[PATCH 1/7] perf ordered_events: Fix crash in ordered_events__free

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Arnaldo Carvalho de Melo <acme@kernel.org>
To: Ingo Molnar <mingo@kernel.org>
Cc: Clark Williams <williams@redhat.com>,
	linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org,
	Jiri Olsa <jolsa@kernel.org>, Song Liu <liu.song.a23@gmail.com>,
	Alexander Shishkin <alexander.shishkin@linux.intel.com>,
	Namhyung Kim <namhyung@kernel.org>,
	Peter Zijlstra <peterz@infradead.org>,
	Stephane Eranian <eranian@google.com>,
	Arnaldo Carvalho de Melo <acme@redhat.com>
Subject: [PATCH 1/7] perf ordered_events: Fix crash in ordered_events__free
Date: Mon, 21 Jan 2019 15:35:01 -0300	[thread overview]
Message-ID: <20190121183507.23490-2-acme@kernel.org> (raw)
In-Reply-To: <20190121183507.23490-1-acme@kernel.org>

From: Jiri Olsa <jolsa@kernel.org>

Song Liu reported crash in 'perf record':

  > #0  0x0000000000500055 in ordered_events(float, long double,...)(...) ()
  > #1  0x0000000000500196 in ordered_events.reinit ()
  > #2  0x00000000004fe413 in perf_session.process_events ()
  > #3  0x0000000000440431 in cmd_record ()
  > #4  0x00000000004a439f in run_builtin ()
  > #5  0x000000000042b3e5 in main ()"

This can happen when we get out of buffers during event processing.

The subsequent ordered_events__free() call assumes oe->buffer != NULL
and crashes. Add a check to prevent that.

Reported-by: Song Liu <liu.song.a23@gmail.com>
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Reviewed-by: Song Liu <liu.song.a23@gmail.com>
Tested-by: Song Liu <liu.song.a23@gmail.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Link: http://lkml.kernel.org/r/20190117113017.12977-1-jolsa@kernel.org
Fixes: d5ceb62b3654 ("perf ordered_events: Add 'struct ordered_events_buffer' layer")
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
---
 tools/perf/util/ordered-events.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/tools/perf/util/ordered-events.c b/tools/perf/util/ordered-events.c
index 897589507d97..ea523d3b248f 100644
--- a/tools/perf/util/ordered-events.c
+++ b/tools/perf/util/ordered-events.c
@@ -391,8 +391,10 @@ void ordered_events__free(struct ordered_events *oe)
 	 * Current buffer might not have all the events allocated
 	 * yet, we need to free only allocated ones ...
 	 */
-	list_del(&oe->buffer->list);
-	ordered_events_buffer__free(oe->buffer, oe->buffer_idx, oe);
+	if (oe->buffer) {
+		list_del(&oe->buffer->list);
+		ordered_events_buffer__free(oe->buffer, oe->buffer_idx, oe);
+	}
 
 	/* ... and continue with the rest */
 	list_for_each_entry_safe(buffer, tmp, &oe->to_free, list) {
-- 
2.20.1

next prev parent reply	other threads:[~2019-01-21 18:35 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-01-21 18:35 [GIT PULL 0/7] perf/urgent fixes Arnaldo Carvalho de Melo
2019-01-21 18:35 ` Arnaldo Carvalho de Melo [this message]
2019-01-21 18:35 ` [PATCH 2/7] perf script: Fix crash with printing mixed trace point and other events Arnaldo Carvalho de Melo
2019-01-21 18:35 ` [PATCH 3/7] perf core: Fix perf_proc_update_handler() bug Arnaldo Carvalho de Melo
2019-01-21 18:35 ` [PATCH 4/7] perf python: Remove -fstack-clash-protection when building with some clang versions Arnaldo Carvalho de Melo
2019-01-21 18:35 ` [PATCH 5/7] perf tools: Handle TOPOLOGY headers with no CPU Arnaldo Carvalho de Melo
2019-01-21 18:35 ` [PATCH 6/7] perf top: Fix wrong hottest instruction highlighted Arnaldo Carvalho de Melo
2019-01-21 18:35 ` [PATCH 7/7] perf script: Fix crash when processing recorded stat data Arnaldo Carvalho de Melo
2019-01-22 11:30 ` [GIT PULL 0/7] perf/urgent fixes Ingo Molnar

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:897589507d9 dfblob:ea523d3b248 )
 OR (
bs:"[PATCH 1/7] perf ordered_events: Fix crash in ordered_events__free" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190121183507.23490-2-acme@kernel.org \
    --to=acme@kernel.org \
    --cc=acme@redhat.com \
    --cc=alexander.shishkin@linux.intel.com \
    --cc=eranian@google.com \
    --cc=jolsa@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-perf-users@vger.kernel.org \
    --cc=liu.song.a23@gmail.com \
    --cc=mingo@kernel.org \
    --cc=namhyung@kernel.org \
    --cc=peterz@infradead.org \
    --cc=williams@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.