Message ID | 20230427012841.231729-1-yangjihong1@huawei.com |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp610266vqo; Wed, 26 Apr 2023 18:41:40 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ58Mk9Yt1Lszt/KxO0wmT4z/1ezD0MWG6t7UrrPKHetdCmJIc/dyZu4o9+WdRTh+LGC9Pxg X-Received: by 2002:a05:6a00:2d24:b0:63b:2102:a1d4 with SMTP id fa36-20020a056a002d2400b0063b2102a1d4mr23535pfb.13.1682559699701; Wed, 26 Apr 2023 18:41:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1682559699; cv=none; d=google.com; s=arc-20160816; b=fPZK9L4zURKvaeAuNgBxbgRKFKa7LfecVsO2xce9heRQXsUkRCcxgWA5zIXLVLID3M c8GxPN2oKJ7wqCR/GkNGz8YgVeiljEr6gs22fp1/JSgnnWYFmn1+huTlJ7SaENzeIM+v DGY/K1xbE/ghTy4yRGEN0jO5WP6vnYysajphOXcOpeEjRp1EGpS9Gll2mji5uxPu4Zg1 Ginj+nUWZxBqwZg9JcJ7D/D8kQ42/u70DPeLg9CMbKi2J4c34y8AmpzVfRrpjGEowTq5 2CN1FBXG76WJiBObpvfRJtD1fzmKqlqRb5q1n6idmEnxA820CFdUuFw5T5JmufIMjTpu KG3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=JJJ9GNOktEDMsIQh8tPRssoqPVemKIENPCJQ8t3CG4M=; b=VeWblpJb+W+e02zPEBRlDYAR9JEDgdIbW/XMEFPTlhlQvv/o7AXE/pbWDFAu1iXkj6 1w3HyQ8z1wfDtG+mTrE3S7AlpDkgxu1ZLqx2/eobpw8Z/IzknGOjTvEo7dJZbs6C7zT/ I8a5rLLk/BV7ecCIjvPmTLhpNKhgyD8NnuBCVl+wKZx1fi/jCUVfdbD898iF9lOrldAQ xrOivW8X9dmJFoWU6VRT4pvS20sMbcv7IOD1oxAi8KTZdOd77lD5DmQizLQGXNHxSMt/ z8Ywighn5PNXMkE+IMwVievtekICWGpB0iUAO0+HyDHsIT9Jva9y2apz+yP3qtR4DXoG WplQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q22-20020aa79836000000b0063b54679d0dsi18086656pfl.44.2023.04.26.18.41.21; Wed, 26 Apr 2023 18:41:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242727AbjD0Bax (ORCPT <rfc822;zxc52fgh@gmail.com> + 99 others); Wed, 26 Apr 2023 21:30:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48332 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232094AbjD0Bav (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Wed, 26 Apr 2023 21:30:51 -0400 Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [45.249.212.187]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E0D7F26BC; Wed, 26 Apr 2023 18:30:49 -0700 (PDT) Received: from kwepemm600003.china.huawei.com (unknown [172.30.72.54]) by szxga01-in.huawei.com (SkyGuard) with ESMTP id 4Q6J4F70RtzpTCX; Thu, 27 Apr 2023 09:26:53 +0800 (CST) Received: from localhost.localdomain (10.67.174.95) by kwepemm600003.china.huawei.com (7.193.23.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Thu, 27 Apr 2023 09:30:47 +0800 From: Yang Jihong <yangjihong1@huawei.com> To: <peterz@infradead.org>, <mingo@redhat.com>, <acme@kernel.org>, <mark.rutland@arm.com>, <alexander.shishkin@linux.intel.com>, <jolsa@kernel.org>, <namhyung@kernel.org>, <irogers@google.com>, <adrian.hunter@intel.com>, <leo.yan@linaro.org>, <eranian@google.com>, <linux-perf-users@vger.kernel.org>, <linux-kernel@vger.kernel.org> CC: <yangjihong1@huawei.com> Subject: [PATCH] perf symbols: Fix return incorrect build_id size in elf_read_build_id() Date: Thu, 27 Apr 2023 01:28:41 +0000 Message-ID: <20230427012841.231729-1-yangjihong1@huawei.com> X-Mailer: git-send-email 2.30.GIT MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Content-Type: text/plain; charset=US-ASCII X-Originating-IP: [10.67.174.95] X-ClientProxiedBy: dggems701-chm.china.huawei.com (10.3.19.178) To kwepemm600003.china.huawei.com (7.193.23.202) X-CFilter-Loop: Reflected X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1764291719763700466?= X-GMAIL-MSGID: =?utf-8?q?1764291719763700466?= |
Series |
perf symbols: Fix return incorrect build_id size in elf_read_build_id()
|
|
Commit Message
Yang Jihong
April 27, 2023, 1:28 a.m. UTC
In elf_read_build_id(), if gnu build_id is found, should return the size of the actually copied data. If descsz is greater thanBuild_ID_SIZE, write_buildid data access may occur. Fixes: be96ea8ffa78 ("perf symbols: Fix issue with binaries using 16-bytes buildids (v2)") Reported-by: Will Ochowicz <Will.Ochowicz@genusplc.com> Link: https://lore.kernel.org/lkml/CWLP265MB49702F7BA3D6D8F13E4B1A719C649@CWLP265MB4970.GBRP265.PROD.OUTLOOK.COM/T/ Tested-by: Will Ochowicz <Will.Ochowicz@genusplc.com> Signed-off-by: Yang Jihong <yangjihong1@huawei.com> --- tools/perf/util/symbol-elf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Comments
On 27/04/23 04:28, Yang Jihong wrote: > In elf_read_build_id(), if gnu build_id is found, should return the size of > the actually copied data. If descsz is greater thanBuild_ID_SIZE, > write_buildid data access may occur. > > Fixes: be96ea8ffa78 ("perf symbols: Fix issue with binaries using 16-bytes buildids (v2)") > Reported-by: Will Ochowicz <Will.Ochowicz@genusplc.com> > Link: https://lore.kernel.org/lkml/CWLP265MB49702F7BA3D6D8F13E4B1A719C649@CWLP265MB4970.GBRP265.PROD.OUTLOOK.COM/T/ > Tested-by: Will Ochowicz <Will.Ochowicz@genusplc.com> > Signed-off-by: Yang Jihong <yangjihong1@huawei.com> As an aside, note that the build ID on the ELF file triggering the bug was 62363266373430613439613534633666326432323334653665623530396566343938656130663039 which is 80 ASCII characters, which would have been a 20 byte binary number i.e. $ echo -en "0000: 62363266373430613439613534633666\n0010: 32643232333465366562353039656634\n0020: 3938656130663039" | xxd -r | od -c -A d 0000000 b 6 2 f 7 4 0 a 4 9 a 5 4 c 6 f 0000016 2 d 2 2 3 4 e 6 e b 5 0 9 e f 4 0000032 9 8 e a 0 f 0 9 0000040 So perhaps a mistake in the creation of the build ID on that ELF file. In any case, for the fix: Acked-by: Adrian Hunter <adrian.hunter@intel.com> > --- > tools/perf/util/symbol-elf.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/tools/perf/util/symbol-elf.c b/tools/perf/util/symbol-elf.c > index 41882ae8452e..059f88eca630 100644 > --- a/tools/perf/util/symbol-elf.c > +++ b/tools/perf/util/symbol-elf.c > @@ -903,7 +903,7 @@ static int elf_read_build_id(Elf *elf, void *bf, size_t size) > size_t sz = min(size, descsz); > memcpy(bf, ptr, sz); > memset(bf + sz, 0, size - sz); > - err = descsz; > + err = sz; > break; > } > }
Hello, On 2023/4/27 14:02, Adrian Hunter wrote: > On 27/04/23 04:28, Yang Jihong wrote: >> In elf_read_build_id(), if gnu build_id is found, should return the size of >> the actually copied data. If descsz is greater thanBuild_ID_SIZE, >> write_buildid data access may occur. >> >> Fixes: be96ea8ffa78 ("perf symbols: Fix issue with binaries using 16-bytes buildids (v2)") >> Reported-by: Will Ochowicz <Will.Ochowicz@genusplc.com> >> Link: https://lore.kernel.org/lkml/CWLP265MB49702F7BA3D6D8F13E4B1A719C649@CWLP265MB4970.GBRP265.PROD.OUTLOOK.COM/T/ >> Tested-by: Will Ochowicz <Will.Ochowicz@genusplc.com> >> Signed-off-by: Yang Jihong <yangjihong1@huawei.com> > > As an aside, note that the build ID on the ELF file triggering the bug was > 62363266373430613439613534633666326432323334653665623530396566343938656130663039 > which is 80 ASCII characters, which would have been a 20 byte binary number i.e. > > $ echo -en "0000: 62363266373430613439613534633666\n0010: 32643232333465366562353039656634\n0020: 3938656130663039" | xxd -r | od -c -A d > 0000000 b 6 2 f 7 4 0 a 4 9 a 5 4 c 6 f > 0000016 2 d 2 2 3 4 e 6 e b 5 0 9 e f 4 > 0000032 9 8 e a 0 f 0 9 > 0000040 > > So perhaps a mistake in the creation of the build ID on that ELF file. > Yes, it may be an error, or it may be that the build-id was specified when the elf file was created. I tried ld can specify a build-id larger than 160-bit hexadecimal digits: $ ld -o test test.o --build-id=0x62363266373430613439613534633666326432323334653665623530396566343938656130663039 $ readelf -n test Displaying notes found in: .note.gnu.build-id Owner Data size Description GNU 0x00000028 NT_GNU_BUILD_ID (unique build ID bitstring) Build ID: 62363266373430613439613534633666326432323334653665623530396566343938656130663039 All in all, it feels like a rare scene :) > In any case, for the fix: > > Acked-by: Adrian Hunter <adrian.hunter@intel.com> > Thanks for the acked-by. Thanks, Yang
Em Thu, Apr 27, 2023 at 09:02:06AM +0300, Adrian Hunter escreveu: > On 27/04/23 04:28, Yang Jihong wrote: > > In elf_read_build_id(), if gnu build_id is found, should return the size of > > the actually copied data. If descsz is greater thanBuild_ID_SIZE, > > write_buildid data access may occur. > > > > Fixes: be96ea8ffa78 ("perf symbols: Fix issue with binaries using 16-bytes buildids (v2)") > > Reported-by: Will Ochowicz <Will.Ochowicz@genusplc.com> > > Link: https://lore.kernel.org/lkml/CWLP265MB49702F7BA3D6D8F13E4B1A719C649@CWLP265MB4970.GBRP265.PROD.OUTLOOK.COM/T/ > > Tested-by: Will Ochowicz <Will.Ochowicz@genusplc.com> > > Signed-off-by: Yang Jihong <yangjihong1@huawei.com> > > As an aside, note that the build ID on the ELF file triggering the bug was > 62363266373430613439613534633666326432323334653665623530396566343938656130663039 > which is 80 ASCII characters, which would have been a 20 byte binary number i.e. > > $ echo -en "0000: 62363266373430613439613534633666\n0010: 32643232333465366562353039656634\n0020: 3938656130663039" | xxd -r | od -c -A d > 0000000 b 6 2 f 7 4 0 a 4 9 a 5 4 c 6 f > 0000016 2 d 2 2 3 4 e 6 e b 5 0 9 e f 4 > 0000032 9 8 e a 0 f 0 9 > 0000040 > > So perhaps a mistake in the creation of the build ID on that ELF file. > > In any case, for the fix: > > Acked-by: Adrian Hunter <adrian.hunter@intel.com> Thanks, applied. - Arnaldo > > --- > > tools/perf/util/symbol-elf.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/tools/perf/util/symbol-elf.c b/tools/perf/util/symbol-elf.c > > index 41882ae8452e..059f88eca630 100644 > > --- a/tools/perf/util/symbol-elf.c > > +++ b/tools/perf/util/symbol-elf.c > > @@ -903,7 +903,7 @@ static int elf_read_build_id(Elf *elf, void *bf, size_t size) > > size_t sz = min(size, descsz); > > memcpy(bf, ptr, sz); > > memset(bf + sz, 0, size - sz); > > - err = descsz; > > + err = sz; > > break; > > } > > } >
diff --git a/tools/perf/util/symbol-elf.c b/tools/perf/util/symbol-elf.c index 41882ae8452e..059f88eca630 100644 --- a/tools/perf/util/symbol-elf.c +++ b/tools/perf/util/symbol-elf.c @@ -903,7 +903,7 @@ static int elf_read_build_id(Elf *elf, void *bf, size_t size) size_t sz = min(size, descsz); memcpy(bf, ptr, sz); memset(bf + sz, 0, size - sz); - err = descsz; + err = sz; break; } }