This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
[tip:perf/urgent] perf probe: Fix probe_point buffer overrun
- From: tip-bot for Masami Hiramatsu <mhiramat at redhat dot com>
- To: linux-tip-commits at vger dot kernel dot org
- Cc: linux-kernel at vger dot kernel dot org, hpa at zytor dot com, mingo at redhat dot com, dle-develop at lists dot sourceforge dot net, stable at kernel dot org, tglx at linutronix dot de, mhiramat at redhat dot com, mingo at elte dot hu, systemtap at sources dot redhat dot com
- Date: Sat, 13 Mar 2010 12:26:00 GMT
- Subject: [tip:perf/urgent] perf probe: Fix probe_point buffer overrun
- Git-commit-id: 594087a04eea544356f9c52e83c1a9bc380ce80f
- References: <20100312232217.2017.45017.stgit@localhost6.localdomain6>
- Reply-to: mingo at redhat dot com, hpa at zytor dot com, linux-kernel at vger dot kernel dot org, dle-develop at lists dot sourceforge dot net, stable at kernel dot org, tglx at linutronix dot de, mhiramat at redhat dot com, mingo at elte dot hu, systemtap at sources dot redhat dot com
Commit-ID: 594087a04eea544356f9c52e83c1a9bc380ce80f
Gitweb: http://git.kernel.org/tip/594087a04eea544356f9c52e83c1a9bc380ce80f
Author: Masami Hiramatsu <mhiramat@redhat.com>
AuthorDate: Fri, 12 Mar 2010 18:22:17 -0500
Committer: Ingo Molnar <mingo@elte.hu>
CommitDate: Sat, 13 Mar 2010 08:32:22 +0100
perf probe: Fix probe_point buffer overrun
Fix probe_point array-size overrun problem. In some cases (e.g.
inline function), one user-specified probe-point can be
translated to many probe address, and it overruns pre-defined
array-size. This also removes redundant MAX_PROBES macro
definition.
Signed-off-by: Masami Hiramatsu <mhiramat@redhat.com>
Cc: systemtap <systemtap@sources.redhat.com>
Cc: DLE <dle-develop@lists.sourceforge.net>
Cc: <stable@kernel.org>
LKML-Reference: <20100312232217.2017.45017.stgit@localhost6.localdomain6>
[ Note that only root can create new probes. Eventually we should remove
the MAX_PROBES limit, but that is a larger patch not eligible to
perf/urgent treatment. ]
Signed-off-by: Ingo Molnar <mingo@elte.hu>
---
tools/perf/builtin-probe.c | 1 -
tools/perf/util/probe-finder.c | 3 +++
2 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/tools/perf/builtin-probe.c b/tools/perf/builtin-probe.c
index c30a335..152d6c9 100644
--- a/tools/perf/builtin-probe.c
+++ b/tools/perf/builtin-probe.c
@@ -47,7 +47,6 @@
#include "util/probe-event.h"
#define MAX_PATH_LEN 256
-#define MAX_PROBES 128
/* Session management structure */
static struct {
diff --git a/tools/perf/util/probe-finder.c b/tools/perf/util/probe-finder.c
index 1e6c65e..f9cbbf1 100644
--- a/tools/perf/util/probe-finder.c
+++ b/tools/perf/util/probe-finder.c
@@ -455,6 +455,9 @@ static void show_probe_point(Dwarf_Die *sp_die, struct probe_finder *pf)
/* *pf->fb_ops will be cached in libdw. Don't free it. */
pf->fb_ops = NULL;
+ if (pp->found == MAX_PROBES)
+ die("Too many( > %d) probe point found.\n", MAX_PROBES);
+
pp->probes[pp->found] = strdup(tmp);
pp->found++;
}