Re: [PATCH] perf data: Fix double free in perf_session__delete

From: Arnaldo Carvalho de Melo
Date: Fri Feb 18 2022 - 07:39:23 EST

Next message: Pighin, Anthony (Nokia - CA/Ottawa): "RE: PROBLEM: kasprintf WARN() seen during AMD XGBE debugfs creation on renaming race"
Previous message: Hans Verkuil: "Re: [PATCH 5/5] spi: make remove callback a void function"
In reply to: Alexey Bayduraev: "[PATCH] perf data: Fix double free in perf_session__delete"
Next in thread: Arnaldo Carvalho de Melo: "Re: [PATCH] perf data: Fix double free in perf_session__delete"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Em Fri, Feb 18, 2022 at 02:30:08PM +0300, Alexey Bayduraev escreveu:
> When perf_data__create_dir fails, it calls close_dir, but
> perf_session__delete also calls close_dir and since dir.version and
> dir.nr was initialized by perf_data__create_dir, a double free occurs.
> This patch moves the initialization of dir.version and dir.nr after
> successful initialization of dir.files, that prevents double freeing.
> This behavior is already implemented in perf_data__open_dir. The patch
> also adds a missing error message in case data directory creation fails.

Is this for perf/urgent or for perf/core? Probably perf/core as that
record__threads_enabled(rec) call hints.

Please state for which branch the patch should be applied, something
like;

[PATCH next] perf data: Fix double free in perf_session__delete()

Or:

[PATCH urgent] perf data: Fix double free in perf_session__delete()

- Arnaldo

> Signed-off-by: Alexey Bayduraev <alexey.v.bayduraev@xxxxxxxxxxxxxxx>
> ---
> tools/perf/builtin-record.c | 4 +++-
> tools/perf/util/data.c | 7 +++----
> 2 files changed, 6 insertions(+), 5 deletions(-)
>
> diff --git a/tools/perf/builtin-record.c b/tools/perf/builtin-record.c
> index 0bc6529814b2..0306d5911de2 100644
> --- a/tools/perf/builtin-record.c
> +++ b/tools/perf/builtin-record.c
> @@ -1186,8 +1186,10 @@ static int record__mmap_evlist(struct record *rec,
>
> if (record__threads_enabled(rec)) {
> ret = perf_data__create_dir(&rec->data, evlist->core.nr_mmaps);
> - if (ret)
> + if (ret) {
> + pr_err("Failed to create data directory: %s\n", strerror(errno));
> return ret;
> + }
> for (i = 0; i < evlist->core.nr_mmaps; i++) {
> if (evlist->mmap)
> evlist->mmap[i].file = &rec->data.dir.files[i];
> diff --git a/tools/perf/util/data.c b/tools/perf/util/data.c
> index f5d260b1df4d..15a4547d608e 100644
> --- a/tools/perf/util/data.c
> +++ b/tools/perf/util/data.c
> @@ -44,10 +44,6 @@ int perf_data__create_dir(struct perf_data *data, int nr)
> if (!files)
> return -ENOMEM;
>
> - data->dir.version = PERF_DIR_VERSION;
> - data->dir.files = files;
> - data->dir.nr = nr;
> -
> for (i = 0; i < nr; i++) {
> struct perf_data_file *file = &files[i];
>
> @@ -62,6 +58,9 @@ int perf_data__create_dir(struct perf_data *data, int nr)
> file->fd = ret;
> }
>
> + data->dir.version = PERF_DIR_VERSION;
> + data->dir.files = files;
> + data->dir.nr = nr;
> return 0;
>
> out_err:
> --
> 2.19.0

--

- Arnaldo

Next message: Pighin, Anthony (Nokia - CA/Ottawa): "RE: PROBLEM: kasprintf WARN() seen during AMD XGBE debugfs creation on renaming race"
Previous message: Hans Verkuil: "Re: [PATCH 5/5] spi: make remove callback a void function"
In reply to: Alexey Bayduraev: "[PATCH] perf data: Fix double free in perf_session__delete"
Next in thread: Arnaldo Carvalho de Melo: "Re: [PATCH] perf data: Fix double free in perf_session__delete"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]