From patchwork Mon Jun 14 10:27:52 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "gregkh@linuxfoundation.org"
 <gregkh@linuxfoundation.org>
X-Patchwork-Id: 459809
Delivered-To: patch@linaro.org
Received: by 2002:a17:907:7409:0:0:0:0 with SMTP id gj9csp2583717ejc;
 Mon, 14 Jun 2021 03:55:04 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzx5d+Kw8IvnLSqS2fcIvXQXKcMs/8ZBRwoEfY4pupPwES+VyI5yPMwgChXr+4mfVLWiTsB
X-Received: by 2002:a17:906:b0c8:: with SMTP id
 bk8mr14874610ejb.412.1623668103901; 
 Mon, 14 Jun 2021 03:55:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1623668103; cv=none;
 d=google.com; s=arc-20160816;
 b=BlfQzs/maaFtx0EoDk/b2gDWXNG/4d9MjUAQ3aqnsODkAR9/jIgJYHHfPv5yrk8ted
 nlGZ0vBpXgpXjYA3lyaJZjqzEDnicpy45tdzYD7Nak+Ukaty3pKu2GkS3L4RDXP4QgpB
 i9OcTkQ7GBvB8NKB4Kt4vCGaaTKsYbpSZEx242DJ+bb7K1TX1/AehOmlwpwb586hnZBH
 4Bh1O49cZYwrjXIX8UXkKyfglg0uA4adtPFnb5MBhJKB+rEHe0D6p4sH4PS6VLjJRqdh
 DSBjlzkZurnJnk+kNaB4H5X1EuIeVRRjdBtnm6pdvuAuXbH7JSXUFehtqMvGTaZs2N+k
 Th6g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=list-id:precedence:content-transfer-encoding:mime-version
 :user-agent:references:in-reply-to:message-id:date:subject:cc:to
 :from:dkim-signature;
 bh=xr2LuXnl8VYYpf2nOOAGacb3cHJCToRiM3mIeE1sIO0=;
 b=BzG4mWYeINQpSL5X3r9ce4NHp4d9YRm1Bzb+6NvVhVccVeE23ZN9fFGq4tk/9txvyt
 8CwJshGBKoiZ9hYGhvISRaCY6UIpODgmpu9k2bxbG9A2xWePMY4YuHu/3rKf5WNlBVd+
 IFKseuMJpr23DU7Nf3oqwhnQY0wIwOMRthvabrMpx7sYSRDLKWE9RTzhVhaqSeAgFPc7
 ntRhUjE/heO9Ha9jdUqPI5MI0R8li4h9kIEZz46DpN8LQgrOs0wZ5e9nJhwwfkdIhsQV
 v+W20mEam8avjaKrT8ujcQL59xvckGHdSRCh1q2jV1txBFJ6QNh/nMIzM3A51xSH/qQ9
 S6KQ==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linuxfoundation.org header.s=korg
 header.b=CWHXQxv1; 
 spf=pass (google.com: domain of stable-owner@vger.kernel.org
 designates 23.128.96.18 as permitted sender)
 smtp.mailfrom=stable-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <stable-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
 by mx.google.com with ESMTP id
 dz12si11602948edb.23.2021.06.14.03.55.03; 
 Mon, 14 Jun 2021 03:55:03 -0700 (PDT)
Received-SPF: pass (google.com: domain of stable-owner@vger.kernel.org
 designates 23.128.96.18 as permitted sender)
 client-ip=23.128.96.18; 
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linuxfoundation.org header.s=korg
 header.b=CWHXQxv1; 
 spf=pass (google.com: domain of stable-owner@vger.kernel.org
 designates 23.128.96.18 as permitted sender)
 smtp.mailfrom=stable-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S233343AbhFNK4o (ORCPT <rfc822;semen.protsenko@linaro.org>
 + 12 others); Mon, 14 Jun 2021 06:56:44 -0400
Received: from mail.kernel.org ([198.145.29.99]:58192 "EHLO mail.kernel.org"
 rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
 id S234847AbhFNKyc (ORCPT <rfc822;stable@vger.kernel.org>);
 Mon, 14 Jun 2021 06:54:32 -0400
Received: by mail.kernel.org (Postfix) with ESMTPSA id 1859261490;
 Mon, 14 Jun 2021 10:40:22 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; 
 s=korg; t=1623667222;
 bh=pKJfy3nXKu+knlbuBGoOjIAmt7isEgtgwAYMAdlimKE=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
 b=CWHXQxv1GoEo1wG5oXqyBduCjuMZytS0Uovg8k4GE6ibyxU9IjMF6PpAG4bS0b4A8
 qVdd6Apo7hI1D3qa5kvRrVDORKU9eUbxXN/vL72FnP9TwuNLS1xOHUGqR6FBQLGVIk
 6I/zm073SCvSsOLwG9KwulW+KYZr5WVHkfk2jemA=
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
 stable@vger.kernel.org, Leo Yan <leo.yan@linaro.org>,
 Adrian Hunter <adrian.hunter@intel.com>, Jiri Olsa <jolsa@redhat.com>,
 Alexander Shishkin <alexander.shishkin@linux.intel.com>,
 Kan Liang <kan.liang@linux.intel.com>,
 Mark Rutland <mark.rutland@arm.com>, Namhyung Kim <namhyung@kernel.org>,
 Peter Zijlstra <peterz@infradead.org>,
 Arnaldo Carvalho de Melo <acme@redhat.com>, Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.4 74/84] perf session: Correct buffer copying when peeking
 events
Date: Mon, 14 Jun 2021 12:27:52 +0200
Message-Id: <20210614102648.872694302@linuxfoundation.org>
X-Mailer: git-send-email 2.32.0
In-Reply-To: <20210614102646.341387537@linuxfoundation.org>
References: <20210614102646.341387537@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Precedence: bulk
List-ID: <stable.vger.kernel.org>
X-Mailing-List: stable@vger.kernel.org

From: Leo Yan <leo.yan@linaro.org>

[ Upstream commit 197eecb6ecae0b04bd694432f640ff75597fed9c ]

When peeking an event, it has a short path and a long path.  The short
path uses the session pointer "one_mmap_addr" to directly fetch the
event; and the long path needs to read out the event header and the
following event data from file and fill into the buffer pointer passed
through the argument "buf".

The issue is in the long path that it copies the event header and event
data into the same destination address which pointer "buf", this means
the event header is overwritten.  We are just lucky to run into the
short path in most cases, so we don't hit the issue in the long path.

This patch adds the offset "hdr_sz" to the pointer "buf" when copying
the event data, so that it can reserve the event header which can be
used properly by its caller.

Fixes: 5a52f33adf02 ("perf session: Add perf_session__peek_event()")
Signed-off-by: Leo Yan <leo.yan@linaro.org>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Acked-by: Jiri Olsa <jolsa@redhat.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Kan Liang <kan.liang@linux.intel.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: http://lore.kernel.org/lkml/20210605052957.1070720-1-leo.yan@linaro.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 tools/perf/util/session.c | 1 +
 1 file changed, 1 insertion(+)

-- 
2.30.2

diff --git a/tools/perf/util/session.c b/tools/perf/util/session.c
index 56f3039fe2a7..8ff2c98e9032 100644
--- a/tools/perf/util/session.c
+++ b/tools/perf/util/session.c
@@ -1631,6 +1631,7 @@ int perf_session__peek_event(struct perf_session *session, off_t file_offset,
 	if (event->header.size < hdr_sz || event->header.size > buf_sz)
 		return -1;
 
+	buf += hdr_sz;
 	rest = event->header.size - hdr_sz;
 
 	if (readn(fd, buf, rest) != (ssize_t)rest)