lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Aug 2019 19:00:54 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-kernel@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, stable@...r.kernel.org, Numfor Mbiziwo-Tiapo <nums@...gle.com>, Jiri Olsa <jolsa@...nel.org>, Alexander Shishkin <alexander.shishkin@...ux.intel.com>, Ian Rogers <irogers@...gle.com>, Mark Drayton <mbd@...com>, Namhyung Kim <namhyung@...nel.org>, Peter Zijlstra <peterz@...radead.org>, Song Liu <songliubraving@...com>, Stephane Eranian <eranian@...gle.com>, Arnaldo Carvalho de Melo <acme@...hat.com>, Sasha Levin <sashal@...nel.org> Subject: [PATCH 5.2 098/144] perf stat: Fix segfault for event group in repeat mode [ Upstream commit 08ef3af1579d0446db1c1bd08e2c42565addf10f ] Numfor Mbiziwo-Tiapo reported segfault on stat of event group in repeat mode: # perf stat -e '{cycles,instructions}' -r 10 ls It's caused by memory corruption due to not cleaned evsel's id array and index, which needs to be rebuilt in every stat iteration. Currently the ids index grows, while the array (which is also not freed) has the same size. Fixing this by releasing id array and zeroing ids index in perf_evsel__close function. We also need to keep the evsel_list alive for stat record (which is disabled in repeat mode). Reported-by: Numfor Mbiziwo-Tiapo <nums@...gle.com> Signed-off-by: Jiri Olsa <jolsa@...nel.org> Cc: Alexander Shishkin <alexander.shishkin@...ux.intel.com> Cc: Ian Rogers <irogers@...gle.com> Cc: Mark Drayton <mbd@...com> Cc: Namhyung Kim <namhyung@...nel.org> Cc: Peter Zijlstra <peterz@...radead.org> Cc: Song Liu <songliubraving@...com> Cc: Stephane Eranian <eranian@...gle.com> Link: http://lkml.kernel.org/r/20190715142121.GC6032@krava Signed-off-by: Arnaldo Carvalho de Melo <acme@...hat.com> Signed-off-by: Sasha Levin <sashal@...nel.org> --- tools/perf/builtin-stat.c | 9 ++++++++- tools/perf/util/evsel.c | 2 ++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/tools/perf/builtin-stat.c b/tools/perf/builtin-stat.c index e28002d905738..c6c550dbb9479 100644 --- a/tools/perf/builtin-stat.c +++ b/tools/perf/builtin-stat.c @@ -607,7 +607,13 @@ static int __run_perf_stat(int argc, const char **argv, int run_idx) * group leaders. */ read_counters(&(struct timespec) { .tv_nsec = t1-t0 }); - perf_evlist__close(evsel_list); + + /* + * We need to keep evsel_list alive, because it's processed + * later the evsel_list will be closed after. + */ + if (!STAT_RECORD) + perf_evlist__close(evsel_list); return WEXITSTATUS(status); } @@ -1922,6 +1928,7 @@ int cmd_stat(int argc, const char **argv) perf_session__write_header(perf_stat.session, evsel_list, fd, true); } + perf_evlist__close(evsel_list); perf_session__delete(perf_stat.session); } diff --git a/tools/perf/util/evsel.c b/tools/perf/util/evsel.c index 2c46f9aa416c6..b854541604df5 100644 --- a/tools/perf/util/evsel.c +++ b/tools/perf/util/evsel.c @@ -1282,6 +1282,7 @@ static void perf_evsel__free_id(struct perf_evsel *evsel) xyarray__delete(evsel->sample_id); evsel->sample_id = NULL; zfree(&evsel->id); + evsel->ids = 0; } static void perf_evsel__free_config_terms(struct perf_evsel *evsel) @@ -2074,6 +2075,7 @@ void perf_evsel__close(struct perf_evsel *evsel) perf_evsel__close_fd(evsel); perf_evsel__free_fd(evsel); + perf_evsel__free_id(evsel); } int perf_evsel__open_per_cpu(struct perf_evsel *evsel, -- 2.20.1
Powered by blists - more mailing lists