From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id DCC63C3DA49 for ; Tue, 30 Jul 2024 16:56:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=437L9Mxe921Wvh0cPmWHNtnJWRtDW4/32rmVHypIApc=; b=bDjSxDwBJgWazJBf00yV9LzENH 7YETv8lcn/0iOVhjgjmHylyU1jyhQ0f7q2SJL5wcoJ/9c3cj5ECCc/O7PWK3jzdseNpcWwbsiUqu8 D5Wg7sbGUk6LCHAkjtpB+4OZjqdfTuWuvuSMV/wPR3TjnXijfBPP8pE6h/eKuEICYrpyZSIqm1EQe e7zHmJPhbrcEEwpGdIWYWkaM0Zrl5o3rrWnUySBc+2ob4ibtWc7VhUdzbS8+HZCUio7i0BjrFd9HF uSUFSn5L/Qgxx+t75Nv1Og3N5NymAi9hEAypklP+BmR1HvEK/vjpy7o+XCp1xfphsx/zkpkq2MTW1 kflL3wyg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1sYq98-0000000FwNb-24Lu; Tue, 30 Jul 2024 16:56:22 +0000 Received: from sin.source.kernel.org ([2604:1380:40e1:4800::1]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1sYq8g-0000000FwKi-0Suv for linux-arm-kernel@lists.infradead.org; Tue, 30 Jul 2024 16:55:55 +0000 Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 75FCFCE113B; Tue, 30 Jul 2024 16:55:51 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B7751C32782; Tue, 30 Jul 2024 16:55:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1722358550; bh=Ny9QKlxxydlA7elX9dnZeEETRH/WaqkUIsi3HQ0M/wY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=QZCeQcQcIqb+Z9kMuQ0D5fq8wU8CKSOuWzzqF3t388BeU/5LRx6WUzwUXGRtFdirr BlswTcmCzZtARAjm1zMCr2WkPcfR337uwZb3AXYoL7KDrbxgYnxRCokiIgTqkZqWSi j4JRaezuNP/6p0qQP6KsJwSkxqlQJeVh+H6Gb65o= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Junhao He , ravi.bangoria@amd.com, james.clark@arm.com, prime.zeng@hisilicon.com, cuigaosheng1@huawei.com, jonathan.cameron@huawei.com, linuxarm@huawei.com, yangyicong@huawei.com, robh@kernel.org, renyu.zj@linux.alibaba.com, kjain@linux.ibm.com, john.g.garry@oracle.com, linux-arm-kernel@lists.infradead.org, Namhyung Kim , Sasha Levin Subject: [PATCH 6.10 346/809] perf pmus: Fixes always false when compare duplicates aliases Date: Tue, 30 Jul 2024 17:43:42 +0200 Message-ID: <20240730151738.300105397@linuxfoundation.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240730151724.637682316@linuxfoundation.org> References: <20240730151724.637682316@linuxfoundation.org> User-Agent: quilt/0.67 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240730_095554_518219_6E59724D X-CRM114-Status: GOOD ( 15.30 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org 6.10-stable review patch. If anyone has any objections, please let me know. ------------------ From: Junhao He [ Upstream commit dd9a426eade634bf794c7e0f1b0c6659f556942f ] In the previous loop, all the members in the aliases[j-1] have been freed and set to NULL. But in this loop, the function pmu_alias_is_duplicate() compares the aliases[j] with the aliases[j-1] that has already been disposed, so the function will always return false and duplicate aliases will never be discarded. If we find duplicate aliases, it skips the zfree aliases[j], which is accompanied by a memory leak. We can use the next aliases[j+1] to theck for duplicate aliases to fixes the aliases NULL pointer dereference, then goto zfree code snippet to release it. After patch testing: $ perf list --unit=hisi_sicl,cpa pmu uncore cpa: cpa_p0_rd_dat_32b [Number of read ops transmitted by the P0 port which size is 32 bytes. Unit: hisi_sicl,cpa] cpa_p0_rd_dat_64b [Number of read ops transmitted by the P0 port which size is 64 bytes. Unit: hisi_sicl,cpa] Fixes: c3245d2093c1 ("perf pmu: Abstract alias/event struct") Signed-off-by: Junhao He Cc: ravi.bangoria@amd.com Cc: james.clark@arm.com Cc: prime.zeng@hisilicon.com Cc: cuigaosheng1@huawei.com Cc: jonathan.cameron@huawei.com Cc: linuxarm@huawei.com Cc: yangyicong@huawei.com Cc: robh@kernel.org Cc: renyu.zj@linux.alibaba.com Cc: kjain@linux.ibm.com Cc: john.g.garry@oracle.com Cc: linux-arm-kernel@lists.infradead.org Signed-off-by: Namhyung Kim Link: https://lore.kernel.org/r/20240614094318.11607-1-hejunhao3@huawei.com Signed-off-by: Sasha Levin --- tools/perf/util/pmus.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tools/perf/util/pmus.c b/tools/perf/util/pmus.c index b9b4c5eb50027..6907e3e7fbd16 100644 --- a/tools/perf/util/pmus.c +++ b/tools/perf/util/pmus.c @@ -477,8 +477,8 @@ void perf_pmus__print_pmu_events(const struct print_callbacks *print_cb, void *p qsort(aliases, len, sizeof(struct sevent), cmp_sevent); for (int j = 0; j < len; j++) { /* Skip duplicates */ - if (j > 0 && pmu_alias_is_duplicate(&aliases[j], &aliases[j - 1])) - continue; + if (j < len - 1 && pmu_alias_is_duplicate(&aliases[j], &aliases[j + 1])) + goto free; print_cb->print_event(print_state, aliases[j].pmu_name, @@ -491,6 +491,7 @@ void perf_pmus__print_pmu_events(const struct print_callbacks *print_cb, void *p aliases[j].desc, aliases[j].long_desc, aliases[j].encoding_desc); +free: zfree(&aliases[j].name); zfree(&aliases[j].alias); zfree(&aliases[j].scale_unit); -- 2.43.0