Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753152AbdDKI24 (ORCPT <rfc822;w@1wt.eu>);
        Tue, 11 Apr 2017 04:28:56 -0400
Received: from mga05.intel.com ([192.55.52.43]:18431 "EHLO mga05.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751390AbdDKI2y (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 11 Apr 2017 04:28:54 -0400
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.37,184,1488873600"; 
   d="asc'?scan'208";a="1133863381"
Date: Tue, 11 Apr 2017 16:25:50 +0800
From: "Du, Changbin" <changbin.du@intel.com>
To: Jiri Olsa <jolsa@redhat.com>
Cc: "Du, Changbin" <changbin.du@intel.com>,
        Arnaldo Carvalho de Melo <acme@kernel.org>,
        Namhyung Kim <namhyung@kernel.org>, Jiri Olsa <jolsa@kernel.org>,
        peterz@infradead.org, mingo@redhat.com, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2] perf: fix double free at function
 perf_hpp__reset_output_field
Message-ID: <20170411082550.GA5894@intel.com>
References: <20170315021631.31980-1-changbin.du@intel.com>
 <20170327062255.27309-1-changbin.du@intel.com>
 <20170404151940.GD12903@kernel.org>
 <20170410083950.GD25354@krava>
 <20170410102111.GA6437@intel.com>
 <20170410113325.GE25354@krava>
 <20170411030614.GA9155@intel.com>
 <20170411073545.GA13796@krava>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="9amGYk9869ThD9tj"
Content-Disposition: inline
In-Reply-To: <20170411073545.GA13796@krava>
User-Agent: Mutt/1.5.24 (2015-08-30)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1777
Lines: 62


--9amGYk9869ThD9tj
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

> > (gdb) print fmt.sort_list
> > $5 =3D {next =3D 0x9727d0 <perf_hpp_list+16>, prev =3D 0x9727d0 <perf_h=
pp_list+16>}
> >=20
> > In this case, the fmt is linked in sort_list, but not in list. So crash
> > at the list_del_init(&fmt->list) of second loop.
>=20
> so the only place I can see the POISON could get there
> is in perf_hpp__column_unregister.. can't we just get
> rid of it like below
>=20
> jirka
>=20
>=20
> ---
> diff --git a/tools/perf/ui/hist.c b/tools/perf/ui/hist.c
> index 5d632dca672a..7577effbf746 100644
> --- a/tools/perf/ui/hist.c
> +++ b/tools/perf/ui/hist.c
> @@ -529,7 +529,7 @@ void perf_hpp_list__prepend_sort_field(struct perf_hp=
p_list *list,
> =20
>  void perf_hpp__column_unregister(struct perf_hpp_fmt *format)
>  {
> -	list_del(&format->list);
> +	list_del_init(&format->list);
>  }
> =20
yes, this is an option. But for safety, I sugguest do not rely on list_del_=
init.
No rule rather than create one.

But anyway, both are ok for me. What's your options?

>  void perf_hpp__cancel_cumulate(void)

--=20
Thanks,
Changbin Du

--9amGYk9869ThD9tj
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJY7JMOAAoJEAanuZwLnPNUSZQH/25UCNlwpE2onzo1ugq6zfC2
2IR5PGTxGqbChOSj43kzuuYMWNSjutf7izUduiqV/qiEcGfzRv39GyITJNymAuM9
8NHu/tRXqOYev1kCNaXQuV/LfvFZ7yumFogypUUzXi9ReO587lyvNvKUVkxZCI/5
bRKcXYFbe7RJGDuew3hAqd2JAiGY3nNKw+yvKG+dh+a9EPMcLYzs9rr1T9mkM6zI
neVm9AbW/kD8MsLLlRrD5g8lwdOqwtoMgVlZRScd6BQIiS6RRv9itTc30HgJShUV
1ZEe/KlqkrYzA8awhwrjXAnpUcEdnOXe/TjYir0TD1Am13HAHLTASj/i6qB2Jh0=
=T13b
-----END PGP SIGNATURE-----

--9amGYk9869ThD9tj--