diff options
| author | Arnaldo Carvalho de Melo <acme@redhat.com> | 2026-06-10 19:32:22 -0300 |
|---|---|---|
| committer | Arnaldo Carvalho de Melo <acme@redhat.com> | 2026-06-17 08:28:31 -0300 |
| commit | 063c647b24f640657d6d9e2e90d620ea3ee19ae6 (patch) | |
| tree | 7874b8a48c3498b3b4ee71ce7f85e69128f4cf73 | |
| parent | 2a3716544359d4312c81b0fa909a13301186da17 (diff) | |
| download | lwn-063c647b24f640657d6d9e2e90d620ea3ee19ae6.tar.gz lwn-063c647b24f640657d6d9e2e90d620ea3ee19ae6.zip | |
perf symbols: Break infinite loop on zero-filled notes in sysfs__read_build_id()
sysfs__read_build_id() iterates ELF note headers from sysfs files in a
while(1) loop. If the file contains a zero-filled note header (both
n_namesz and n_descsz are 0), the code computes n = namesz + descsz = 0
and calls read(fd, bf, 0). read() with count 0 returns 0, which
matches the expected (ssize_t)n value, so the error check passes and
the loop repeats — reading the same zero bytes and spinning forever.
This can happen with corrupted or zero-padded sysfs pseudo-files.
Add a check for n == 0 before the read, since no valid ELF note has
both name and description of zero length.
Reported-by: sashiko-bot <sashiko-bot@kernel.org>
Fixes: f1617b40596cb341 ("perf symbols: Record the build_ids of kernel modules too")
Reviewed-by: Ian Rogers <irogers@google.com>
Assisted-by: Claude:claude-opus-4.6
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
| -rw-r--r-- | tools/perf/util/symbol-elf.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/tools/perf/util/symbol-elf.c b/tools/perf/util/symbol-elf.c index c301c298ded9..39562bdec8b9 100644 --- a/tools/perf/util/symbol-elf.c +++ b/tools/perf/util/symbol-elf.c @@ -995,6 +995,9 @@ int sysfs__read_build_id(const char *filename, struct build_id *bid) } else { n = namesz + descsz; } + /* no valid note has both namesz and descsz zero */ + if (n == 0) + break; if (read(fd, bf, n) != (ssize_t)n) break; } |