From nobody Wed Feb 11 02:26:57 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id BD13AC7618A for ; Thu, 16 Mar 2023 19:42:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230373AbjCPTmT (ORCPT ); Thu, 16 Mar 2023 15:42:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47462 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229708AbjCPTmP (ORCPT ); Thu, 16 Mar 2023 15:42:15 -0400 Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8296E442CB; Thu, 16 Mar 2023 12:42:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1678995734; x=1710531734; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=eIZyYOcJoDlch2zoEcNQZVhXa/4V+wzyFtHKXdVX4jU=; b=ZVai50OVrZ/OOMm+iJC3qqv6EpZsNG//b23JljgSC7dhH3Ge8M0Q1lfH 6sILO94ZEox0Z4R+ya5mU4IcA8snIdt+CoA70+FBG2vgd1IFFZPwM2GCP Wg/bGCdWDaW1GGeLGBtuxZzgSyBULOlq8iTIIsg3PWBw3HbSBSYcvslPj 9VngzW52hDt0dEpOz8yGBNqGTmd0h5GxH9wz+EuS9iEFLg8ffkMVtrGNs uuiQ/KjNqSv1rCiMZNO3JYDbSdMqirPdxcvZYUqB6PUQFFIRUprOe8O1U gqWeMOhCwieiGGWXRH+WOGEEqhR0WeKWIH4b6sPF8jKEC3n3PmeOtpHhl w==; X-IronPort-AV: E=McAfee;i="6600,9927,10651"; a="326465402" X-IronPort-AV: E=Sophos;i="5.98,265,1673942400"; d="scan'208";a="326465402" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Mar 2023 12:42:14 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10651"; a="823392391" X-IronPort-AV: E=Sophos;i="5.98,265,1673942400"; d="scan'208";a="823392391" Received: from ahunter6-mobl1.ger.corp.intel.com (HELO ahunter-VirtualBox.home\044ger.corp.intel.com) ([10.251.221.172]) by fmsmga001-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Mar 2023 12:42:12 -0700 From: Adrian Hunter To: Arnaldo Carvalho de Melo Cc: Jiri Olsa , Namhyung Kim , Ian Rogers , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org Subject: [PATCH 1/3] perf symbols: Fix use-after-free in get_plt_got_name() Date: Thu, 16 Mar 2023 21:41:54 +0200 Message-Id: <20230316194156.8320-2-adrian.hunter@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230316194156.8320-1-adrian.hunter@intel.com> References: <20230316194156.8320-1-adrian.hunter@intel.com> MIME-Version: 1.0 Organization: Intel Finland Oy, Registered Address: PL 281, 00181 Helsinki, Business Identity Code: 0357606 - 4, Domiciled in Helsinki Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Fix use-after-free in get_plt_got_name(). Discovered using EXTRA_CFLAGS=3D"-fsanitize=3Dundefined -fsanitize=3Daddres= s". Reported-by: kernel test robot Link: https://lore.kernel.org/oe-lkp/202303061424.6ad43294-yujie.liu@intel.= com Fixes: ce4c8e7966f3 ("perf symbols: Get symbols for .plt.got for x86-64") Signed-off-by: Adrian Hunter Acked-by: Ian Rogers --- tools/perf/util/symbol-elf.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tools/perf/util/symbol-elf.c b/tools/perf/util/symbol-elf.c index c0a2de42c51b..7ef5f6d7d415 100644 --- a/tools/perf/util/symbol-elf.c +++ b/tools/perf/util/symbol-elf.c @@ -557,6 +557,7 @@ static bool get_plt_got_name(GElf_Shdr *shdr, size_t i, const char *sym_name; char *demangled; GElf_Sym sym; + bool result; u32 disp; =20 if (!di->sorted) @@ -583,9 +584,11 @@ static bool get_plt_got_name(GElf_Shdr *shdr, size_t i, =20 snprintf(buf, buf_sz, "%s@plt", sym_name); =20 + result =3D *sym_name; + free(demangled); =20 - return *sym_name; + return result; } =20 static int dso__synthesize_plt_got_symbols(struct dso *dso, Elf *elf, --=20 2.34.1 From nobody Wed Feb 11 02:26:57 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 26CAFC7618A for ; Thu, 16 Mar 2023 19:42:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230004AbjCPTmW (ORCPT ); Thu, 16 Mar 2023 15:42:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47522 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230255AbjCPTmR (ORCPT ); Thu, 16 Mar 2023 15:42:17 -0400 Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E6536974B1; Thu, 16 Mar 2023 12:42:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1678995737; x=1710531737; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=HNjn4+Xoz1pdCG0Q0z/t1kpbDRFkSjxY3sgAwJC83HU=; b=ji6AjRdV9ev5qZdK66A+pYsvKUyE0ftSEVE05t67icFF/ywOe0zE+/MT k/+f7t5WskF9y79XbnjxYvdpZPyYhLazD0WMQw+yUhOmmbwIk2v+2rHXl 34ZyDy3ZMeuMePEDRaDiXldInKTxMq/x0YhypvuB1Qo5F3yIK9ugNOX84 4qK23KT5GD3EphAEmILmtKPJtRYngVhd8zdtV360/xZ6CVuUJL440jEQm PbS1tUxFiO/ZHqpOXgi+A3cSL7YynvPqJkB1kl3VmRcFB0Kds/mHXfOZP RrZjEkit1Pz3qa4KiNW7Su8czPAEtZge8qmT3yiMFtR70cl9V06yNC26J g==; X-IronPort-AV: E=McAfee;i="6600,9927,10651"; a="326465414" X-IronPort-AV: E=Sophos;i="5.98,265,1673942400"; d="scan'208";a="326465414" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Mar 2023 12:42:16 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10651"; a="823392397" X-IronPort-AV: E=Sophos;i="5.98,265,1673942400"; d="scan'208";a="823392397" Received: from ahunter6-mobl1.ger.corp.intel.com (HELO ahunter-VirtualBox.home\044ger.corp.intel.com) ([10.251.221.172]) by fmsmga001-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Mar 2023 12:42:14 -0700 From: Adrian Hunter To: Arnaldo Carvalho de Melo Cc: Jiri Olsa , Namhyung Kim , Ian Rogers , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org Subject: [PATCH 2/3] perf symbols: Fix unaligned access in get_x86_64_plt_disp() Date: Thu, 16 Mar 2023 21:41:55 +0200 Message-Id: <20230316194156.8320-3-adrian.hunter@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230316194156.8320-1-adrian.hunter@intel.com> References: <20230316194156.8320-1-adrian.hunter@intel.com> MIME-Version: 1.0 Organization: Intel Finland Oy, Registered Address: PL 281, 00181 Helsinki, Business Identity Code: 0357606 - 4, Domiciled in Helsinki Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Use memcpy() to avoid unaligned access. Discovered using EXTRA_CFLAGS=3D"-fsanitize=3Dundefined -fsanitize=3Daddres= s". Reported-by: kernel test robot Link: https://lore.kernel.org/oe-lkp/202303061424.6ad43294-yujie.liu@intel.= com Fixes: ce4c8e7966f3 ("perf symbols: Get symbols for .plt.got for x86-64") Signed-off-by: Adrian Hunter Acked-by: Ian Rogers --- tools/perf/util/symbol-elf.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tools/perf/util/symbol-elf.c b/tools/perf/util/symbol-elf.c index 7ef5f6d7d415..ae810d4cf3cd 100644 --- a/tools/perf/util/symbol-elf.c +++ b/tools/perf/util/symbol-elf.c @@ -542,9 +542,12 @@ static u32 get_x86_64_plt_disp(const u8 *p) n +=3D 1; /* jmp with 4-byte displacement */ if (p[n] =3D=3D 0xff && p[n + 1] =3D=3D 0x25) { + u32 disp; + n +=3D 2; /* Also add offset from start of entry to end of instruction */ - return n + 4 + le32toh(*(const u32 *)(p + n)); + memcpy(&disp, p + n, sizeof(disp)); + return n + 4 + le32toh(disp); } return 0; } --=20 2.34.1 From nobody Wed Feb 11 02:26:57 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id AD5C8C7618A for ; Thu, 16 Mar 2023 19:42:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229758AbjCPTm1 (ORCPT ); Thu, 16 Mar 2023 15:42:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47820 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230200AbjCPTmX (ORCPT ); Thu, 16 Mar 2023 15:42:23 -0400 Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0DD2CE5008; Thu, 16 Mar 2023 12:42:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1678995739; x=1710531739; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Uj6dg8HajoHWiLlcjfZ1cC5m+o7lfOdaDPvUfS+JTUc=; b=V0az4KmSNpQhRsXgK7F4AjZ1dyvrBdTMCIsXSUnFhoxpvn1w6T4RjfcO piGmFQ1WfDFSJiMFjyvg+GwFAi2sIhh37IgZVoBluYEpfy5SO/O8DRFdc s14Vaa+y062VyBLZJTz+M2u8r+AyzEaiUMHVXeUwF37OyHrlqEXn5JLBK 1pK/K+gpojAtjtr8ywu3K3+9X7xY5+4SfWs/tmUhJgIpTpoLBBCT/se4P ZhTk1MuJ/XuaeMShPIuAHRYaGa/23ubdmOz03PkPvCEazMdTlu3C0JDl0 TOYoexKdJNmg9Jy0We2Sjy6cRQw5+TLU8Oo1WGpmB3o8EHcKy/IjBW+Rx A==; X-IronPort-AV: E=McAfee;i="6600,9927,10651"; a="326465427" X-IronPort-AV: E=Sophos;i="5.98,265,1673942400"; d="scan'208";a="326465427" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Mar 2023 12:42:18 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10651"; a="823392406" X-IronPort-AV: E=Sophos;i="5.98,265,1673942400"; d="scan'208";a="823392406" Received: from ahunter6-mobl1.ger.corp.intel.com (HELO ahunter-VirtualBox.home\044ger.corp.intel.com) ([10.251.221.172]) by fmsmga001-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Mar 2023 12:42:16 -0700 From: Adrian Hunter To: Arnaldo Carvalho de Melo Cc: Jiri Olsa , Namhyung Kim , Ian Rogers , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org Subject: [PATCH 3/3] perf tools: Avoid warning in do_realloc_array_as_needed() Date: Thu, 16 Mar 2023 21:41:56 +0200 Message-Id: <20230316194156.8320-4-adrian.hunter@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230316194156.8320-1-adrian.hunter@intel.com> References: <20230316194156.8320-1-adrian.hunter@intel.com> MIME-Version: 1.0 Organization: Intel Finland Oy, Registered Address: PL 281, 00181 Helsinki, Business Identity Code: 0357606 - 4, Domiciled in Helsinki Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" do_realloc_array_as_needed() used memcpy() of zero size with a NULL pointer. Check the size first to avoid sanitize warning. Discovered using EXTRA_CFLAGS=3D"-fsanitize=3Dundefined -fsanitize=3Daddres= s". Reported-by: kernel test robot Link: https://lore.kernel.org/oe-lkp/202303061424.6ad43294-yujie.liu@intel.= com Signed-off-by: Adrian Hunter Acked-by: Ian Rogers --- tools/perf/util/util.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/perf/util/util.c b/tools/perf/util/util.c index b356c9f7f0c3..089208b51e68 100644 --- a/tools/perf/util/util.c +++ b/tools/perf/util/util.c @@ -524,7 +524,8 @@ int do_realloc_array_as_needed(void **arr, size_t *arr_= sz, size_t x, size_t msz, new_arr =3D calloc(new_sz, msz); if (!new_arr) return -ENOMEM; - memcpy(new_arr, *arr, *arr_sz * msz); + if (*arr_sz) + memcpy(new_arr, *arr, *arr_sz * msz); if (init_val) { for (i =3D *arr_sz; i < new_sz; i++) memcpy(new_arr + (i * msz), init_val, msz); --=20 2.34.1