perf_event: Fix raw event processing
Xiao Guangrong [Mon, 7 Dec 2009 04:06:29 +0000 (12:06 +0800)]
We use 'data.raw_data' parameter to call process_raw_event(),
but data.raw_data buffer not include data size. it can make perf
tool crash.

This bug was introduced by commit 180f95e29a ("perf: Make common
SAMPLE_EVENT parser").

Signed-off-by: Xiao Guangrong <xiaoguangrong@cn.fujitsu.com>
Cc: Pekka Enberg <penberg@cs.helsinki.fi>
Cc: Eduard - Gabriel Munteanu <eduard.munteanu@linux360.ro>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Paul Mackerras <paulus@samba.org>
Cc: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Li Zefan <lizf@cn.fujitsu.com>
LKML-Reference: <4B1C7F45.5080105@cn.fujitsu.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>

tools/perf/builtin-kmem.c
tools/perf/builtin-sched.c

index f218990..f84d7a3 100644 (file)
@@ -289,13 +289,17 @@ static void process_free_event(struct raw_event_sample *raw,
 }
 
 static void
-process_raw_event(event_t *raw_event __used, void *more_data,
+process_raw_event(event_t *raw_event __used, u32 size, void *data,
                  int cpu, u64 timestamp, struct thread *thread)
 {
-       struct raw_event_sample *raw = more_data;
+       struct raw_event_sample *raw;
        struct event *event;
        int type;
 
+       raw = malloc_or_die(sizeof(*raw)+size);
+       raw->size = size;
+       memcpy(raw->data, data, size);
+
        type = trace_parse_common_type(raw->data);
        event = trace_find_event(type);
 
@@ -345,7 +349,8 @@ static int process_sample_event(event_t *event)
 
        dump_printf(" ... thread: %s:%d\n", thread->comm, thread->pid);
 
-       process_raw_event(event, data.raw_data, data.cpu, data.time, thread);
+       process_raw_event(event, data.raw_size, data.raw_data, data.cpu,
+                         data.time, thread);
 
        return 0;
 }
index 7481ebd..4655e16 100644 (file)
@@ -1570,13 +1570,17 @@ process_sched_migrate_task_event(struct raw_event_sample *raw,
 }
 
 static void
-process_raw_event(event_t *raw_event __used, void *more_data,
+process_raw_event(event_t *raw_event __used, u32 size, void *data,
                  int cpu, u64 timestamp, struct thread *thread)
 {
-       struct raw_event_sample *raw = more_data;
+       struct raw_event_sample *raw;
        struct event *event;
        int type;
 
+       raw = malloc_or_die(sizeof(*raw)+size);
+       raw->size = size;
+       memcpy(raw->data, data, size);
+
        type = trace_parse_common_type(raw->data);
        event = trace_find_event(type);
 
@@ -1629,7 +1633,8 @@ static int process_sample_event(event_t *event)
        if (profile_cpu != -1 && profile_cpu != (int)data.cpu)
                return 0;
 
-       process_raw_event(event, data.raw_data, data.cpu, data.time, thread);
+       process_raw_event(event, data.raw_size, data.raw_data, data.cpu,
+                         data.time, thread);
 
        return 0;
 }