Re: [PATCH 3/3] perf session: Avoid infinite loop if an event is truncated

From: Petr Malat
Date: Tue Nov 24 2020 - 05:22:23 EST


I made a rebase mistake and picked old change, I will send the series
again rebased on v5.10-rc5. Sorry for the inconvenience.
Petr

On Tue, Nov 24, 2020 at 10:59:21AM +0100, Petr Malat wrote:
> If an event was truncated at the end of a perf.data file larger than
> MAP_SIZE, the event reading code ended up in an infinite loop. Break
> this loop by making sure the mapping window is always shifting
> towards the end of the file.
>
> Fixes: bb1835a3b86c ("perf session: Fix decompression of PERF_RECORD_COMPRESSED records")
> Fixes: 57fc032ad643 ("perf session: Avoid infinite loop when seeing invalid header.size")
> Signed-off-by: Petr Malat <oss@xxxxxxxxx>
> ---
> tools/perf/util/session.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/tools/perf/util/session.c b/tools/perf/util/session.c
> index e57b0d09d196..b73b85d99628 100644
> --- a/tools/perf/util/session.c
> +++ b/tools/perf/util/session.c
> @@ -2168,6 +2168,12 @@ reader__process_events(struct reader *rd, struct perf_session *session,
> }
>
> page_offset = page_size * (head / page_size);
> + if (!page_offset) {
> + pr_err("%#" PRIx64 " [%#x]: truncated event\n",
> + file_offset + head);
> + err = -EINVAL;
> + goto out;
> + }
> file_offset += page_offset;
> head -= page_offset;
> goto remap;
> --
> 2.20.1
>