From: sashiko-bot@kernel.org
To: "Ian Rogers" <irogers@google.com>
Cc: linux-perf-users@vger.kernel.org
Subject: Re: [PATCH v1 3/3] perf kwork: Fix memory management of kwork_work
Date: Thu, 21 May 2026 09:34:49 +0000 [thread overview]
Message-ID: <20260521093450.48FA51F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260521072429.1283423-4-irogers@google.com>
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
Pre-existing issues:
- [Medium] The top_print_work function passes work->name to printf without verifying it is non-NULL, which can cause a crash.
--
commit 03666bc88a2d8e65da244923eb1ef63e0a473153
Author: Ian Rogers <irogers@google.com>
perf kwork: Fix memory management of kwork_work
This commit implements a global cleanup function to free all kwork_work
and kwork_atom_page objects at exit. It also fixes memory leaks during
task merging and ensures all name fields in struct kwork_work are properly
allocated and freed, while adding robustness checks for NULL names.
> diff --git a/tools/perf/builtin-kwork.c b/tools/perf/builtin-kwork.c
> index a4604e1520023..f793ea578515d 100644
> --- a/tools/perf/builtin-kwork.c
> +++ b/tools/perf/builtin-kwork.c
[ ... ]
> @@ -1002,13 +1051,16 @@ static void irq_work_init(struct perf_kwork *kwork,
> work->name = NULL;
> } else {
> work->id = perf_sample__intval(sample, "irq");
> - work->name = perf_sample__strval(sample, "name");
> + work->name = strdup(perf_sample__strval(sample, "name") ?: "<unknown>");
> }
> }
>
> static void irq_work_name(struct kwork_work *work, char *buf, int len)
> {
> - snprintf(buf, len, "%s:%" PRIu64 "", work->name, work->id);
> + if (work->name != NULL)
> + snprintf(buf, len, "%s:%" PRIu64 "", work->name, work->id);
> + else
> + snprintf(buf, len, "%" PRIu64 "", work->id);
> }
[Severity: Medium]
This is a pre-existing issue, but while you are adding NULL checks for
work->name here, should top_print_work() also be updated?
If strdup() fails due to memory pressure, or if bpf_map_lookup_elem() fails
in BPF mode, work->name can be NULL. In top_print_work(), work->name is
passed directly to printf() as a string, which can cause a segmentation fault
on strict libc implementations:
tools/perf/builtin-kwork.c:top_print_work() {
...
if (kwork->use_bpf)
ret += printf(" %s%s%s",
work->is_kthread ? "[" : "",
work->name,
work->is_kthread ? "]" : "");
else
ret += printf(" %-*s", PRINT_TASK_NAME_WIDTH, work->name);
...
}
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260521072429.1283423-1-irogers@google.com?part=3
next prev parent reply other threads:[~2026-05-21 9:34 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-21 7:24 [PATCH v1 0/3] perf: Fix kwork memory sanitization and libunwind test builds Ian Rogers
2026-05-21 7:24 ` [PATCH v1 1/3] perf build: Unconditionally set up libunwind feature build flags Ian Rogers
2026-05-21 7:24 ` [PATCH v1 2/3] perf kwork: Fix address sanitizer issues Ian Rogers
2026-05-21 7:24 ` [PATCH v1 3/3] perf kwork: Fix memory management of kwork_work Ian Rogers
2026-05-21 9:34 ` sashiko-bot [this message]
2026-05-22 21:33 ` [PATCH v1 0/3] perf: Fix kwork memory sanitization and libunwind test builds Ian Rogers
2026-05-22 23:52 ` Arnaldo Carvalho de Melo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260521093450.48FA51F000E9@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=irogers@google.com \
--cc=linux-perf-users@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.