Re: [PATCH 03/13] perf symbols: Break infinite loop on zero-filled notes in sysfs__read_build_id()

[Ian Rogers]

On Fri, Jun 12, 2026 at 3:24 PM Arnaldo Carvalho de Melo
<acme@xxxxxxxxxx> wrote:
>
> From: Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>
>
> sysfs__read_build_id() iterates ELF note headers from sysfs files in a
> while(1) loop.  If the file contains a zero-filled note header (both
> n_namesz and n_descsz are 0), the code computes n = namesz + descsz = 0
> and calls read(fd, bf, 0).  read() with count 0 returns 0, which
> matches the expected (ssize_t)n value, so the error check passes and
> the loop repeats — reading the same zero bytes and spinning forever.
>
> This can happen with corrupted or zero-padded sysfs pseudo-files.
>
> Add a check for n == 0 before the read, since no valid ELF note has
> both name and description of zero length.
>
> Reported-by: sashiko-bot <sashiko-bot@xxxxxxxxxx>
> Fixes: f1617b40596cb341 ("perf symbols: Record the build_ids of kernel modules too")
> Assisted-by: Claude Opus 4.6 <noreply@xxxxxxxxxxxxx>
> Signed-off-by: Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>

Reviewed-by: Ian Rogers <irogers@xxxxxxxxxx>

Thanks,
Ian

> ---
>  tools/perf/util/symbol-elf.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/tools/perf/util/symbol-elf.c b/tools/perf/util/symbol-elf.c
> index d84e2e031d430cf5..dc48e2d2763379b9 100644
> --- a/tools/perf/util/symbol-elf.c
> +++ b/tools/perf/util/symbol-elf.c
> @@ -995,6 +995,9 @@ int sysfs__read_build_id(const char *filename, struct build_id *bid)
>                         } else {
>                                 n = namesz + descsz;
>                         }
> +                       /* no valid note has both namesz and descsz zero */
> +                       if (n == 0)
> +                               break;
>                         if (read(fd, bf, n) != (ssize_t)n)
>                                 break;
>                 }
> --
> 2.54.0
>