Re: [PATCH v2] perf: fix ring_buffer perf_output_space() boundarycalculation

[Peter Zijlstra]

On Mon, 2013-03-18 at 14:33 +0100, Stephane Eranian wrote:
> This patch fixes a flaw in perf_output_space(). In case the size
> of the space needed is bigger than the actual buffer size, there
> may be situations where the function would return true (i.e., there
> is space) when it should not. head > offset due to rounding of the
> masking logic.
> 
> The problem can be tested by activating BTS on Intel processors.
> A BTS record can be as big as 16 pages. The following command
> fails:
> 
> $ perf record -m 4 -c 1 -e branches:u my_test_program
> 
> You will get a buffer corruption with this. Perf report won't be
> able to parse the perf.data.
> 
> The fix is to first check that the requested space is smaller than the
> buffer size. If so, then the masking logic will work fine. If not,
> then
> there is no chance the record can be saved and it will be gracefully
> handled
> by upper code layers.
> 
> In v2, we also make the logic for the writable more explicit by
> renaming it to rb->overwrite because it tells whether or not the
> buffer can overwrite its tail (suggested by PeterZ).
> 
> Signed-off-by: Stephane Eranian <eranian@xxxxxxxxxx>
> ---

Acked-by: Peter Zijlstra <a.p.zijlstra@xxxxxxxxx>

Thanks!

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/