From: Arnaldo Carvalho de Melo <acme@kernel.org>
To: Ingo Molnar <mingo@kernel.org>, Thomas Gleixner <tglx@linutronix.de>
Cc: Jiri Olsa <jolsa@kernel.org>, Namhyung Kim <namhyung@kernel.org>,
Clark Williams <williams@redhat.com>,
linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org,
Ian Rogers <irogers@google.com>, Jiri Olsa <jolsa@redhat.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Mark Rutland <mark.rutland@arm.com>,
Peter Zijlstra <peterz@infradead.org>,
Stephane Eranian <eranian@google.com>,
clang-built-linux@googlegroups.com,
Arnaldo Carvalho de Melo <acme@redhat.com>
Subject: [PATCH 63/91] perf mem2node: Avoid double free related to realloc
Date: Wed, 6 May 2020 12:22:06 -0300 [thread overview]
Message-ID: <20200506152234.21977-64-acme@kernel.org> (raw)
In-Reply-To: <20200506152234.21977-1-acme@kernel.org>
From: Ian Rogers <irogers@google.com>
Realloc of size zero is a free not an error, avoid this causing a double
free. Caught by clang's address sanitizer:
==2634==ERROR: AddressSanitizer: attempting double-free on 0x6020000015f0 in thread T0:
#0 0x5649659297fd in free llvm/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:123:3
#1 0x5649659e9251 in __zfree tools/lib/zalloc.c:13:2
#2 0x564965c0f92c in mem2node__exit tools/perf/util/mem2node.c:114:2
#3 0x564965a08b4c in perf_c2c__report tools/perf/builtin-c2c.c:2867:2
#4 0x564965a0616a in cmd_c2c tools/perf/builtin-c2c.c:2989:10
#5 0x564965944348 in run_builtin tools/perf/perf.c:312:11
#6 0x564965943235 in handle_internal_command tools/perf/perf.c:364:8
#7 0x5649659440c4 in run_argv tools/perf/perf.c:408:2
#8 0x564965942e41 in main tools/perf/perf.c:538:3
0x6020000015f0 is located 0 bytes inside of 1-byte region [0x6020000015f0,0x6020000015f1)
freed by thread T0 here:
#0 0x564965929da3 in realloc third_party/llvm/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3
#1 0x564965c0f55e in mem2node__init tools/perf/util/mem2node.c:97:16
#2 0x564965a08956 in perf_c2c__report tools/perf/builtin-c2c.c:2803:8
#3 0x564965a0616a in cmd_c2c tools/perf/builtin-c2c.c:2989:10
#4 0x564965944348 in run_builtin tools/perf/perf.c:312:11
#5 0x564965943235 in handle_internal_command tools/perf/perf.c:364:8
#6 0x5649659440c4 in run_argv tools/perf/perf.c:408:2
#7 0x564965942e41 in main tools/perf/perf.c:538:3
previously allocated by thread T0 here:
#0 0x564965929c42 in calloc third_party/llvm/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:154:3
#1 0x5649659e9220 in zalloc tools/lib/zalloc.c:8:9
#2 0x564965c0f32d in mem2node__init tools/perf/util/mem2node.c:61:12
#3 0x564965a08956 in perf_c2c__report tools/perf/builtin-c2c.c:2803:8
#4 0x564965a0616a in cmd_c2c tools/perf/builtin-c2c.c:2989:10
#5 0x564965944348 in run_builtin tools/perf/perf.c:312:11
#6 0x564965943235 in handle_internal_command tools/perf/perf.c:364:8
#7 0x5649659440c4 in run_argv tools/perf/perf.c:408:2
#8 0x564965942e41 in main tools/perf/perf.c:538:3
v2: add a WARN_ON_ONCE when the free condition arises.
Signed-off-by: Ian Rogers <irogers@google.com>
Acked-by: Jiri Olsa <jolsa@redhat.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: clang-built-linux@googlegroups.com
Link: http://lore.kernel.org/lkml/20200320182347.87675-1-irogers@google.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
---
tools/perf/util/mem2node.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tools/perf/util/mem2node.c b/tools/perf/util/mem2node.c
index 797d86a1ab09..c84f5841c7ab 100644
--- a/tools/perf/util/mem2node.c
+++ b/tools/perf/util/mem2node.c
@@ -1,5 +1,6 @@
#include <errno.h>
#include <inttypes.h>
+#include <asm/bug.h>
#include <linux/bitmap.h>
#include <linux/kernel.h>
#include <linux/zalloc.h>
@@ -95,7 +96,7 @@ int mem2node__init(struct mem2node *map, struct perf_env *env)
/* Cut unused entries, due to merging. */
tmp_entries = realloc(entries, sizeof(*entries) * j);
- if (tmp_entries)
+ if (tmp_entries || WARN_ON_ONCE(j == 0))
entries = tmp_entries;
for (i = 0; i < j; i++) {
--
2.21.1
next prev parent reply other threads:[~2020-05-06 15:22 UTC|newest]
Thread overview: 106+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-06 15:21 [GIT PULL] perf/core improvements and fixes Arnaldo Carvalho de Melo
2020-05-06 15:21 ` Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 01/91] perf cgroup: Avoid needless closing of unopened fd Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 02/91] perf bench: Fix div-by-zero if runtime is zero Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 03/91] perf evlist: Remove duplicate headers Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 04/91] perf script: Avoid NULL dereference on symbol Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 05/91] perf stat: Zero all the 'ena' and 'run' array slot stats for interval mode Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 06/91] perf stat: Improve runtime stat " Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 07/91] perf test session topology: Fix data path Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 08/91] perf record: Add num-synthesize-threads option Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 09/91] perf bench: Add a multi-threaded synthesize benchmark Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 10/91] tools api: Add a lightweight buffered reading api Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 11/91] perf synthetic events: Remove use of sscanf from /proc reading Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 12/91] perf script: Remove extraneous newline in perf_sample__fprintf_regs() Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 13/91] libtraceevent: Remove unneeded semicolon Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 14/91] perf c2c: " Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 15/91] perf tools: Remove unneeded semicolons Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 16/91] perf report: Fix warning assignment of 0/1 to bool variable Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 17/91] perf pmu: Fix function name in comment, its get_cpuid_str(), not get_cpustr() Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 18/91] perf metricgroups: Enhance JSON/metric infrastructure to handle "?" Arnaldo Carvalho de Melo
2020-05-06 15:21 ` Arnaldo Carvalho de Melo
2020-05-06 15:21 ` Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 19/91] perf tests expr: Added test for runtime param in metric expression Arnaldo Carvalho de Melo
2020-05-06 15:21 ` Arnaldo Carvalho de Melo
2020-05-06 15:21 ` Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 20/91] perf tools: Enable Hz/hz prinitg for --metric-only option Arnaldo Carvalho de Melo
2020-05-06 15:21 ` Arnaldo Carvalho de Melo
2020-05-06 15:21 ` Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 21/91] perf vendor events power9: Add hv_24x7 socket/chip level metric events Arnaldo Carvalho de Melo
2020-05-06 15:21 ` Arnaldo Carvalho de Melo
2020-05-06 15:21 ` Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 22/91] perf tools: Move routines that probe for perf API features to separate file Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 23/91] perf record: Move sb_evlist to 'struct record' Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 24/91] perf top: Move sb_evlist to 'struct perf_top' Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 25/91] perf bpf: Decouple creating the evlist from adding the SB event Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 26/91] perf parse-events: Add parse_events_option() variant that creates evlist Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 27/91] perf evlist: Move the sideband thread routines to separate object Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 28/91] perf evlist: Allow reusing the side band thread for more purposes Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 29/91] libsubcmd: Introduce OPT_CALLBACK_SET() Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 30/91] perf record: Introduce --switch-output-event Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 31/91] perf record: Move side band evlist setup to separate routine Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 32/91] libperf: Add NULL pointer check for cpu_map iteration and NULL assignment for all_cpus Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 33/91] perf parse-events: Fix memory leaks found on parse_events Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 34/91] " Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 35/91] perf parse-events: Fix another memory leaks found on parse_events() Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 36/91] libperf evlist: Fix a refcount leak Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 37/91] perf tools: Fix reading new topology attribute "core_cpus" Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 38/91] perf tools: Simplify checking if SMT is active Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 39/91] perf thread-stack: Add branch stack support Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 40/91] perf intel-pt: Consolidate thread-stack use condition Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 41/91] perf intel-pt: Change branch stack support to use thread-stacks Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 42/91] perf auxtrace: Add option to synthesize branch stack for regular events Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 43/91] perf evsel: Add support for synthesized branch stack sample type Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 44/91] perf thread-stack: Add thread_stack__br_sample_late() Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 45/91] perf intel-pt: Add support for synthesizing branch stacks for regular events Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 46/91] perf intel-pt: Update documentation about itrace G and L options Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 47/91] perf intel-pt: Update documentation about using /proc/kcore Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 48/91] perf evsel: Rename 'struct perf_evsel__sb_cb_t' to 'struct evsel__sb_cb_t' Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 49/91] perf evsel: Rename perf_evsel__nr_cpus() to evsel__nr_cpus() Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 50/91] perf evsel: Rename perf_evsel__compute_deltas() to evsel__compute_deltas() Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 51/91] perf evsel: Rename perf_evsel__find_pmu() to evsel__find_pmu() Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 52/91] perf evsel: Rename perf_evsel__is_aux_event() to evsel__is_aux_event() Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 53/91] perf evsel: Rename perf_evsel__exit() to evsel__exit() Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 54/91] perf evsel: Rename perf_evsel__config*() to evsel__config*() Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 55/91] perf evsel: Rename perf_evsel__calc_id_pos() to evsel__calc_id_pos() Arnaldo Carvalho de Melo
2020-05-06 15:21 ` [PATCH 56/91] perf evsel: Rename __perf_evsel__sample_size() to __evsel__sample_size() Arnaldo Carvalho de Melo
2020-05-06 15:22 ` [PATCH 57/91] perf evsel: Rename *perf_evsel__*name() to *evsel__*name() Arnaldo Carvalho de Melo
2020-05-06 15:22 ` [PATCH 58/91] perf evsel: Rename perf_evsel__group_desc() to evsel__group_desc() Arnaldo Carvalho de Melo
2020-05-06 15:22 ` [PATCH 59/91] perf evsel: Rename *perf_evsel__*set_sample_*() to *evsel__*set_sample_*() Arnaldo Carvalho de Melo
2020-05-06 15:22 ` [PATCH 60/91] perf evsel: Rename perf_evsel__*filter*() to evsel__*filter*() Arnaldo Carvalho de Melo
2020-05-06 15:22 ` [PATCH 61/91] perf evsel: Rename perf_evsel__open_per_*() to evsel__open_per_*() Arnaldo Carvalho de Melo
2020-05-06 15:22 ` [PATCH 62/91] perf evsel: Rename perf_evsel__{str,int}val() and other tracepoint field metehods to to evsel__*() Arnaldo Carvalho de Melo
2020-05-06 15:22 ` Arnaldo Carvalho de Melo [this message]
2020-05-06 15:22 ` [PATCH 64/91] perf doc: Pass ASCIIDOC_EXTRA as an argument Arnaldo Carvalho de Melo
2020-05-06 15:22 ` Arnaldo Carvalho de Melo
2020-05-06 15:22 ` [PATCH 65/91] tools feature: Add support for detecting libpfm4 Arnaldo Carvalho de Melo
2020-05-06 15:22 ` Arnaldo Carvalho de Melo
2020-05-06 15:22 ` [PATCH 66/91] perf pmu: Add perf_pmu__find_by_type helper Arnaldo Carvalho de Melo
2020-05-06 15:22 ` Arnaldo Carvalho de Melo
2020-05-06 15:22 ` [PATCH 67/91] perf evsel: Rename perf_evsel__is_*() to evsel__is*() Arnaldo Carvalho de Melo
2020-05-06 15:22 ` [PATCH 68/91] perf evsel: Ditch perf_evsel__cmp(), not used for quite a while Arnaldo Carvalho de Melo
2020-05-06 15:22 ` [PATCH 69/91] perf evsel: Rename *perf_evsel__read*() to *evsel__read() Arnaldo Carvalho de Melo
2020-05-06 15:22 ` [PATCH 70/91] perf evsel: Rename perf_evsel__parse_sample*() to evsel__parse_sample*() Arnaldo Carvalho de Melo
2020-05-06 15:22 ` [PATCH 71/91] perf evsel: Rename perf_evsel__{prev,next}() to evsel__{prev,next}() Arnaldo Carvalho de Melo
2020-05-06 15:22 ` [PATCH 72/91] perf evsel: Rename perf_evsel__has*() to evsel__has*() Arnaldo Carvalho de Melo
2020-05-06 15:22 ` [PATCH 73/91] perf evsel: Rename perf_evsel__fallback() to evsel__fallback() Arnaldo Carvalho de Melo
2020-05-06 15:22 ` [PATCH 74/91] perf evsel: Rename perf_evsel__group_idx() to evsel__group_idx() Arnaldo Carvalho de Melo
2020-05-06 15:22 ` [PATCH 75/91] perf evsel: Rename perf_evsel__env() to evsel__env() Arnaldo Carvalho de Melo
2020-05-06 15:22 ` [PATCH 76/91] perf evsel: Rename perf_evsel__store_ids() to evsel__store_id() Arnaldo Carvalho de Melo
2020-05-06 15:22 ` [PATCH 77/91] perf stat: Rename perf_evsel__*() operating on 'struct evsel *' to evsel__*() Arnaldo Carvalho de Melo
2020-05-06 15:22 ` [PATCH 78/91] perf kmem: " Arnaldo Carvalho de Melo
2020-05-06 15:22 ` [PATCH 79/91] perf lock: " Arnaldo Carvalho de Melo
2020-05-06 15:22 ` [PATCH 80/91] perf sched: " Arnaldo Carvalho de Melo
2020-05-06 15:22 ` [PATCH 81/91] perf script: " Arnaldo Carvalho de Melo
2020-05-06 15:22 ` [PATCH 82/91] perf trace: " Arnaldo Carvalho de Melo
2020-05-06 15:22 ` [PATCH 83/91] perf annotate: " Arnaldo Carvalho de Melo
2020-05-06 15:22 ` [PATCH 84/91] perf inject: " Arnaldo Carvalho de Melo
2020-05-06 15:22 ` [PATCH 85/91] perf symbol: Fix kernel symbol address display Arnaldo Carvalho de Melo
2020-05-06 15:22 ` [PATCH 86/91] perf: cs-etm: Update to build with latest opencsd version Arnaldo Carvalho de Melo
2020-05-06 15:22 ` Arnaldo Carvalho de Melo
2020-05-06 15:22 ` [PATCH 87/91] perf bench: Add kallsyms parsing Arnaldo Carvalho de Melo
2020-05-06 15:22 ` [PATCH 88/91] libsymbols kallsyms: Parse using io api Arnaldo Carvalho de Melo
2020-05-06 15:22 ` [PATCH 89/91] libsymbols kallsyms: Move hex2u64 out of header Arnaldo Carvalho de Melo
2020-05-06 15:22 ` [PATCH 90/91] perf cs-etm: Move definition of 'traceid_list' global variable from header file Arnaldo Carvalho de Melo
2020-05-06 15:22 ` Arnaldo Carvalho de Melo
2020-05-06 15:22 ` [PATCH 91/91] perf flamegraph: Use /bin/bash for report and record scripts Arnaldo Carvalho de Melo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200506152234.21977-64-acme@kernel.org \
--to=acme@kernel.org \
--cc=acme@redhat.com \
--cc=alexander.shishkin@linux.intel.com \
--cc=clang-built-linux@googlegroups.com \
--cc=eranian@google.com \
--cc=irogers@google.com \
--cc=jolsa@kernel.org \
--cc=jolsa@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-perf-users@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=mingo@kernel.org \
--cc=namhyung@kernel.org \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=williams@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.