Received: by 2002:a05:7412:251c:b0:e2:908c:2ebd with SMTP id w28csp2186172rda; Tue, 24 Oct 2023 15:27:47 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHXLR+mJr4fehht76FJ2YsJgP1ODRvnOe2SYqBP0lcQItULano+SEskM3Cwwb1a/F6PChIC X-Received: by 2002:a05:6a21:66c9:b0:15d:607b:5a39 with SMTP id ze9-20020a056a2166c900b0015d607b5a39mr2947917pzb.30.1698186467527; Tue, 24 Oct 2023 15:27:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1698186467; cv=none; d=google.com; s=arc-20160816; b=lqEtVmmf7nk4/JuawaJ9L7iOWnhgBXOTMGu23t4Xs5s0/KI6PqsE5M64/NlpwM91b+ qSEissKqhDRtIhJytVr0FhwaH7tqSQmc/rigYhLp7JBvuC/Sd4UquerpzcZRgHoq906k WQhDq85wrXHFS+MHiBc6Jig41k3dR3W0TLR6BrIiMBI1JIcuA22U1UukSZxX9bEzbgM+ X55tYND5HSUlV6MhKggYzuOcAXLxbhnQc1sjON2KaFVNjMFV62cErPUe7SJL7PGu2m5K JYB3H0J1LPBfmPL3LiywjAsnPzpUmQXr4NHBjoCZ4hsRzbLCAPkHZvJL1Zslb0MW5+4Y d96g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:to:from:subject:references:mime-version :message-id:in-reply-to:date:dkim-signature; bh=QoN6caU65OY1ObCT0xDOKeDiLbElopBLreETwsjwODA=; fh=NAro5oTsDEB2Or99ABwb774QJkwQSkr6EoLVqn/Yde0=; b=MC1wepCpr/1dyM/PxPGgxLgv3nccewkBs4qaMyxp9CiR+KDRebOwwYrzWw6tt6gTwV xtOIi6CCUu9Wgn54nfkXAP7moDtqXjoxdSX8n9SDnmRk95JSmFFrwSZWqduflQWRz78O GYrL42VsbmiLoflqjSz2ECv7XppXyj3en0sOTAlZeGIC1QAHmE/7LM6wTI9w+2O24pqr rZQQsYsGCcrhAIL3bSgfZB6u4p51VAd6V3ycg/auWPhRnlrWijnPZ+ZlxSzWgctx3e3x QiVQrP7iqPVAeppYBbazMCMsPpcCPENCZ6hgS1Bqe9v6uPKrBJwqMHEYZtdHQ3bVc+Ru luWQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=iyn0IFHk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from morse.vger.email (morse.vger.email. [2620:137:e000::3:1]) by mx.google.com with ESMTPS id i26-20020aa796fa000000b006bf8421f0e7si5086268pfq.211.2023.10.24.15.27.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Oct 2023 15:27:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) client-ip=2620:137:e000::3:1; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=iyn0IFHk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id EC81E809DE4E; Tue, 24 Oct 2023 15:27:12 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344466AbjJXW1A (ORCPT + 99 others); Tue, 24 Oct 2023 18:27:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41218 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344625AbjJXW03 (ORCPT ); Tue, 24 Oct 2023 18:26:29 -0400 Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com [IPv6:2607:f8b0:4864:20::114a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6CCEF30EF for ; Tue, 24 Oct 2023 15:25:41 -0700 (PDT) Received: by mail-yw1-x114a.google.com with SMTP id 00721157ae682-5a7fb3f311bso64650707b3.2 for ; Tue, 24 Oct 2023 15:25:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1698186340; x=1698791140; darn=vger.kernel.org; h=to:from:subject:references:mime-version:message-id:in-reply-to:date :from:to:cc:subject:date:message-id:reply-to; bh=QoN6caU65OY1ObCT0xDOKeDiLbElopBLreETwsjwODA=; b=iyn0IFHkuuyBIi5nwyEFFlld9VzXFpyHKy3cLX/gm/AttIf2WEZoCJyer6pfpkZCuY T7+VBBq9I5Ah0Tl6yHl/kFYtdOtblukdoOXxqDvviJ64XSBfo4VTICWTA1YYKZY2gGFw /FzgdIwiifCPJM/4lV892d6a446AYowhm8Uw9Ct09jy62p/5JkFDVKaDAkwFPDLlLJ9T CZ0mKhrQItTyF3JCqEsWnKkmM17UnM+cEyRQkbavTS9ZHk1NhdVAKwPWxSfTTjtLADop fPLGggTl5mRM8tYOZ1Wob5BI3C6LqEmclmUYOCIieocl0PgM7qzo3DBNF8olvG+vAspp YMTg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698186340; x=1698791140; h=to:from:subject:references:mime-version:message-id:in-reply-to:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=QoN6caU65OY1ObCT0xDOKeDiLbElopBLreETwsjwODA=; b=somQkyM2NwF+LYAMKul9L2mOQWAJhwCc2nZ8i+0jAhZ+EZwIRa26dSGjUgvQj+/1Qv KqW0sb7gtUT+pQf2KgOM6+VcQ+ztKjkYp18h030mZORATIO5/ee+QWoiGY1ZJKHoKxAJ fK20xkr8A4oQUNb8MiPkst2Yi+ChMkP1HC48xSimZGjcWZaUWfQVBkjij+tdqx7QbiXJ 4tYLh2KHsqKvzz82ia2lBna8XhKQvsDLf05QWe+lT2ZAAjEFkJ2krAmZ4e+eE1/dR2D/ XHiq/8QOOL7AmqWfjS/e7ddecwj/1PsFHc3Pdst1oS6HQO7gmSfXe6lg5cODTvoyHuZr SBnQ== X-Gm-Message-State: AOJu0YyLzfd4HZ81jQn7D2LwrRgmbAtlZUGZtCiYHXRhdyXvGsmyr9qy 8yBqaIU+MdOVO1vpAqFSU9JjHSeQ/Pxw X-Received: from irogers.svl.corp.google.com ([2620:15c:2a3:200:93d2:18cc:4d63:45ba]) (user=irogers job=sendgmr) by 2002:a0d:cb89:0:b0:586:50cf:e13f with SMTP id n131-20020a0dcb89000000b0058650cfe13fmr303997ywd.1.1698186340731; Tue, 24 Oct 2023 15:25:40 -0700 (PDT) Date: Tue, 24 Oct 2023 15:23:42 -0700 In-Reply-To: <20231024222353.3024098-1-irogers@google.com> Message-Id: <20231024222353.3024098-40-irogers@google.com> Mime-Version: 1.0 References: <20231024222353.3024098-1-irogers@google.com> X-Mailer: git-send-email 2.42.0.758.gaed0368e0e-goog Subject: [PATCH v3 39/50] perf maps: Get map before returning in maps__find From: Ian Rogers To: Peter Zijlstra , Ingo Molnar , Arnaldo Carvalho de Melo , Mark Rutland , Alexander Shishkin , Jiri Olsa , Namhyung Kim , Ian Rogers , Adrian Hunter , Nick Terrell , Kan Liang , Andi Kleen , Leo Yan , Song Liu , Sandipan Das , James Clark , Anshuman Khandual , Miguel Ojeda , Liam Howlett , Yang Jihong , Athira Rajeev , Kajol Jain , K Prateek Nayak , Sean Christopherson , Yanteng Si , Ravi Bangoria , German Gomez , Changbin Du , Paolo Bonzini , Masami Hiramatsu , liuwenyu , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-8.4 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Tue, 24 Oct 2023 15:27:13 -0700 (PDT) Finding a map is done under a lock, returning the map without a reference count means it can be removed without notice and causing uses after free. Grab a reference count to the map within the lock region and return this. Fix up locations that need a map__put following this. Signed-off-by: Ian Rogers --- tools/perf/arch/x86/tests/dwarf-unwind.c | 1 + tools/perf/tests/vmlinux-kallsyms.c | 5 ++--- tools/perf/util/bpf-event.c | 1 + tools/perf/util/event.c | 4 ++-- tools/perf/util/machine.c | 22 ++++++++-------------- tools/perf/util/maps.c | 17 ++++++++++------- tools/perf/util/symbol.c | 3 ++- 7 files changed, 26 insertions(+), 27 deletions(-) diff --git a/tools/perf/arch/x86/tests/dwarf-unwind.c b/tools/perf/arch/x86/tests/dwarf-unwind.c index 5bfec3345d59..c05c0a85dad4 100644 --- a/tools/perf/arch/x86/tests/dwarf-unwind.c +++ b/tools/perf/arch/x86/tests/dwarf-unwind.c @@ -34,6 +34,7 @@ static int sample_ustack(struct perf_sample *sample, } stack_size = map__end(map) - sp; + map__put(map); stack_size = stack_size > STACK_SIZE ? STACK_SIZE : stack_size; memcpy(buf, (void *) sp, stack_size); diff --git a/tools/perf/tests/vmlinux-kallsyms.c b/tools/perf/tests/vmlinux-kallsyms.c index 822f893e67d5..e808e6fc8f76 100644 --- a/tools/perf/tests/vmlinux-kallsyms.c +++ b/tools/perf/tests/vmlinux-kallsyms.c @@ -151,10 +151,8 @@ static int test__vmlinux_matches_kallsyms_cb2(struct map *map, void *data) u64 mem_end = map__unmap_ip(args->vmlinux_map, map__end(map)); pair = maps__find(args->kallsyms.kmaps, mem_start); - if (pair == NULL || map__priv(pair)) - return 0; - if (map__start(pair) == mem_start) { + if (pair != NULL && !map__priv(pair) && map__start(pair) == mem_start) { struct dso *dso = map__dso(map); if (!args->header_printed) { @@ -170,6 +168,7 @@ static int test__vmlinux_matches_kallsyms_cb2(struct map *map, void *data) pr_info(" %s\n", dso->name); map__set_priv(pair, 1); } + map__put(pair); return 0; } diff --git a/tools/perf/util/bpf-event.c b/tools/perf/util/bpf-event.c index 830711cae30d..d07fd5ffa823 100644 --- a/tools/perf/util/bpf-event.c +++ b/tools/perf/util/bpf-event.c @@ -63,6 +63,7 @@ static int machine__process_bpf_event_load(struct machine *machine, dso->bpf_prog.id = id; dso->bpf_prog.sub_id = i; dso->bpf_prog.env = env; + map__put(map); } } return 0; diff --git a/tools/perf/util/event.c b/tools/perf/util/event.c index 68f45e9e63b6..198903157f9e 100644 --- a/tools/perf/util/event.c +++ b/tools/perf/util/event.c @@ -511,7 +511,7 @@ size_t perf_event__fprintf_text_poke(union perf_event *event, struct machine *ma struct addr_location al; addr_location__init(&al); - al.map = map__get(maps__find(machine__kernel_maps(machine), tp->addr)); + al.map = maps__find(machine__kernel_maps(machine), tp->addr); if (al.map && map__load(al.map) >= 0) { al.addr = map__map_ip(al.map, tp->addr); al.sym = map__find_symbol(al.map, al.addr); @@ -641,7 +641,7 @@ struct map *thread__find_map(struct thread *thread, u8 cpumode, u64 addr, return NULL; } al->maps = maps__get(maps); - al->map = map__get(maps__find(maps, al->addr)); + al->map = maps__find(maps, al->addr); if (al->map != NULL) { /* * Kernel maps might be changed when loading symbols so loading diff --git a/tools/perf/util/machine.c b/tools/perf/util/machine.c index ab345604f274..1112a9dbb21a 100644 --- a/tools/perf/util/machine.c +++ b/tools/perf/util/machine.c @@ -897,7 +897,6 @@ static int machine__process_ksymbol_register(struct machine *machine, struct symbol *sym; struct dso *dso; struct map *map = maps__find(machine__kernel_maps(machine), event->ksymbol.addr); - bool put_map = false; int err = 0; if (!map) { @@ -914,12 +913,6 @@ static int machine__process_ksymbol_register(struct machine *machine, err = -ENOMEM; goto out; } - /* - * The inserted map has a get on it, we need to put to release - * the reference count here, but do it after all accesses are - * done. - */ - put_map = true; if (event->ksymbol.ksym_type == PERF_RECORD_KSYMBOL_TYPE_OOL) { dso->binary_type = DSO_BINARY_TYPE__OOL; dso->data.file_size = event->ksymbol.len; @@ -953,8 +946,7 @@ static int machine__process_ksymbol_register(struct machine *machine, } dso__insert_symbol(dso, sym); out: - if (put_map) - map__put(map); + map__put(map); return err; } @@ -978,7 +970,7 @@ static int machine__process_ksymbol_unregister(struct machine *machine, if (sym) dso__delete_symbol(dso, sym); } - + map__put(map); return 0; } @@ -1006,11 +998,11 @@ int machine__process_text_poke(struct machine *machine, union perf_event *event, perf_event__fprintf_text_poke(event, machine, stdout); if (!event->text_poke.new_len) - return 0; + goto out; if (cpumode != PERF_RECORD_MISC_KERNEL) { pr_debug("%s: unsupported cpumode - ignoring\n", __func__); - return 0; + goto out; } if (dso) { @@ -1033,7 +1025,8 @@ int machine__process_text_poke(struct machine *machine, union perf_event *event, pr_debug("Failed to find kernel text poke address map for %#" PRI_lx64 "\n", event->text_poke.addr); } - +out: + map__put(map); return 0; } @@ -1301,9 +1294,10 @@ static int machine__map_x86_64_entry_trampolines_cb(struct map *map, void *data) return 0; dest_map = maps__find(args->kmaps, map__pgoff(map)); - if (dest_map != map) + if (RC_CHK_ACCESS(dest_map) != RC_CHK_ACCESS(map)) map__set_pgoff(map, map__map_ip(dest_map, map__pgoff(map))); + map__put(dest_map); args->found = true; return 0; } diff --git a/tools/perf/util/maps.c b/tools/perf/util/maps.c index 06fdd8a7c2a2..28facfdac1d7 100644 --- a/tools/perf/util/maps.c +++ b/tools/perf/util/maps.c @@ -487,15 +487,18 @@ void maps__remove_maps(struct maps *maps, bool (*cb)(struct map *map, void *data struct symbol *maps__find_symbol(struct maps *maps, u64 addr, struct map **mapp) { struct map *map = maps__find(maps, addr); + struct symbol *result = NULL; /* Ensure map is loaded before using map->map_ip */ if (map != NULL && map__load(map) >= 0) { - if (mapp != NULL) - *mapp = map; // TODO: map_put on else path when find returns a get. - return map__find_symbol(map, map__map_ip(map, addr)); - } + if (mapp) + *mapp = map; - return NULL; + result = map__find_symbol(map, map__map_ip(map, addr)); + if (!mapp) + map__put(map); + } + return result; } struct maps__find_symbol_by_name_args { @@ -539,7 +542,7 @@ int maps__find_ams(struct maps *maps, struct addr_map_symbol *ams) if (ams->addr < map__start(ams->ms.map) || ams->addr >= map__end(ams->ms.map)) { if (maps == NULL) return -1; - ams->ms.map = maps__find(maps, ams->addr); // TODO: map_get + ams->ms.map = maps__find(maps, ams->addr); if (ams->ms.map == NULL) return -1; } @@ -848,7 +851,7 @@ struct map *maps__find(struct maps *maps, u64 ip) sizeof(*mapp), map__addr_cmp); if (mapp) - result = *mapp; // map__get(*mapp); + result = map__get(*mapp); done = true; } up_read(maps__lock(maps)); diff --git a/tools/perf/util/symbol.c b/tools/perf/util/symbol.c index 30da8a405d11..ad4819a24320 100644 --- a/tools/perf/util/symbol.c +++ b/tools/perf/util/symbol.c @@ -757,7 +757,6 @@ static int dso__load_all_kallsyms(struct dso *dso, const char *filename) static int maps__split_kallsyms_for_kcore(struct maps *kmaps, struct dso *dso) { - struct map *curr_map; struct symbol *pos; int count = 0; struct rb_root_cached old_root = dso->symbols; @@ -770,6 +769,7 @@ static int maps__split_kallsyms_for_kcore(struct maps *kmaps, struct dso *dso) *root = RB_ROOT_CACHED; while (next) { + struct map *curr_map; struct dso *curr_map_dso; char *module; @@ -796,6 +796,7 @@ static int maps__split_kallsyms_for_kcore(struct maps *kmaps, struct dso *dso) pos->end -= map__start(curr_map) - map__pgoff(curr_map); symbols__insert(&curr_map_dso->symbols, pos); ++count; + map__put(curr_map); } /* Symbols have been adjusted */ -- 2.42.0.758.gaed0368e0e-goog