linux-kernel - [PATCH] perf map: Fix namespace memory leak

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-Id: <20211118193714.2293728-1-irogers@google.com>
Date:   Thu, 18 Nov 2021 11:37:14 -0800
From:   Ian Rogers <irogers@...gle.com>
To:     Peter Zijlstra <peterz@...radead.org>,
        Ingo Molnar <mingo@...hat.com>,
        Arnaldo Carvalho de Melo <acme@...nel.org>,
        Mark Rutland <mark.rutland@....com>,
        Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
        Jiri Olsa <jolsa@...hat.com>,
        Namhyung Kim <namhyung@...nel.org>,
        linux-perf-users@...r.kernel.org, linux-kernel@...r.kernel.org
Cc:     Stephane Eranian <eranian@...gle.com>,
        Ian Rogers <irogers@...gle.com>
Subject: [PATCH] perf map: Fix namespace memory leak

This leak was happening reliably with test "Lookup mmap thread" with
stack traces like:

Direct leak of 5504 byte(s) in 172 object(s) allocated from:
    #0 0x7f4685e47987 in __interceptor_calloc
    #1 0x56063b974c2a in nsinfo__new util/namespaces.c:142
    #2 0x56063b9781ff in thread__new util/thread.c:70
    #3 0x56063b944953 in ____machine__findnew_thread util/machine.c:543
    #4 0x56063b944ac6 in __machine__findnew_thread util/machine.c:574
    #5 0x56063b944b36 in machine__findnew_thread util/machine.c:584
    #6 0x56063b94c892 in machine__process_fork_event util/machine.c:1954
    #7 0x56063b94cc1f in machine__process_event util/machine.c:2019
    #8 0x56063b894f18 in perf_event__process util/event.c:567
    #9 0x56063ba17951 in perf_tool__process_synth_event util/synthetic-events.c:65
    #10 0x56063ba19086 in perf_event__synthesize_fork util/synthetic-events.c:287
    #11 0x56063ba1c39d in __event__synthesize_thread util/synthetic-events.c:775
    #12 0x56063ba1cf6f in __perf_event__synthesize_threads util/synthetic-events.c:929
    #13 0x56063ba1d4ab in perf_event__synthesize_threads util/synthetic-events.c:1000
    #14 0x56063b821a3d in synth_all tests/mmap-thread-lookup.c:136
    #15 0x56063b821c86 in mmap_events tests/mmap-thread-lookup.c:174
    #16 0x56063b8221b7 in test__mmap_thread_lookup tests/mmap-thread-lookup.c:230

The dso->nsinfo is overwritten, but without a nsinfo__put this can leak
the overwritten nsinfo.

Signed-off-by: Ian Rogers <irogers@...gle.com>
---
 tools/perf/util/map.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tools/perf/util/map.c b/tools/perf/util/map.c
index 8af693d9678c..ceed8f407bc0 100644
--- a/tools/perf/util/map.c
+++ b/tools/perf/util/map.c
@@ -192,6 +192,7 @@ struct map *map__new(struct machine *machine, u64 start, u64 len,
 			if (!(prot & PROT_EXEC))
 				dso__set_loaded(dso);
 		}
+		nsinfo__put(dso->nsinfo);
 		dso->nsinfo = nsi;
 
 		if (build_id__is_defined(bid))
-- 
2.34.0.rc2.393.gf8c9666880-goog