| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 12 Jun 2023 10:59:34 -0700
From: Ian Rogers <irogers@...gle.com>
To: Arnaldo Carvalho de Melo <acme@...nel.org>
Cc: James Clark <james.clark@....com>,
linux-perf-users@...r.kernel.org,
Peter Zijlstra <peterz@...radead.org>,
Ingo Molnar <mingo@...hat.com>,
Mark Rutland <mark.rutland@....com>,
Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
Jiri Olsa <jolsa@...nel.org>,
Namhyung Kim <namhyung@...nel.org>,
Adrian Hunter <adrian.hunter@...el.com>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] perf map: Fix refcount errors on Arm with -DREFCNT_CHECKING=1
On Mon, Jun 12, 2023 at 10:40 AM Arnaldo Carvalho de Melo
<acme@...nel.org> wrote:
>
> Em Mon, Jun 12, 2023 at 02:29:42PM -0300, Arnaldo Carvalho de Melo escreveu:
> > Em Mon, Jun 12, 2023 at 09:32:30AM -0700, Ian Rogers escreveu:
> > > On Mon, Jun 12, 2023 at 8:05 AM James Clark <james.clark@....com> wrote:
> > > >
> > > > When quitting after running a perf report, the refcount checker finds
> > > > some double frees. The issue is that map__put() is called on a function
> > > > argument so it removes the refcount wrapper that someone else was using.
> > > >
> > > > Fix it by only calling map__put() on a reference that is owned by this
> > > > function.
> > > >
> > > > Signed-off-by: James Clark <james.clark@....com>
> > >
> > > Acked-by: Ian Rogers <irogers@...gle.com>
> > >
> > > > ---
> > > > tools/perf/util/symbol-elf.c | 9 +++++----
> > > > tools/perf/util/symbol.c | 9 +++++----
> > > > 2 files changed, 10 insertions(+), 8 deletions(-)
> > > >
> > > > diff --git a/tools/perf/util/symbol-elf.c b/tools/perf/util/symbol-elf.c
> > > > index 63882a4db5c7..ec0d7810bbb0 100644
> > > > --- a/tools/perf/util/symbol-elf.c
> > > > +++ b/tools/perf/util/symbol-elf.c
> > > > @@ -1365,6 +1365,7 @@ static int dso__process_kernel_symbol(struct dso *dso, struct map *map,
> > > > struct dso *curr_dso = *curr_dsop;
> > > > struct map *curr_map;
> > > > char dso_name[PATH_MAX];
> > > > + struct map *map_ref;
> > >
> > > nit: can we narrow the scope of this by moving it to the scope where it is used.
> >
> > Which is what you did in a patch I already processed, its only in
> > tmp.perf-tools-next as I was going thru the other patches, but this one
> > is there already.
> >
> > I'm checking the tools/perf/util/symbol.c part.
>
> I narrowed the scope and removed the symbol-elf.c part, end result:
>
> From 6fd34445b8c94aa7f519fb0b1ed45c7ef9f6cc4e Mon Sep 17 00:00:00 2001
> From: James Clark <james.clark@....com>
> Date: Mon, 12 Jun 2023 16:04:24 +0100
> Subject: [PATCH 1/1] perf map: Fix double 'struct map' reference free found
> with -DREFCNT_CHECKING=1
>
> When quitting after running a 'perf report', the refcount checker finds
> some double frees. The issue is that map__put() is called on a function
> argument so it removes the refcount wrapper that someone else was using.
>
> Fix it by only calling map__put() on a reference that is owned by this
> function.
>
> Committer notes:
>
> Narrowed the map_ref scope as suggested by Ian, removed the symbol-elf
> part as it was already fixed by another patch, from Ian.
>
> Signed-off-by: James Clark <james.clark@....com>
> Acked-by: Ian Rogers <irogers@...gle.com>
> Cc: Adrian Hunter <adrian.hunter@...el.com>
> Cc: Alexander Shishkin <alexander.shishkin@...ux.intel.com>
> Cc: Ingo Molnar <mingo@...hat.com>
> Cc: Jiri Olsa <jolsa@...nel.org>
> Cc: Mark Rutland <mark.rutland@....com>
> Cc: Namhyung Kim <namhyung@...nel.org>
> Cc: Peter Zijlstra <peterz@...radead.org>
> Link: https://lore.kernel.org/r/20230612150424.198914-1-james.clark@arm.com
> Signed-off-by: Arnaldo Carvalho de Melo <acme@...hat.com>
Thanks Arnaldo! I think we should be able to automate finding these
issues with the warn_unused_result function attribute:
```
diff --git a/tools/perf/util/map.h b/tools/perf/util/map.h
index 66a87b3d9965..2c77c28ff000 100644
--- a/tools/perf/util/map.h
+++ b/tools/perf/util/map.h
@@ -172,7 +172,7 @@ struct map *map__new2(u64 start, struct dso *dso);
void map__delete(struct map *map);
struct map *map__clone(struct map *map);
-static inline struct map *map__get(struct map *map)
+__attribute__ ((warn_unused_result)) static inline struct map
*map__get(struct map *map)
{
struct map *result;
diff --git a/tools/perf/util/maps.h b/tools/perf/util/maps.h
index 83144e0645ed..5b74465316dd 100644
--- a/tools/perf/util/maps.h
+++ b/tools/perf/util/maps.h
@@ -60,7 +60,7 @@ struct maps *maps__new(struct machine *machine);
bool maps__empty(struct maps *maps);
int maps__clone(struct thread *thread, struct maps *parent);
-struct maps *maps__get(struct maps *maps);
+struct maps *maps__get(struct maps *maps) __attribute__ ((warn_unused_result));
void maps__put(struct maps *maps);
static inline void __maps__zput(struct maps **map)
diff --git a/tools/perf/util/namespaces.h b/tools/perf/util/namespaces.h
index 8c0731c6cbb7..04e1878b9551 100644
--- a/tools/perf/util/namespaces.h
+++ b/tools/perf/util/namespaces.h
@@ -50,7 +50,7 @@ int nsinfo__init(struct nsinfo *nsi);
struct nsinfo *nsinfo__new(pid_t pid);
struct nsinfo *nsinfo__copy(const struct nsinfo *nsi);
-struct nsinfo *nsinfo__get(struct nsinfo *nsi);
+struct nsinfo *nsinfo__get(struct nsinfo *nsi) __attribute__
((warn_unused_result));
void nsinfo__put(struct nsinfo *nsi);
bool nsinfo__need_setns(const struct nsinfo *nsi);
diff --git a/tools/perf/util/thread.h b/tools/perf/util/thread.h
index 9068a21ce0fa..c6228252b093 100644
--- a/tools/perf/util/thread.h
+++ b/tools/perf/util/thread.h
@@ -71,7 +71,7 @@ struct thread *thread__new(pid_t pid, pid_t tid);
irogers@...gers-glaptop0:~/kernel.org$ git diff
diff --git a/tools/perf/util/map.h b/tools/perf/util/map.h
index 66a87b3d9965..2c77c28ff000 100644
--- a/tools/perf/util/map.h
+++ b/tools/perf/util/map.h
@@ -172,7 +172,7 @@ struct map *map__new2(u64 start, struct dso *dso);
void map__delete(struct map *map);
struct map *map__clone(struct map *map);
-static inline struct map *map__get(struct map *map)
+__attribute__ ((warn_unused_result)) static inline struct map
*map__get(struct map *map)
{
struct map *result;
diff --git a/tools/perf/util/maps.h b/tools/perf/util/maps.h
index 83144e0645ed..5b74465316dd 100644
--- a/tools/perf/util/maps.h
+++ b/tools/perf/util/maps.h
@@ -60,7 +60,7 @@ struct maps *maps__new(struct machine *machine);
bool maps__empty(struct maps *maps);
int maps__clone(struct thread *thread, struct maps *parent);
-struct maps *maps__get(struct maps *maps);
+struct maps *maps__get(struct maps *maps) __attribute__ ((warn_unused_result));
void maps__put(struct maps *maps);
static inline void __maps__zput(struct maps **map)
diff --git a/tools/perf/util/namespaces.h b/tools/perf/util/namespaces.h
index 8c0731c6cbb7..04e1878b9551 100644
--- a/tools/perf/util/namespaces.h
+++ b/tools/perf/util/namespaces.h
@@ -50,7 +50,7 @@ int nsinfo__init(struct nsinfo *nsi);
struct nsinfo *nsinfo__new(pid_t pid);
struct nsinfo *nsinfo__copy(const struct nsinfo *nsi);
-struct nsinfo *nsinfo__get(struct nsinfo *nsi);
+struct nsinfo *nsinfo__get(struct nsinfo *nsi) __attribute__
((warn_unused_result));
void nsinfo__put(struct nsinfo *nsi);
bool nsinfo__need_setns(const struct nsinfo *nsi);
diff --git a/tools/perf/util/thread.h b/tools/perf/util/thread.h
index 9068a21ce0fa..c6228252b093 100644
--- a/tools/perf/util/thread.h
+++ b/tools/perf/util/thread.h
@@ -71,7 +71,7 @@ struct thread *thread__new(pid_t pid, pid_t tid);
int thread__init_maps(struct thread *thread, struct machine *machine);
void thread__delete(struct thread *thread);
-struct thread *thread__get(struct thread *thread);
+struct thread *thread__get(struct thread *thread) __attribute__
((warn_unused_result));
void thread__put(struct thread *thread);
static inline void __thread__zput(struct thread **thread)
```
This shows the problem like:
```
util/symbol.c: In function ‘dso__load_kcore’:
util/symbol.c:1467:25: error: ignoring return value of ‘map__get’
declared with attribute ‘warn_unused_result’ [-Werror=unused-result]
1467 | map__get(map);
|
```
I double checked and the symbol.c issue was the only one in my build
environment. Using warn_unused_result should be done via compiler.h
which is a bit more than the patch above.
Thanks,
Ian
> ---
> tools/perf/util/symbol.c | 10 ++++++----
> 1 file changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/tools/perf/util/symbol.c b/tools/perf/util/symbol.c
> index 6b9c55784b56a4be..d275d3bef7d54a40 100644
> --- a/tools/perf/util/symbol.c
> +++ b/tools/perf/util/symbol.c
> @@ -1458,16 +1458,18 @@ static int dso__load_kcore(struct dso *dso, struct map *map,
> list_del_init(&new_node->node);
>
> if (RC_CHK_ACCESS(new_map) == RC_CHK_ACCESS(replacement_map)) {
> + struct map *map_ref;
> +
> map__set_start(map, map__start(new_map));
> map__set_end(map, map__end(new_map));
> map__set_pgoff(map, map__pgoff(new_map));
> map__set_map_ip(map, map__map_ip_ptr(new_map));
> map__set_unmap_ip(map, map__unmap_ip_ptr(new_map));
> /* Ensure maps are correctly ordered */
> - map__get(map);
> - maps__remove(kmaps, map);
> - err = maps__insert(kmaps, map);
> - map__put(map);
> + map_ref = map__get(map);
> + maps__remove(kmaps, map_ref);
> + err = maps__insert(kmaps, map_ref);
> + map__put(map_ref);
> map__put(new_map);
> if (err)
> goto out_err;
> --
> 2.37.1
>
Powered by blists - more mailing lists