lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <ef9af950-84d7-408c-8f1d-e9e75c6dc561@linaro.org>
Date: Wed, 24 Dec 2025 11:48:16 +0000
From: James Clark <james.clark@...aro.org>
To: Haoxiang Li <lihaoxiang@...c.iscas.ac.cn>
Cc: acme@...nel.org, adrian.hunter@...el.com,
 alexander.shishkin@...ux.intel.com, irogers@...gle.com, jolsa@...nel.org,
 linux-kernel@...r.kernel.org, linux-perf-users@...r.kernel.org,
 mark.rutland@....com, mingo@...hat.com, namhyung@...nel.org,
 peterz@...radead.org, yuzhuo@...gle.com
Subject: Re: [PATCH] perf jit: close agent in Agent_OnLoad()



On 24/12/2025 11:39 am, Haoxiang Li wrote:
> On Wed, 24 Dec 2025 10:39:18 +0000, James Clark wrote:
>> Does this actually do anything? jvmti_close() is already called in
>> Agent_OnUnload().
> 
> I think Agent_OnUnload() is not called if Agent_Onload() fails, so it
> is necessary to release the resource.
> 

The docs say otherwise and suggest that VMDeath() is actually the one 
that wouldn't be called if startup was unsuccessful. But 
Agent_OnUnload() is always called:

  this function will be called if some platform specific mechanism causes
  the unload (an unload mechanism is not specified in this document) or
  the library is (in effect) unloaded by the termination of the VM
  whether through normal termination or VM failure, including start-up
  failure. ...  Note the distinction between this function and the VM
  Death event: for the VM Death event to be sent, the VM must have run at
  least to the point of initialization

>> The commit message is lacking any details about how this was found or
>> what the effect is.
> 
> Sorry for that. I found it by a static analyzer prototype and comfirmed
> by manual review. I think it leads to a resource leak.
> 
> If this is ok, I modify the changelog and resubmit it.
> 

I don't think it's enough, you have to actually run the code that you 
submit. For all we know it results in some double free and makes it worse.

> Thanks,
> Haoxiang Li
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ