From: Arnaldo Carvalho de Melo <acme@kernel.org>
To: sashiko-reviews@lists.linux.dev
Cc: Namhyung Kim <namhyung@kernel.org>, linux-perf-users@vger.kernel.org
Subject: Re: [PATCH 4/4] perf timechart: Remove unnecessary copy of backtrace
Date: Thu, 4 Jun 2026 17:15:02 -0300 [thread overview]
Message-ID: <aiHcxl4rHnvkcUkK@x1> (raw)
In-Reply-To: <20260604191818.352171F00893@smtp.kernel.org>
On Thu, Jun 04, 2026 at 07:18:17PM +0000, sashiko-bot@kernel.org wrote:
> Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
> - [Medium] Removing `free(backtrace)` causes severe memory leaks when the backtrace string is not consumed by the sample tracking logic.
> --
From a quick look the suggestions seems legit, will wait for v2 then.
- Arnaldo
> commit 8d24fd58d3a0d2702142c45fce31ca640b59f748
> Author: Namhyung Kim <namhyung@kernel.org>
>
> perf timechart: Remove unnecessary copy of backtrace
>
> This commit updates timechart to use the backtrace string directly instead
> of duplicating it with strdup(). It updates pid_put_sample() and
> sched_wakeup() to store the original pointer and removes the free()
> calls in the process_sample routines.
>
> > diff --git a/tools/perf/builtin-timechart.c b/tools/perf/builtin-timechart.c
> > index 4efac73a714c5..2fd24d3aaa837 100644
> > --- a/tools/perf/builtin-timechart.c
> > +++ b/tools/perf/builtin-timechart.c
>
> [ ... ]
>
> > @@ -434,7 +434,7 @@ static void sched_wakeup(struct timechart *tchart, int cpu, u64 timestamp,
> >
> > we->time = timestamp;
> > we->waker = waker;
> > - we->backtrace = backtrace ? strdup(backtrace) : NULL;
> > + we->backtrace = backtrace;
>
> [Severity: Medium]
> Does this leak the dynamically allocated backtrace string from
> cat_backtrace() if the wake_event allocation fails?
>
> tools/perf/builtin-timechart.c:sched_wakeup() {
> struct wake_event *we = zalloc(sizeof(*we));
>
> if (!we)
> return;
> ...
> }
>
> Because the unconditional free() was removed from
> process_sample_sched_wakeup(), the backtrace pointer is dropped and
> leaked if zalloc() fails.
>
> >
> > if ((flags & TRACE_FLAG_HARDIRQ) || (flags & TRACE_FLAG_SOFTIRQ))
> > we->waker = -1;
>
> [ ... ]
>
> > @@ -678,7 +677,6 @@ process_sample_sched_switch(struct timechart *tchart,
> > backtrace = cat_backtrace(sample, &tchart->session->machines.host);
> > sched_switch(tchart, sample->cpu, sample->time, prev_pid, next_pid,
> > prev_state, backtrace);
> > - free((char *)backtrace);
>
> [Severity: Medium]
> Will this leak the backtrace string if sched_switch() does not consume it?
>
> tools/perf/builtin-timechart.c:sched_switch() {
> if (prev_p->current && prev_p->current->state != TYPE_NONE)
> pid_put_sample(tchart, prev_pid, TYPE_RUNNING, cpu,
> prev_p->current->state_since, timestamp,
> backtrace);
>
> if (p && p->current) {
> if (p->current->state != TYPE_NONE)
> pid_put_sample(tchart, next_pid, p->current->state, cpu,
> p->current->state_since, timestamp,
> backtrace);
> }
> ...
> }
>
> If both TYPE_NONE conditions evaluate to true, pid_put_sample() is not
> called. The backtrace string goes unreferenced and is permanently lost
> now that the unconditional free() has been removed.
>
> > return 0;
> > }
> >
>
> --
> Sashiko AI review · https://sashiko.dev/#/patchset/20260604190812.2168118-1-namhyung@kernel.org?part=4
next prev parent reply other threads:[~2026-06-04 20:15 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-04 19:08 [PATCH 0/4] perf timechart: Small optimization for backtrace Namhyung Kim
2026-06-04 19:08 ` [PATCH 1/4] perf timechart: Don't pass @event to cat_backtrace() Namhyung Kim
2026-06-04 19:08 ` [PATCH 2/4] perf timechart: Generate backtrace only if needed Namhyung Kim
2026-06-04 19:08 ` [PATCH 3/4] perf timechart: Remove unused backtrace in trace_handler Namhyung Kim
2026-06-04 19:08 ` [PATCH 4/4] perf timechart: Remove unnecessary copy of backtrace Namhyung Kim
2026-06-04 19:18 ` sashiko-bot
2026-06-04 20:15 ` Arnaldo Carvalho de Melo [this message]
2026-06-04 21:45 ` Namhyung Kim
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aiHcxl4rHnvkcUkK@x1 \
--to=acme@kernel.org \
--cc=linux-perf-users@vger.kernel.org \
--cc=namhyung@kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox