Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp5553572ybf; Thu, 5 Mar 2020 02:48:13 -0800 (PST) X-Google-Smtp-Source: ADFU+vtfgnHGDfoAmOZbPKkrMK4yrWIiuDpmTey7nGMt62XWTioiKQRkWwsUN4QQQhOhvW5bcUT4 X-Received: by 2002:a9d:48d:: with SMTP id 13mr5764074otm.249.1583405293216; Thu, 05 Mar 2020 02:48:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1583405293; cv=none; d=google.com; s=arc-20160816; b=v37xguoptWTSL9pAFfQ6kot9qI9gSd+SEiXxXD5927YKusu0aYgEXITi5gs12l+IaP mZm6575h1Q2HDKSTPx4WNXswjtUeJCZjGK/bKkiZpSREJ5BC36qkOvjOCVMf/PyF35DH EGHydUD9zbXga38wCNTxcn2nMMbT8XQishQzhQsoYWER+61m4bilWVyNwTQ/dl2hqE8E Bd32CsUqAWvdmrst67hWB5DMY94cxHWgDPyuCt/mY4nbhmLi+ZSSEfUnuKqZ0Mp4+yQi /ZoE7EwsVcf8vtQHRdlumymMnAeX0q/xCHXLUhqdRIDbTBr7ZcdmciISqeZ4xDmENg9S oFmQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:subject:to :from; bh=gSues9MPNVqsf1QunMoCF720m+mzD+vWAF9N99WNajo=; b=mlDlfAufOS8k7t6lXd97Eup66HrHfokchCvSpf9GKq4NlcFvMEOxs4dwNAqKnz3++e 53Z+4skIkqOEDW2uAW6EKRfUC2cjr962gAN5pch7KPC/2qGdhqMspV/1rzgVbYGQGgqM XnFNcHeCNk74A/CTyN0tj0QB87CKVAqIxz46J7EfxEQdVD1vd5qmvS8FNa8b3wZQ+XGm Lh/QgRpbDeVM/lPBZ2cnaTmUTL3cMADtz18VY/V72IagP3jCb/NV0DA6E9Q7ccey6+M0 HsXJEi3HAyzBAv2XCiBGsZtcxTvRoJR1UyKIaJy7CfEReQ3TVLMl7mFZyAkuMXKPD8W2 2+hw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d7si3508043ote.131.2020.03.05.02.48.02; Thu, 05 Mar 2020 02:48:13 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727083AbgCEKrd (ORCPT + 99 others); Thu, 5 Mar 2020 05:47:33 -0500 Received: from mail.windriver.com ([147.11.1.11]:52070 "EHLO mail.windriver.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725912AbgCEKrc (ORCPT ); Thu, 5 Mar 2020 05:47:32 -0500 Received: from ALA-HCA.corp.ad.wrs.com (ala-hca.corp.ad.wrs.com [147.11.189.40]) by mail.windriver.com (8.15.2/8.15.2) with ESMTPS id 025AlMc0007664 (version=TLSv1 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 5 Mar 2020 02:47:22 -0800 (PST) Received: from pek-lpg-core2.corp.ad.wrs.com (128.224.153.41) by ALA-HCA.corp.ad.wrs.com (147.11.189.40) with Microsoft SMTP Server id 14.3.487.0; Thu, 5 Mar 2020 02:47:21 -0800 From: To: , , , , , Subject: [PATCH] perf: Fix crash due to null pointer dereference when iterating cpu map Date: Thu, 5 Mar 2020 18:47:19 +0800 Message-ID: <1583405239-352868-1-git-send-email-zhe.he@windriver.com> X-Mailer: git-send-email 2.7.4 MIME-Version: 1.0 Content-Type: text/plain Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: He Zhe NULL pointer may be passed to perf_cpu_map__cpu and then cause the following crash. perf ftrace -G start_kernel ls failed to set tracing filters [ 208.710716] perf[341]: segfault at 4 ip 00000000567c7c98 sp 00000000ff937ae0 error 4 in perf[56630000+1b2000] [ 208.724778] Code: fc ff ff e8 aa 9b 01 00 8d b4 26 00 00 00 00 8d 76 00 55 89 e5 83 ec 18 65 8b 0d 14 00 00 00 89 4d f4 31 c9 8b 45 08 8b9 Segmentation fault Program received signal SIGSEGV, Segmentation fault. 0x5677dc98 in perf_cpu_map__cpu (cpus=0x0, idx=0) at cpumap.c:250 250 cpumap.c: No such file or directory. (gdb) bt 0 0x5677dc98 in perf_cpu_map__cpu (cpus=0x0, idx=0) at cpumap.c:250 1 0x566790bd in evlist__close (evlist=0x56a6f470) at util/evlist.c:1222 2 0x566792aa in evlist__delete (evlist=evlist@entry=0x56a6f470) at util/evlist.c:152 3 0x5667936b in evlist__delete (evlist=0x56a6f470) at util/evlist.c:148 4 0x565efd39 in cmd_ftrace (argc=1, argv=0xffffdd18) at builtin-ftrace.c:520 5 0x56660ee7 in run_builtin (p=0x56993004 , argc=4, argv=0xffffdd18) at perf.c:312 6 0x565e7fae in handle_internal_command (argv=, argc=) at perf.c:364 7 run_argv (argcp=, argv=) at perf.c:408 8 main (argc=, argv=) at perf.c:538 Add null pointer check for iteration and NULL assignment for all_cpus. And there is no need to iterate if there is no cpus. Signed-off-by: He Zhe --- tools/lib/perf/cpumap.c | 4 ++-- tools/lib/perf/evlist.c | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/tools/lib/perf/cpumap.c b/tools/lib/perf/cpumap.c index f93f4e703e4c..128386647ac0 100644 --- a/tools/lib/perf/cpumap.c +++ b/tools/lib/perf/cpumap.c @@ -247,7 +247,7 @@ struct perf_cpu_map *perf_cpu_map__new(const char *cpu_list) int perf_cpu_map__cpu(const struct perf_cpu_map *cpus, int idx) { - if (idx < cpus->nr) + if (cpus && idx < cpus->nr) return cpus->map[idx]; return -1; @@ -255,7 +255,7 @@ int perf_cpu_map__cpu(const struct perf_cpu_map *cpus, int idx) int perf_cpu_map__nr(const struct perf_cpu_map *cpus) { - return cpus ? cpus->nr : 1; + return cpus ? cpus->nr : 0; } bool perf_cpu_map__empty(const struct perf_cpu_map *map) diff --git a/tools/lib/perf/evlist.c b/tools/lib/perf/evlist.c index ae9e65aa2491..d57adf3020fe 100644 --- a/tools/lib/perf/evlist.c +++ b/tools/lib/perf/evlist.c @@ -127,6 +127,7 @@ void perf_evlist__exit(struct perf_evlist *evlist) perf_cpu_map__put(evlist->cpus); perf_thread_map__put(evlist->threads); evlist->cpus = NULL; + evlist->all_cpus = NULL; evlist->threads = NULL; fdarray__exit(&evlist->pollfd); } -- 2.24.1