linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] perf tools: Fix possible double free on error
@ 2015-03-04 10:01 He Kuang
  2015-03-04 12:46 ` Masami Hiramatsu
  2015-03-14  7:04 ` [tip:perf/core] perf probe: " tip-bot for He Kuang
  0 siblings, 2 replies; 4+ messages in thread
From: He Kuang @ 2015-03-04 10:01 UTC (permalink / raw)
  To: masami.hiramatsu.pt; +Cc: acme, mingo, a.p.zijlstra, wangnan0, linux-kernel

A double free occurred when get source file path failed. If lr->path
failed to assign a new value, it will be freed as the old path and then
be freed again during line_range__clear(), and causes this:

  $ perf probe -L do_execve -k vmlinux
  *** Error in `/usr/bin/perf': double free or corruption (fasttop):
      0x0000000000a9ac50 ***
  ======= Backtrace: =========
  ../lib64/libc.so.6(+0x6eeef)[0x7ffff5e44eef]
  ../lib64/libc.so.6(+0x78cae)[0x7ffff5e4ecae]
  ../lib64/libc.so.6(+0x79987)[0x7ffff5e4f987]
  ../bin/perf[0x4ab41f]
  ...

This patch fix this problem.

Signed-off-by: He Kuang <hekuang@huawei.com>
---
 tools/perf/util/probe-event.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/tools/perf/util/probe-event.c b/tools/perf/util/probe-event.c
index 919937e..7df30bd 100644
--- a/tools/perf/util/probe-event.c
+++ b/tools/perf/util/probe-event.c
@@ -650,7 +650,11 @@ static int __show_line_range(struct line_range *lr, const char *module)
 	/* Convert source file path */
 	tmp = lr->path;
 	ret = get_real_path(tmp, lr->comp_dir, &lr->path);
-	free(tmp);	/* Free old path */
+
+	/* Free old path when new path is assigned */
+	if (tmp != lr->path)
+		free(tmp);
+
 	if (ret < 0) {
 		pr_warning("Failed to find source file path.\n");
 		return ret;
-- 
2.2.0.33.gc18b867


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH] perf tools: Fix possible double free on error
  2015-03-04 10:01 [PATCH] perf tools: Fix possible double free on error He Kuang
@ 2015-03-04 12:46 ` Masami Hiramatsu
  2015-03-10  3:35   ` He Kuang
  2015-03-14  7:04 ` [tip:perf/core] perf probe: " tip-bot for He Kuang
  1 sibling, 1 reply; 4+ messages in thread
From: Masami Hiramatsu @ 2015-03-04 12:46 UTC (permalink / raw)
  To: He Kuang; +Cc: acme, mingo, a.p.zijlstra, wangnan0, linux-kernel

(2015/03/04 19:01), He Kuang wrote:
> A double free occurred when get source file path failed. If lr->path
> failed to assign a new value, it will be freed as the old path and then
> be freed again during line_range__clear(), and causes this:
> 
>   $ perf probe -L do_execve -k vmlinux
>   *** Error in `/usr/bin/perf': double free or corruption (fasttop):
>       0x0000000000a9ac50 ***
>   ======= Backtrace: =========
>   ../lib64/libc.so.6(+0x6eeef)[0x7ffff5e44eef]
>   ../lib64/libc.so.6(+0x78cae)[0x7ffff5e4ecae]
>   ../lib64/libc.so.6(+0x79987)[0x7ffff5e4f987]
>   ../bin/perf[0x4ab41f]
>   ...
> 
> This patch fix this problem.

Good catch!

Acked-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>

Thank you,

> 
> Signed-off-by: He Kuang <hekuang@huawei.com>
> ---
>  tools/perf/util/probe-event.c | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/tools/perf/util/probe-event.c b/tools/perf/util/probe-event.c
> index 919937e..7df30bd 100644
> --- a/tools/perf/util/probe-event.c
> +++ b/tools/perf/util/probe-event.c
> @@ -650,7 +650,11 @@ static int __show_line_range(struct line_range *lr, const char *module)
>  	/* Convert source file path */
>  	tmp = lr->path;
>  	ret = get_real_path(tmp, lr->comp_dir, &lr->path);
> -	free(tmp);	/* Free old path */
> +
> +	/* Free old path when new path is assigned */
> +	if (tmp != lr->path)
> +		free(tmp);
> +
>  	if (ret < 0) {
>  		pr_warning("Failed to find source file path.\n");
>  		return ret;
> 


-- 
Masami HIRAMATSU
Software Platform Research Dept. Linux Technology Research Center
Hitachi, Ltd., Yokohama Research Laboratory
E-mail: masami.hiramatsu.pt@hitachi.com



^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] perf tools: Fix possible double free on error
  2015-03-04 12:46 ` Masami Hiramatsu
@ 2015-03-10  3:35   ` He Kuang
  0 siblings, 0 replies; 4+ messages in thread
From: He Kuang @ 2015-03-10  3:35 UTC (permalink / raw)
  To: Masami Hiramatsu, acme, mingo, a.p.zijlstra,
	namhyung@kernel.org >> Namhyung Kim
  Cc: wangnan0, linux-kernel

Hi,

It seems this patch not appeared in any repo, so ping..

On 2015/3/4 20:46, Masami Hiramatsu wrote:
> (2015/03/04 19:01), He Kuang wrote:
>> A double free occurred when get source file path failed. If lr->path
>> failed to assign a new value, it will be freed as the old path and then
>> be freed again during line_range__clear(), and causes this:
>>
>>    $ perf probe -L do_execve -k vmlinux
>>    *** Error in `/usr/bin/perf': double free or corruption (fasttop):
>>        0x0000000000a9ac50 ***
>>    ======= Backtrace: =========
>>    ../lib64/libc.so.6(+0x6eeef)[0x7ffff5e44eef]
>>    ../lib64/libc.so.6(+0x78cae)[0x7ffff5e4ecae]
>>    ../lib64/libc.so.6(+0x79987)[0x7ffff5e4f987]
>>    ../bin/perf[0x4ab41f]
>>    ...
>>
>> This patch fix this problem.
> Good catch!
>
> Acked-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
>
> Thank you,
>
>> Signed-off-by: He Kuang <hekuang@huawei.com>
>> ---
>>   tools/perf/util/probe-event.c | 6 +++++-
>>   1 file changed, 5 insertions(+), 1 deletion(-)
>>
>> diff --git a/tools/perf/util/probe-event.c b/tools/perf/util/probe-event.c
>> index 919937e..7df30bd 100644
>> --- a/tools/perf/util/probe-event.c
>> +++ b/tools/perf/util/probe-event.c
>> @@ -650,7 +650,11 @@ static int __show_line_range(struct line_range *lr, const char *module)
>>   	/* Convert source file path */
>>   	tmp = lr->path;
>>   	ret = get_real_path(tmp, lr->comp_dir, &lr->path);
>> -	free(tmp);	/* Free old path */
>> +
>> +	/* Free old path when new path is assigned */
>> +	if (tmp != lr->path)
>> +		free(tmp);
>> +
>>   	if (ret < 0) {
>>   		pr_warning("Failed to find source file path.\n");
>>   		return ret;
>>
>



^ permalink raw reply	[flat|nested] 4+ messages in thread
* [tip:perf/core] perf probe: Fix possible double free on error
  2015-03-04 10:01 [PATCH] perf tools: Fix possible double free on error He Kuang
  2015-03-04 12:46 ` Masami Hiramatsu
@ 2015-03-14  7:04 ` tip-bot for He Kuang
  1 sibling, 0 replies; 4+ messages in thread
From: tip-bot for He Kuang @ 2015-03-14  7:04 UTC (permalink / raw)
  To: linux-tip-commits
  Cc: mingo, linux-kernel, masami.hiramatsu.pt, a.p.zijlstra, acme,
	hekuang, wangnan0, tglx, mingo, hpa

Commit-ID:  a78604defffbc1da1497a8c8b48275b723eb5946
Gitweb:     http://git.kernel.org/tip/a78604defffbc1da1497a8c8b48275b723eb5946
Author:     He Kuang <hekuang@huawei.com>
AuthorDate: Wed, 4 Mar 2015 18:01:42 +0800
Committer:  Arnaldo Carvalho de Melo <acme@redhat.com>
CommitDate: Thu, 12 Mar 2015 12:39:58 -0300

perf probe: Fix possible double free on error

A double free occurred when get source file path failed. If lr->path
failed to assign a new value, it will be freed as the old path and then
be freed again during line_range__clear(), and causes this:

  $ perf probe -L do_execve -k vmlinux
  *** Error in `/usr/bin/perf': double free or corruption (fasttop):
      0x0000000000a9ac50 ***
  ======= Backtrace: =========
  ../lib64/libc.so.6(+0x6eeef)[0x7ffff5e44eef]
  ../lib64/libc.so.6(+0x78cae)[0x7ffff5e4ecae]
  ../lib64/libc.so.6(+0x79987)[0x7ffff5e4f987]
  ../bin/perf[0x4ab41f]
  ...

This patch fix this problem.

Signed-off-by: He Kuang <hekuang@huawei.com>
Acked-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Wang Nan <wangnan0@huawei.com>
Link: http://lkml.kernel.org/r/1425463302-1687-1-git-send-email-hekuang@huawei.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
---
 tools/perf/util/probe-event.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/tools/perf/util/probe-event.c b/tools/perf/util/probe-event.c
index 8af8e7f..e2bf620 100644
--- a/tools/perf/util/probe-event.c
+++ b/tools/perf/util/probe-event.c
@@ -790,7 +790,11 @@ static int __show_line_range(struct line_range *lr, const char *module,
 	/* Convert source file path */
 	tmp = lr->path;
 	ret = get_real_path(tmp, lr->comp_dir, &lr->path);
-	free(tmp);	/* Free old path */
+
+	/* Free old path when new path is assigned */
+	if (tmp != lr->path)
+		free(tmp);
+
 	if (ret < 0) {
 		pr_warning("Failed to find source file path.\n");
 		return ret;

^ permalink raw reply related	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-03-14  7:05 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-03-04 10:01 [PATCH] perf tools: Fix possible double free on error He Kuang
2015-03-04 12:46 ` Masami Hiramatsu
2015-03-10  3:35   ` He Kuang
2015-03-14  7:04 ` [tip:perf/core] perf probe: " tip-bot for He Kuang

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).