Commit b04b7023 authored by Wang Nan's avatar Wang Nan Committed by Arnaldo Carvalho de Melo

perf evlist: Enforce ring buffer reading

Don't read broken data after 'head' pointer.

Following commits will feed perf_evlist__mmap_read() with some 'head'
pointers not maintained by kernel. If 'head' pointer breaks an event, we
should avoid reading from the broken event. This can happen in backward
ring buffer.

For example:

                              old     head
                                |     |
                                V     V
     +---+------+----------+----+-----+--+
     |..E|D....D|C........C|B..B|A....|E.|
     +---+------+----------+----+-----+--+

'old' pointer points to the beginning of 'A' and trying read from it,
but 'A' has been overwritten. In this case, don't try to read from 'A',
simply return NULL.
Signed-off-by: default avatarWang Nan <wangnan0@huawei.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Zefan Li <lizefan@huawei.com>
Cc: pi3orama@163.com
Link: http://lkml.kernel.org/r/1461637738-62722-2-git-send-email-wangnan0@huawei.comSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
parent 09623d79
...@@ -684,6 +684,7 @@ union perf_event *perf_evlist__mmap_read(struct perf_evlist *evlist, int idx) ...@@ -684,6 +684,7 @@ union perf_event *perf_evlist__mmap_read(struct perf_evlist *evlist, int idx)
struct perf_mmap *md = &evlist->mmap[idx]; struct perf_mmap *md = &evlist->mmap[idx];
u64 head; u64 head;
u64 old = md->prev; u64 old = md->prev;
int diff;
unsigned char *data = md->base + page_size; unsigned char *data = md->base + page_size;
union perf_event *event = NULL; union perf_event *event = NULL;
...@@ -694,6 +695,7 @@ union perf_event *perf_evlist__mmap_read(struct perf_evlist *evlist, int idx) ...@@ -694,6 +695,7 @@ union perf_event *perf_evlist__mmap_read(struct perf_evlist *evlist, int idx)
return NULL; return NULL;
head = perf_mmap__read_head(md); head = perf_mmap__read_head(md);
diff = head - old;
if (evlist->overwrite) { if (evlist->overwrite) {
/* /*
* If we're further behind than half the buffer, there's a chance * If we're further behind than half the buffer, there's a chance
...@@ -703,7 +705,6 @@ union perf_event *perf_evlist__mmap_read(struct perf_evlist *evlist, int idx) ...@@ -703,7 +705,6 @@ union perf_event *perf_evlist__mmap_read(struct perf_evlist *evlist, int idx)
* *
* In either case, truncate and restart at head. * In either case, truncate and restart at head.
*/ */
int diff = head - old;
if (diff > md->mask / 2 || diff < 0) { if (diff > md->mask / 2 || diff < 0) {
fprintf(stderr, "WARNING: failed to keep up with mmap data.\n"); fprintf(stderr, "WARNING: failed to keep up with mmap data.\n");
...@@ -711,15 +712,21 @@ union perf_event *perf_evlist__mmap_read(struct perf_evlist *evlist, int idx) ...@@ -711,15 +712,21 @@ union perf_event *perf_evlist__mmap_read(struct perf_evlist *evlist, int idx)
* head points to a known good entry, start there. * head points to a known good entry, start there.
*/ */
old = head; old = head;
diff = 0;
} }
} }
if (old != head) { if (diff >= (int)sizeof(event->header)) {
size_t size; size_t size;
event = (union perf_event *)&data[old & md->mask]; event = (union perf_event *)&data[old & md->mask];
size = event->header.size; size = event->header.size;
if (size < sizeof(event->header) || diff < (int)size) {
event = NULL;
goto broken_event;
}
/* /*
* Event straddles the mmap boundary -- header should always * Event straddles the mmap boundary -- header should always
* be inside due to u64 alignment of output. * be inside due to u64 alignment of output.
...@@ -743,6 +750,7 @@ union perf_event *perf_evlist__mmap_read(struct perf_evlist *evlist, int idx) ...@@ -743,6 +750,7 @@ union perf_event *perf_evlist__mmap_read(struct perf_evlist *evlist, int idx)
old += size; old += size;
} }
broken_event:
md->prev = old; md->prev = old;
return event; return event;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment