diff options
| author | Arnaldo Carvalho de Melo <acme@redhat.com> | 2016-08-18 16:30:28 -0300 | 
|---|---|---|
| committer | Arnaldo Carvalho de Melo <acme@redhat.com> | 2016-08-18 16:39:46 -0300 | 
| commit | c53412ee8c7ec31373a4176ff7f3a6b79296c05c (patch) | |
| tree | 1f3568222b7d4ff9e62a137affedd639a71e9c77 /net/lapb/lapb_iface.c | |
| parent | 0215d59b154ab90c56c4fe49bc1deefe8bca18f1 (diff) | |
perf evsel: Do not access outside hw cache name arrays
We have to check if the values are >= *_MAX, not just >, fix it.
From the bugzilla report:
''In file /tools/perf/util/evsel.c  function __perf_evsel__hw_cache_name
it appears that there is a bug that reads beyond the end of the buffer.
The statement "if (type > PERF_COUNT_HW_CACHE_MAX)" allows type to be
equal to the maximum value. Later, when statement "if
(!perf_evsel__is_cache_op_valid(type, op))" is executed, the function
can access array perf_evsel__hw_cache_stat[type] beyond the end of the
buffer.
It appears to me that the statement "if (type > PERF_COUNT_HW_CACHE_MAX)"
should be "if (type >= PERF_COUNT_HW_CACHE_MAX)"
Bug found with Coverity and manual code review. No attempts were made to
execute the code with a maximum type value.''
Committer note:
Testing it:
  $ perf record -e $(echo $(perf list cache | cut -d \[ -f1) | sed 's/ /,/g') usleep 1
  [ perf record: Woken up 16 times to write data ]
  [ perf record: Captured and wrote 0.023 MB perf.data (34 samples) ]
  $ perf evlist
  L1-dcache-load-misses
  L1-dcache-loads
  L1-dcache-stores
  L1-icache-load-misses
  LLC-load-misses
  LLC-loads
  LLC-store-misses
  LLC-stores
  branch-load-misses
  branch-loads
  dTLB-load-misses
  dTLB-loads
  dTLB-store-misses
  dTLB-stores
  iTLB-load-misses
  iTLB-loads
  node-load-misses
  node-loads
  node-store-misses
  node-stores
  $ perf list cache
  List of pre-defined events (to be used in -e):
    L1-dcache-load-misses        [Hardware cache event]
    L1-dcache-loads              [Hardware cache event]
    L1-dcache-stores             [Hardware cache event]
    L1-icache-load-misses        [Hardware cache event]
    LLC-load-misses              [Hardware cache event]
    LLC-loads                    [Hardware cache event]
    LLC-store-misses             [Hardware cache event]
    LLC-stores                   [Hardware cache event]
    branch-load-misses           [Hardware cache event]
    branch-loads                 [Hardware cache event]
    dTLB-load-misses             [Hardware cache event]
    dTLB-loads                   [Hardware cache event]
    dTLB-store-misses            [Hardware cache event]
    dTLB-stores                  [Hardware cache event]
    iTLB-load-misses             [Hardware cache event]
    iTLB-loads                   [Hardware cache event]
    node-load-misses             [Hardware cache event]
    node-loads                   [Hardware cache event]
    node-store-misses            [Hardware cache event]
    node-stores                  [Hardware cache event]
  $
Reported-by: Brian Sweeney <bsweeney@lgsinnovations.com>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=153351
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Diffstat (limited to 'net/lapb/lapb_iface.c')
0 files changed, 0 insertions, 0 deletions
