From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752622AbdAUBsx (ORCPT ); Fri, 20 Jan 2017 20:48:53 -0500 Received: from sub5.mail.dreamhost.com ([208.113.200.129]:59909 "EHLO homiemail-a51.g.dreamhost.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750943AbdAUBsw (ORCPT ); Fri, 20 Jan 2017 20:48:52 -0500 Date: Fri, 20 Jan 2017 17:48:50 -0800 From: Krister Johansen To: Arnaldo Carvalho de Melo Cc: Namhyung Kim , Masami Hiramatsu , =?utf-8?B?RnLDqWTDqXJpYw==?= Weisbecker , linux-kernel@vger.kernel.org Subject: Re: [PATCH v3 perf/core] perf script: fix a use after free crash. Message-ID: <20170121014850.GA2598@templeofstupid.com> References: <20170103003033.GD27864@kernel.org> <20170106062331.GB2707@templeofstupid.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170106062331.GB2707@templeofstupid.com> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hey Arnaldo, On Thu, Jan 05, 2017 at 10:23:31PM -0800, Krister Johansen wrote: > If dso__load_kcore frees all of the existing maps, but one has already > been attached to a callchain cursor node, then we can get a SIGSEGV in > any function that happens to try to use this invalid cursor. Use the > existing map refcount mechanism to forestall cleanup of a map until the > cursor iterates past the node. It's been a couple of weeks since I sent you the v3 of this patch. Last time I fiddled with it, I was able to reproduce your 'perf top' core, and was able to verify that the latest patch I sent out could survive running 'perf top' through the course of a full kernel build. Is there anything else I can do to help with this one? Thanks, -K