From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D5C24143747; Thu, 13 Jun 2024 12:19:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718281177; cv=none; b=tOsCNcOfFl5j80lgVteJklkroULJtPoBwpr1bfIopAfxA8qz+yXRKpfch43JMaBY7tDVI19y1VJck6nC+wBs9PVlyrAKj9+kH61ssNeGLu5PGuX21PZ41JXv3eMuuZeHlbpe2VT2jhIyHKu7Eg49WzXzUJomnpgm737Od0ulqhw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718281177; c=relaxed/simple; bh=gPSb3zpkOMC12uPi6gAPjJRBPOZcmWBWpuUVV2XOLSI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=PTEL5CNRpSEmZAvmYq7aATrihwrfSMtNvKiddTFgYW0/IphdaIq+0TsnoKkabwKCYSclkqnp7BjZv1B9xH/i7oYvHfu6PKVrRiqMZYJk0M1TsFs6jikrIrbPvkmCTZcjoYxrWgFn/Lf/Bc1byWus7yTmKHhQKqQvo2uy50ND2f8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=NR4N2cqA; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="NR4N2cqA" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2F8EDC2BBFC; Thu, 13 Jun 2024 12:19:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1718281177; bh=gPSb3zpkOMC12uPi6gAPjJRBPOZcmWBWpuUVV2XOLSI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=NR4N2cqA6fkAzI5N0wXzxgqkMHmWTE1vVouYckjE6oes+Egs9GFyx2i27qmp2gT4F Fz0PTzF/Mdl1Pk8fy8Nvng03D1//+LBzPhLGJjPaUbcakAUg+cGfs3MdOQ1DpOrMLS owDOBMPSdsnPbquz08jUbk+rQfN7mGLyaxP7gk8A= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Ian Rogers , Adrian Hunter , Alexander Shishkin , Athira Rajeev , Christian Brauner , Disha Goel , Ingo Molnar , James Clark , Jiri Olsa , Kajol Jain , Kan Liang , K Prateek Nayak , Mark Rutland , Namhyung Kim , Peter Zijlstra , Song Liu , Tim Chen , Yicong Yang , Arnaldo Carvalho de Melo , Sasha Levin Subject: [PATCH 5.10 136/317] perf record: Delete session after stopping sideband thread Date: Thu, 13 Jun 2024 13:32:34 +0200 Message-ID: <20240613113252.822022527@linuxfoundation.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240613113247.525431100@linuxfoundation.org> References: <20240613113247.525431100@linuxfoundation.org> User-Agent: quilt/0.67 X-stable: review X-Patchwork-Hint: ignore Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit 5.10-stable review patch. If anyone has any objections, please let me know. ------------------ From: Ian Rogers [ Upstream commit 88ce0106a1f603bf360cb397e8fe293f8298fabb ] The session has a header in it which contains a perf env with bpf_progs. The bpf_progs are accessed by the sideband thread and so the sideband thread must be stopped before the session is deleted, to avoid a use after free. This error was detected by AddressSanitizer in the following: ==2054673==ERROR: AddressSanitizer: heap-use-after-free on address 0x61d000161e00 at pc 0x55769289de54 bp 0x7f9df36d4ab0 sp 0x7f9df36d4aa8 READ of size 8 at 0x61d000161e00 thread T1 #0 0x55769289de53 in __perf_env__insert_bpf_prog_info util/env.c:42 #1 0x55769289dbb1 in perf_env__insert_bpf_prog_info util/env.c:29 #2 0x557692bbae29 in perf_env__add_bpf_info util/bpf-event.c:483 #3 0x557692bbb01a in bpf_event__sb_cb util/bpf-event.c:512 #4 0x5576928b75f4 in perf_evlist__poll_thread util/sideband_evlist.c:68 #5 0x7f9df96a63eb in start_thread nptl/pthread_create.c:444 #6 0x7f9df9726a4b in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81 0x61d000161e00 is located 384 bytes inside of 2136-byte region [0x61d000161c80,0x61d0001624d8) freed by thread T0 here: #0 0x7f9dfa6d7288 in __interceptor_free libsanitizer/asan/asan_malloc_linux.cpp:52 #1 0x557692978d50 in perf_session__delete util/session.c:319 #2 0x557692673959 in __cmd_record tools/perf/builtin-record.c:2884 #3 0x55769267a9f0 in cmd_record tools/perf/builtin-record.c:4259 #4 0x55769286710c in run_builtin tools/perf/perf.c:349 #5 0x557692867678 in handle_internal_command tools/perf/perf.c:402 #6 0x557692867a40 in run_argv tools/perf/perf.c:446 #7 0x557692867fae in main tools/perf/perf.c:562 #8 0x7f9df96456c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 Fixes: 657ee5531903339b ("perf evlist: Introduce side band thread") Signed-off-by: Ian Rogers Cc: Adrian Hunter Cc: Alexander Shishkin Cc: Athira Rajeev Cc: Christian Brauner Cc: Disha Goel Cc: Ingo Molnar Cc: James Clark Cc: Jiri Olsa Cc: Kajol Jain Cc: Kan Liang Cc: K Prateek Nayak Cc: Mark Rutland Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Song Liu Cc: Tim Chen Cc: Yicong Yang Link: https://lore.kernel.org/r/20240301074639.2260708-1-irogers@google.com Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Sasha Levin --- tools/perf/builtin-record.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/perf/builtin-record.c b/tools/perf/builtin-record.c index a7d9f00382d9f..44bd12aa0e062 100644 --- a/tools/perf/builtin-record.c +++ b/tools/perf/builtin-record.c @@ -2063,10 +2063,10 @@ static int __cmd_record(struct record *rec, int argc, const char **argv) close(done_fd); #endif zstd_fini(&session->zstd_data); - perf_session__delete(session); - if (!opts->no_bpf_event) evlist__stop_sb_thread(rec->sb_evlist); + + perf_session__delete(session); return status; } -- 2.43.0