbol-elf.c +++ b/tools/perf/util/symbol-elf.c @@ -903,7 +903,7 @@ static int elf_read_build_id(Elf *elf, void *bf, size_t size) size_t sz = min(size, descsz); memcpy(bf, ptr, sz); memset(bf + sz, 0, size - sz); - err = descsz; + err = sz; break; } }