Skip to content

cloud-kernel
cloud-kernel

openanolis / cloud-kernel
大约 1 年 前同步成功

通知 158
Star 36
Fork 7
cloud-kernel
cloud-kernel
提交 b9a46bba 编写于 作者: J Jiri Olsa 提交者: Arnaldo Carvalho de Melo
浏览文件
操作

perf top: Fix events overflow in top command 

The snprintf function returns number of printed characters even if it
cross the size parameter. So passing enough events via '-e' parameter
will cause segmentation fault.

It's reproduced by following command:

perf top -e `perf list | grep Tracepoint | awk -F'[' '\
{gsub(/[[:space:]]+/,"",$1);array[FNR]=$1}END{outputs=array[1];\
for (i=2;i<=FNR;i++){ outputs=outputs "," array[i];};print outputs}'`

Attached patch is adding SNPRINTF macro that provides the overflow check
and returns actuall number of printed characters.
Reported-by: NHan Pingtian <phan@redhat.com>
Cc: Han Pingtian <phan@redhat.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
LKML-Reference: <1299528821-17521-2-git-send-email-jolsa@redhat.com>
Signed-off-by: NJiri Olsa <jolsa@redhat.com>
Signed-off-by: NArnaldo Carvalho de Melo <acme@redhat.com>
上级 2a8247a2
隐藏空白更改
内联 并排
Showing with 18 addition and 12 deletion
tools/perf/util/top.c
浏览文件 @ b9a46bba
...@@ -61,6 +61,12 @@ static void rb_insert_active_sym(struct rb_root *tree, struct sym_entry *se) ...@@ -61,6 +61,12 @@ static void rb_insert_active_sym(struct rb_root *tree, struct sym_entry *se)
rb_insert_color(&se->rb_node, tree); rb_insert_color(&se->rb_node, tree);
} }
#define SNPRINTF(buf, size, fmt, args...) \
({ \
size_t r = snprintf(buf, size, fmt, ## args); \
r > size ? size : r; \
})
size_t perf_top__header_snprintf(struct perf_top *top, char *bf, size_t size) size_t perf_top__header_snprintf(struct perf_top *top, char *bf, size_t size)
{ {
struct perf_evsel *counter; struct perf_evsel *counter;
...@@ -70,7 +76,7 @@ size_t perf_top__header_snprintf(struct perf_top *top, char *bf, size_t size) ...@@ -70,7 +76,7 @@ size_t perf_top__header_snprintf(struct perf_top *top, char *bf, size_t size)
size_t ret = 0; size_t ret = 0;
if (!perf_guest) { if (!perf_guest) {
ret = snprintf(bf, size, ret = SNPRINTF(bf, size,
" PerfTop:%8.0f irqs/sec kernel:%4.1f%%" " PerfTop:%8.0f irqs/sec kernel:%4.1f%%"
" exact: %4.1f%% [", samples_per_sec, " exact: %4.1f%% [", samples_per_sec,
100.0 - (100.0 * ((samples_per_sec - ksamples_per_sec) / 100.0 - (100.0 * ((samples_per_sec - ksamples_per_sec) /
...@@ -81,7 +87,7 @@ size_t perf_top__header_snprintf(struct perf_top *top, char *bf, size_t size) ...@@ -81,7 +87,7 @@ size_t perf_top__header_snprintf(struct perf_top *top, char *bf, size_t size)
float guest_kernel_samples_per_sec = top->guest_kernel_samples / top->delay_secs; float guest_kernel_samples_per_sec = top->guest_kernel_samples / top->delay_secs;
float guest_us_samples_per_sec = top->guest_us_samples / top->delay_secs; float guest_us_samples_per_sec = top->guest_us_samples / top->delay_secs;
ret = snprintf(bf, size, ret = SNPRINTF(bf, size,
" PerfTop:%8.0f irqs/sec kernel:%4.1f%% us:%4.1f%%" " PerfTop:%8.0f irqs/sec kernel:%4.1f%% us:%4.1f%%"
" guest kernel:%4.1f%% guest us:%4.1f%%" " guest kernel:%4.1f%% guest us:%4.1f%%"
" exact: %4.1f%% [", samples_per_sec, " exact: %4.1f%% [", samples_per_sec,
...@@ -101,38 +107,38 @@ size_t perf_top__header_snprintf(struct perf_top *top, char *bf, size_t size) ...@@ -101,38 +107,38 @@ size_t perf_top__header_snprintf(struct perf_top *top, char *bf, size_t size)
if (top->evlist->nr_entries == 1 || !top->display_weighted) { if (top->evlist->nr_entries == 1 || !top->display_weighted) {
struct perf_evsel *first; struct perf_evsel *first;
first = list_entry(top->evlist->entries.next, struct perf_evsel, node); first = list_entry(top->evlist->entries.next, struct perf_evsel, node);
ret += snprintf(bf + ret, size - ret, "%" PRIu64 "%s ", ret += SNPRINTF(bf + ret, size - ret, "%" PRIu64 "%s ",
(uint64_t)first->attr.sample_period, (uint64_t)first->attr.sample_period,
top->freq ? "Hz" : ""); top->freq ? "Hz" : "");
} }
if (!top->display_weighted) { if (!top->display_weighted) {
ret += snprintf(bf + ret, size - ret, "%s", ret += SNPRINTF(bf + ret, size - ret, "%s",
event_name(top->sym_evsel)); event_name(top->sym_evsel));
} else list_for_each_entry(counter, &top->evlist->entries, node) { } else list_for_each_entry(counter, &top->evlist->entries, node) {
ret += snprintf(bf + ret, size - ret, "%s%s", ret += SNPRINTF(bf + ret, size - ret, "%s%s",
counter->idx ? "/" : "", event_name(counter)); counter->idx ? "/" : "", event_name(counter));
} }
ret += snprintf(bf + ret, size - ret, "], "); ret += SNPRINTF(bf + ret, size - ret, "], ");
if (top->target_pid != -1) if (top->target_pid != -1)
ret += snprintf(bf + ret, size - ret, " (target_pid: %d", ret += SNPRINTF(bf + ret, size - ret, " (target_pid: %d",
top->target_pid); top->target_pid);
else if (top->target_tid != -1) else if (top->target_tid != -1)
ret += snprintf(bf + ret, size - ret, " (target_tid: %d", ret += SNPRINTF(bf + ret, size - ret, " (target_tid: %d",
top->target_tid); top->target_tid);
else else
ret += snprintf(bf + ret, size - ret, " (all"); ret += SNPRINTF(bf + ret, size - ret, " (all");
if (top->cpu_list) if (top->cpu_list)
ret += snprintf(bf + ret, size - ret, ", CPU%s: %s)", ret += SNPRINTF(bf + ret, size - ret, ", CPU%s: %s)",
top->evlist->cpus->nr > 1 ? "s" : "", top->cpu_list); top->evlist->cpus->nr > 1 ? "s" : "", top->cpu_list);
else { else {
if (top->target_tid != -1) if (top->target_tid != -1)
ret += snprintf(bf + ret, size - ret, ")"); ret += SNPRINTF(bf + ret, size - ret, ")");
else else
ret += snprintf(bf + ret, size - ret, ", %d CPU%s)", ret += SNPRINTF(bf + ret, size - ret, ", %d CPU%s)",
top->evlist->cpus->nr, top->evlist->cpus->nr,
top->evlist->cpus->nr > 1 ? "s" : ""); top->evlist->cpus->nr > 1 ? "s" : "");
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册