From: Arnaldo Carvalho de Melo <[email protected]>
[ Upstream commit 7fcdccd4237724931d9773d1e3039bfe053a6f52 ]
When applying a patch by Ian I incorrectly converted to zfree() an
expression that involved testing some other struct member, not the one
being freed, which lead to bugs reproduceable by:
$ perf stat -e i/bs,tsc,L2/o sleep 1
WARNING: multiple event parsing errors
Segmentation fault (core dumped)
$
Fix it by restoring the test for pos->free_str before freeing
pos->val.str, but continue using zfree(&pos->val.str) to set that member
to NULL after freeing it.
Reported-by: Ian Rogers <[email protected]>
Fixes: e8dfb81838b1 ("perf parse-events: Fix memory leaks found on parse_events")
Cc: Adrian Hunter <[email protected]>
Cc: Alexander Shishkin <[email protected]>
Cc: Andi Kleen <[email protected]>
Cc: [email protected]
Cc: Jiri Olsa <[email protected]>
Cc: Leo Yan <[email protected]>
Cc: Mark Rutland <[email protected]>
Cc: Namhyung Kim <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Stephane Eranian <[email protected]>
Signed-off-by: Arnaldo Carvalho de Melo <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
tools/perf/util/parse-events.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tools/perf/util/parse-events.c b/tools/perf/util/parse-events.c
index 2733cdfdf04c6..ba973bdfaa657 100644
--- a/tools/perf/util/parse-events.c
+++ b/tools/perf/util/parse-events.c
@@ -1258,7 +1258,8 @@ static int __parse_events_add_pmu(struct parse_events_state *parse_state,
list_for_each_entry_safe(pos, tmp, &config_terms, list) {
list_del_init(&pos->list);
- zfree(&pos->val.str);
+ if (pos->free_str)
+ zfree(&pos->val.str);
free(pos);
}
return -EINVAL;
--
2.25.1
On Fri, 18 Sep 2020 at 08:00, Sasha Levin <[email protected]> wrote:
>
> From: Arnaldo Carvalho de Melo <[email protected]>
>
> [ Upstream commit 7fcdccd4237724931d9773d1e3039bfe053a6f52 ]
>
> When applying a patch by Ian I incorrectly converted to zfree() an
> expression that involved testing some other struct member, not the one
> being freed, which lead to bugs reproduceable by:
>
> $ perf stat -e i/bs,tsc,L2/o sleep 1
> WARNING: multiple event parsing errors
> Segmentation fault (core dumped)
> $
>
> Fix it by restoring the test for pos->free_str before freeing
> pos->val.str, but continue using zfree(&pos->val.str) to set that member
> to NULL after freeing it.
>
> Reported-by: Ian Rogers <[email protected]>
> Fixes: e8dfb81838b1 ("perf parse-events: Fix memory leaks found on parse_events")
> Cc: Adrian Hunter <[email protected]>
> Cc: Alexander Shishkin <[email protected]>
> Cc: Andi Kleen <[email protected]>
> Cc: [email protected]
> Cc: Jiri Olsa <[email protected]>
> Cc: Leo Yan <[email protected]>
> Cc: Mark Rutland <[email protected]>
> Cc: Namhyung Kim <[email protected]>
> Cc: Peter Zijlstra <[email protected]>
> Cc: Stephane Eranian <[email protected]>
> Signed-off-by: Arnaldo Carvalho de Melo <[email protected]>
> Signed-off-by: Sasha Levin <[email protected]>
stable rc 4.14 perf build broken.
> ---
> tools/perf/util/parse-events.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/tools/perf/util/parse-events.c b/tools/perf/util/parse-events.c
> index 2733cdfdf04c6..ba973bdfaa657 100644
> --- a/tools/perf/util/parse-events.c
> +++ b/tools/perf/util/parse-events.c
> @@ -1258,7 +1258,8 @@ static int __parse_events_add_pmu(struct parse_events_state *parse_state,
>
> list_for_each_entry_safe(pos, tmp, &config_terms, list) {
> list_del_init(&pos->list);
> - zfree(&pos->val.str);
> + if (pos->free_str)
> + zfree(&pos->val.str);
> free(pos);
> }
> return -EINVAL;
util/parse-events.c: In function '__parse_events_add_pmu':
util/parse-events.c:1261:11: error: 'struct perf_evsel_config_term'
has no member named 'free_str'
if (pos->free_str)
^~
In file included from util/evlist.h:14:0,
from util/parse-events.c:10:
util/parse-events.c:1262:20: error: 'union <anonymous>' has no member
named 'str'
zfree(&pos->val.str);
^
util/util.h:27:29: note: in definition of macro 'zfree'
#define zfree(ptr) ({ free(*ptr); *ptr = NULL; })
^~~
util/parse-events.c:1262:20: error: 'union <anonymous>' has no member
named 'str'
zfree(&pos->val.str);
^
util/util.h:27:36: note: in definition of macro 'zfree'
#define zfree(ptr) ({ free(*ptr); *ptr = NULL; })
^~~
Reported-by: Naresh Kamboju <[email protected]>
full build link,
https://ci.linaro.org/view/lkft/job/openembedded-lkft-linux-stable-rc-4.14/DISTRO=lkft,MACHINE=intel-corei7-64,label=docker-lkft/938/consoleText
--
Linaro LKFT
https://lkft.linaro.org
> --
> 2.25.1
>
On Tue, Sep 29, 2020 at 01:24:32AM +0530, Naresh Kamboju wrote:
>On Fri, 18 Sep 2020 at 08:00, Sasha Levin <[email protected]> wrote:
>>
>> From: Arnaldo Carvalho de Melo <[email protected]>
>>
>> [ Upstream commit 7fcdccd4237724931d9773d1e3039bfe053a6f52 ]
>>
>> When applying a patch by Ian I incorrectly converted to zfree() an
>> expression that involved testing some other struct member, not the one
>> being freed, which lead to bugs reproduceable by:
>>
>> $ perf stat -e i/bs,tsc,L2/o sleep 1
>> WARNING: multiple event parsing errors
>> Segmentation fault (core dumped)
>> $
>>
>> Fix it by restoring the test for pos->free_str before freeing
>> pos->val.str, but continue using zfree(&pos->val.str) to set that member
>> to NULL after freeing it.
>>
>> Reported-by: Ian Rogers <[email protected]>
>> Fixes: e8dfb81838b1 ("perf parse-events: Fix memory leaks found on parse_events")
>> Cc: Adrian Hunter <[email protected]>
>> Cc: Alexander Shishkin <[email protected]>
>> Cc: Andi Kleen <[email protected]>
>> Cc: [email protected]
>> Cc: Jiri Olsa <[email protected]>
>> Cc: Leo Yan <[email protected]>
>> Cc: Mark Rutland <[email protected]>
>> Cc: Namhyung Kim <[email protected]>
>> Cc: Peter Zijlstra <[email protected]>
>> Cc: Stephane Eranian <[email protected]>
>> Signed-off-by: Arnaldo Carvalho de Melo <[email protected]>
>> Signed-off-by: Sasha Levin <[email protected]>
>
>stable rc 4.14 perf build broken.
Dropped, thanks!
--
Thanks,
Sasha