From patchwork Mon Jun 14 10:27:27 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
X-Patchwork-Id: 459794
Delivered-To: patch@linaro.org
Received: by 2002:a02:735a:0:0:0:0:0 with SMTP id a26csp3154574jae;
 Mon, 14 Jun 2021 03:34:30 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyxaiKJttytHVe1It45A/2Wwm2gRJ8YnL0fxGud5mFMdrmkgPY0NEfDD89Oe2LymIqh16g8
X-Received: by 2002:a05:6402:31a8:: with SMTP id
 dj8mr16094260edb.296.1623666870587; 
 Mon, 14 Jun 2021 03:34:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1623666870; cv=none;
 d=google.com; s=arc-20160816;
 b=MKpBFFCZyeBOueoXG6FKbjn/F7jNk8AObKma9NREKLYBTB2dXf7iI937tw6s92xMGA
 U5v4WgaNbfBXzKnfWFE1ckzd4DwdnGQywQtijADqME7pEixRm1VVchZsyxvVqGnIsq5/
 wpBerWUZvWfccuyMuXl+eupVREz2JFJE86fmrVrpE7pGo4HkQmNPtHaYnc7OR9Jekk2c
 72KKLj8H1RYlcpgIaWSqQ8TlKoTmn0GBMeyerxWiXs/QZDR0kiMCrQ7sigT40ZyIoPPo
 VBDeKTbraAvOhEmaNH8EmRJRcj3hnfK1mhWdJA/3+5tH/ZbKYYbr8I1J+NSSgxKXmAEQ
 IMFw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=list-id:precedence:content-transfer-encoding:mime-version
 :user-agent:references:in-reply-to:message-id:date:subject:cc:to
 :from:dkim-signature;
 bh=HNxRlRxvJOEdbZzDPqRt8HzbH1j3udWG0LgKiiVwthQ=;
 b=AmW8adZKFuBzNKuUeRXRw0X01UiAwgQf+2ETUw67mCkDYCjPqFhrZJ5fmlpnNFKJHx
 VUyzrpp3ekY0XBtoKsq35U/+j8GkUNm4IMERI0sXGUUWjDOoABH6QajTgpVI4fhVMCuf
 iPQOA3seQF16Ygw69d7mtI2y3aH8e9ack5oEiC/RUq0IpTxiMXABXqVk2IUXm3t84y1S
 P5QdldYMtxaHQ04yzaqS5bvxdtvyPj6VzjRtCdR+FL8xndJ3tW3WBAGQQksJ6qb2S6Ky
 708agnJR6LbC8/mdlJqfBAaVmlZ91hfBNsC5ix9+gpxP6pL4RoYO4gKG2iTZk4bxpncy
 56VA==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linuxfoundation.org header.s=korg
 header.b=tyw01gGY; 
 spf=pass (google.com: domain of stable-owner@vger.kernel.org
 designates 23.128.96.18 as permitted sender)
 smtp.mailfrom=stable-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <stable-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
 by mx.google.com with ESMTP id
 g8si10457304edb.255.2021.06.14.03.34.30; 
 Mon, 14 Jun 2021 03:34:30 -0700 (PDT)
Received-SPF: pass (google.com: domain of stable-owner@vger.kernel.org
 designates 23.128.96.18 as permitted sender)
 client-ip=23.128.96.18; 
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linuxfoundation.org header.s=korg
 header.b=tyw01gGY; 
 spf=pass (google.com: domain of stable-owner@vger.kernel.org
 designates 23.128.96.18 as permitted sender)
 smtp.mailfrom=stable-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S233190AbhFNKgH (ORCPT <rfc822;semen.protsenko@linaro.org>
 + 12 others); Mon, 14 Jun 2021 06:36:07 -0400
Received: from mail.kernel.org ([198.145.29.99]:39860 "EHLO mail.kernel.org"
 rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
 id S233196AbhFNKea (ORCPT <rfc822;stable@vger.kernel.org>);
 Mon, 14 Jun 2021 06:34:30 -0400
Received: by mail.kernel.org (Postfix) with ESMTPSA id A0FC861245;
 Mon, 14 Jun 2021 10:31:54 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; 
 s=korg; t=1623666715;
 bh=Orrf/8HQCxsdAsNoUTaVt4kXDOyRkH/lzRwD6tPRPYk=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
 b=tyw01gGYYlNs6lbpJhVHWgifLNUmhd4yrswikSYnUfteleo5vksvHGM0WltbxcCCH
 Ezs2Du3KUOoLTvCBfragfCR+PpZE+y9q4reTWC+pdP2JgaJsGNxuKYDyopeFYvGEb3
 VkosC1xUzMuE6QYegc/p04xc6weFW+tCBl0e+Aac=
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
 stable@vger.kernel.org, Leo Yan <leo.yan@linaro.org>,
 Adrian Hunter <adrian.hunter@intel.com>, Jiri Olsa <jolsa@redhat.com>,
 Alexander Shishkin <alexander.shishkin@linux.intel.com>,
 Kan Liang <kan.liang@linux.intel.com>,
 Mark Rutland <mark.rutland@arm.com>, Namhyung Kim <namhyung@kernel.org>,
 Peter Zijlstra <peterz@infradead.org>,
 Arnaldo Carvalho de Melo <acme@redhat.com>, Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.9 36/42] perf session: Correct buffer copying when peeking
 events
Date: Mon, 14 Jun 2021 12:27:27 +0200
Message-Id: <20210614102643.850989621@linuxfoundation.org>
X-Mailer: git-send-email 2.32.0
In-Reply-To: <20210614102642.700712386@linuxfoundation.org>
References: <20210614102642.700712386@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Precedence: bulk
List-ID: <stable.vger.kernel.org>
X-Mailing-List: stable@vger.kernel.org

From: Leo Yan <leo.yan@linaro.org>

[ Upstream commit 197eecb6ecae0b04bd694432f640ff75597fed9c ]

When peeking an event, it has a short path and a long path.  The short
path uses the session pointer "one_mmap_addr" to directly fetch the
event; and the long path needs to read out the event header and the
following event data from file and fill into the buffer pointer passed
through the argument "buf".

The issue is in the long path that it copies the event header and event
data into the same destination address which pointer "buf", this means
the event header is overwritten.  We are just lucky to run into the
short path in most cases, so we don't hit the issue in the long path.

This patch adds the offset "hdr_sz" to the pointer "buf" when copying
the event data, so that it can reserve the event header which can be
used properly by its caller.

Fixes: 5a52f33adf02 ("perf session: Add perf_session__peek_event()")
Signed-off-by: Leo Yan <leo.yan@linaro.org>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Acked-by: Jiri Olsa <jolsa@redhat.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Kan Liang <kan.liang@linux.intel.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: http://lore.kernel.org/lkml/20210605052957.1070720-1-leo.yan@linaro.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 tools/perf/util/session.c | 1 +
 1 file changed, 1 insertion(+)

-- 
2.30.2

diff --git a/tools/perf/util/session.c b/tools/perf/util/session.c
index 89808ab008ad..9187d8119a75 100644
--- a/tools/perf/util/session.c
+++ b/tools/perf/util/session.c
@@ -1427,6 +1427,7 @@ int perf_session__peek_event(struct perf_session *session, off_t file_offset,
 	if (event->header.size < hdr_sz || event->header.size > buf_sz)
 		return -1;
 
+	buf += hdr_sz;
 	rest = event->header.size - hdr_sz;
 
 	if (readn(fd, buf, rest) != (ssize_t)rest)