From patchwork Tue Jul 9 18:31:03 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [02/25] perf stat: Fix use-after-freed pointer detected by the smatch tool X-Patchwork-Submitter: Arnaldo Carvalho de Melo X-Patchwork-Id: 168755 Message-Id: <20190709183126.30257-3-acme@kernel.org> To: Ingo Molnar , Thomas Gleixner Cc: Jiri Olsa , Namhyung Kim , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Leo Yan , Adrian Hunter , Alexander Shishkin , Alexey Budankov , Alexios Zavras , Andi Kleen , Changbin Du , Davidlohr Bueso , "David S . Miller" , Eric Saint-Etienne , Jin Yao , Konstantin Khlebnikov , linux-arm-kernel@lists.infradead.org, Mathieu Poirier , Peter Zijlstra , Rasmus Villemoes , Song Liu , Suzuki Poulouse , Thomas Richter , Arnaldo Carvalho de Melo Date: Tue, 9 Jul 2019 15:31:03 -0300 From: Arnaldo Carvalho de Melo List-Id: From: Leo Yan Based on the following report from Smatch, fix the use-after-freed pointer. tools/perf/builtin-stat.c:1353 add_default_attributes() warn: passing freed memory 'str'. The pointer 'str' has been freed but later it is still passed into the function parse_events_print_error(). This patch fixes this use-after-freed issue. Signed-off-by: Leo Yan Acked-by: Jiri Olsa Cc: Adrian Hunter Cc: Alexander Shishkin Cc: Alexey Budankov Cc: Alexios Zavras Cc: Andi Kleen Cc: Changbin Du Cc: Davidlohr Bueso Cc: David S. Miller Cc: Eric Saint-Etienne Cc: Jin Yao Cc: Konstantin Khlebnikov Cc: linux-arm-kernel@lists.infradead.org Cc: Mathieu Poirier Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Rasmus Villemoes Cc: Song Liu Cc: Suzuki Poulouse Cc: Thomas Gleixner Cc: Thomas Richter Link: http://lkml.kernel.org/r/20190702103420.27540-3-leo.yan@linaro.org Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/builtin-stat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.21.0 diff --git a/tools/perf/builtin-stat.c b/tools/perf/builtin-stat.c index e5e19b461061..b81f7b197d24 100644 --- a/tools/perf/builtin-stat.c +++ b/tools/perf/builtin-stat.c @@ -1349,8 +1349,8 @@ static int add_default_attributes(void) fprintf(stderr, "Cannot set up top down events %s: %d\n", str, err); - free(str); parse_events_print_error(&errinfo, str); + free(str); return -1; } } else { From patchwork Tue Jul 9 18:31:04 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [03/25] perf top: Fix potential NULL pointer dereference detected by the smatch tool X-Patchwork-Submitter: Arnaldo Carvalho de Melo X-Patchwork-Id: 168756 Message-Id: <20190709183126.30257-4-acme@kernel.org> To: Ingo Molnar , Thomas Gleixner Cc: Jiri Olsa , Namhyung Kim , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Leo Yan , Adrian Hunter , Alexander Shishkin , Alexey Budankov , Alexios Zavras , Andi Kleen , Changbin Du , "David S . Miller" , Davidlohr Bueso , Eric Saint-Etienne , Jin Yao , Konstantin Khlebnikov , Mathieu Poirier , Peter Zijlstra , Rasmus Villemoes , Song Liu , Suzuki Poulouse , Thomas Richter , linux-arm-kernel@lists.infradead.org, Arnaldo Carvalho de Melo Date: Tue, 9 Jul 2019 15:31:04 -0300 From: Arnaldo Carvalho de Melo List-Id: From: Leo Yan Based on the following report from Smatch, fix the potential NULL pointer dereference check. tools/perf/builtin-top.c:109 perf_top__parse_source() warn: variable dereferenced before check 'he' (see line 103) tools/perf/builtin-top.c:233 perf_top__show_details() warn: variable dereferenced before check 'he' (see line 228) tools/perf/builtin-top.c 101 static int perf_top__parse_source(struct perf_top *top, struct hist_entry *he) 102 { 103 struct perf_evsel *evsel = hists_to_evsel(he->hists); ^^^^ 104 struct symbol *sym; 105 struct annotation *notes; 106 struct map *map; 107 int err = -1; 108 109 if (!he || !he->ms.sym) 110 return -1; This patch moves the values assignment after validating pointer 'he'. Signed-off-by: Leo Yan Acked-by: Jiri Olsa Cc: Adrian Hunter Cc: Alexander Shishkin Cc: Alexey Budankov Cc: Alexios Zavras Cc: Andi Kleen Cc: Changbin Du Cc: David S. Miller Cc: Davidlohr Bueso Cc: Eric Saint-Etienne Cc: Jin Yao Cc: Konstantin Khlebnikov Cc: Mathieu Poirier Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Rasmus Villemoes Cc: Song Liu Cc: Suzuki Poulouse Cc: Thomas Gleixner Cc: Thomas Richter Cc: linux-arm-kernel@lists.infradead.org Link: http://lkml.kernel.org/r/20190702103420.27540-4-leo.yan@linaro.org Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/builtin-top.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) -- 2.21.0 diff --git a/tools/perf/builtin-top.c b/tools/perf/builtin-top.c index 6d40a4ef58c5..b46b3c9f57a0 100644 --- a/tools/perf/builtin-top.c +++ b/tools/perf/builtin-top.c @@ -101,7 +101,7 @@ static void perf_top__resize(struct perf_top *top) static int perf_top__parse_source(struct perf_top *top, struct hist_entry *he) { - struct perf_evsel *evsel = hists_to_evsel(he->hists); + struct perf_evsel *evsel; struct symbol *sym; struct annotation *notes; struct map *map; @@ -110,6 +110,8 @@ static int perf_top__parse_source(struct perf_top *top, struct hist_entry *he) if (!he || !he->ms.sym) return -1; + evsel = hists_to_evsel(he->hists); + sym = he->ms.sym; map = he->ms.map; @@ -226,7 +228,7 @@ static void perf_top__record_precise_ip(struct perf_top *top, static void perf_top__show_details(struct perf_top *top) { struct hist_entry *he = top->sym_filter_entry; - struct perf_evsel *evsel = hists_to_evsel(he->hists); + struct perf_evsel *evsel; struct annotation *notes; struct symbol *symbol; int more; @@ -234,6 +236,8 @@ static void perf_top__show_details(struct perf_top *top) if (!he) return; + evsel = hists_to_evsel(he->hists); + symbol = he->ms.sym; notes = symbol__annotation(symbol); From patchwork Tue Jul 9 18:31:05 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [04/25] perf annotate: Fix dereferencing freed memory found by the smatch tool X-Patchwork-Submitter: Arnaldo Carvalho de Melo X-Patchwork-Id: 168757 Message-Id: <20190709183126.30257-5-acme@kernel.org> To: Ingo Molnar , Thomas Gleixner Cc: Jiri Olsa , Namhyung Kim , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Leo Yan , Adrian Hunter , Alexander Shishkin , Alexey Budankov , Alexios Zavras , Andi Kleen , Changbin Du , "David S . Miller" , Davidlohr Bueso , Eric Saint-Etienne , Jin Yao , Konstantin Khlebnikov , Mathieu Poirier , Peter Zijlstra , Rasmus Villemoes , Song Liu , Suzuki Poulouse , Thomas Richter , linux-arm-kernel@lists.infradead.org, Arnaldo Carvalho de Melo Date: Tue, 9 Jul 2019 15:31:05 -0300 From: Arnaldo Carvalho de Melo List-Id: From: Leo Yan Based on the following report from Smatch, fix the potential dereferencing freed memory check. tools/perf/util/annotate.c:1125 disasm_line__parse() error: dereferencing freed memory 'namep' tools/perf/util/annotate.c 1100 static int disasm_line__parse(char *line, const char **namep, char **rawp) 1101 { 1102 char tmp, *name = ltrim(line); [...] 1114 *namep = strdup(name); 1115 1116 if (*namep == NULL) 1117 goto out_free_name; [...] 1124 out_free_name: 1125 free((void *)namep); ^^^^^ 1126 *namep = NULL; ^^^^^^ 1127 return -1; 1128 } If strdup() fails to allocate memory space for *namep, we don't need to free memory with pointer 'namep', which is resident in data structure disasm_line::ins::name; and *namep is NULL pointer for this failure, so it's pointless to assign NULL to *namep again. Committer note: Freeing namep, which is the address of the first entry of the 'struct ins' that is the first member of struct disasm_line would in fact free that disasm_line instance, if it was allocated via malloc/calloc, which, later, would a dereference of freed memory. Signed-off-by: Leo Yan Acked-by: Jiri Olsa Cc: Adrian Hunter Cc: Alexander Shishkin Cc: Alexey Budankov Cc: Alexios Zavras Cc: Andi Kleen Cc: Changbin Du Cc: David S. Miller Cc: Davidlohr Bueso Cc: Eric Saint-Etienne Cc: Jin Yao Cc: Konstantin Khlebnikov Cc: Mathieu Poirier Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Rasmus Villemoes Cc: Song Liu Cc: Suzuki Poulouse Cc: Thomas Gleixner Cc: Thomas Richter Cc: linux-arm-kernel@lists.infradead.org Link: http://lkml.kernel.org/r/20190702103420.27540-5-leo.yan@linaro.org Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/annotate.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) -- 2.21.0 diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c index ec7aaf31c2b2..944a6507a5e3 100644 --- a/tools/perf/util/annotate.c +++ b/tools/perf/util/annotate.c @@ -1119,16 +1119,14 @@ static int disasm_line__parse(char *line, const char **namep, char **rawp) *namep = strdup(name); if (*namep == NULL) - goto out_free_name; + goto out; (*rawp)[0] = tmp; *rawp = skip_spaces(*rawp); return 0; -out_free_name: - free((void *)namep); - *namep = NULL; +out: return -1; } From patchwork Tue Jul 9 18:31:06 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [05/25] perf trace: Fix potential NULL pointer dereference found by the smatch tool X-Patchwork-Submitter: Arnaldo Carvalho de Melo X-Patchwork-Id: 168758 Message-Id: <20190709183126.30257-6-acme@kernel.org> To: Ingo Molnar , Thomas Gleixner Cc: Jiri Olsa , Namhyung Kim , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Leo Yan , Adrian Hunter , Alexander Shishkin , Alexey Budankov , Alexios Zavras , Andi Kleen , Changbin Du , "David S . Miller" , Davidlohr Bueso , Eric Saint-Etienne , Jin Yao , Konstantin Khlebnikov , Mathieu Poirier , Peter Zijlstra , Rasmus Villemoes , Song Liu , Suzuki Poulouse , Thomas Richter , linux-arm-kernel@lists.infradead.org, Arnaldo Carvalho de Melo Date: Tue, 9 Jul 2019 15:31:06 -0300 From: Arnaldo Carvalho de Melo List-Id: From: Leo Yan Based on the following report from Smatch, fix the potential NULL pointer dereference check. tools/perf/builtin-trace.c:1044 thread_trace__new() error: we previously assumed 'ttrace' could be null (see line 1041). tools/perf/builtin-trace.c 1037 static struct thread_trace *thread_trace__new(void) 1038 { 1039 struct thread_trace *ttrace = zalloc(sizeof(struct thread_trace)); 1040 1041 if (ttrace) 1042 ttrace->files.max = -1; 1043 1044 ttrace->syscall_stats = intlist__new(NULL); ^^^^^^^^ 1045 1046 return ttrace; 1047 } Signed-off-by: Leo Yan Acked-by: Jiri Olsa Cc: Adrian Hunter Cc: Alexander Shishkin Cc: Alexey Budankov Cc: Alexios Zavras Cc: Andi Kleen Cc: Changbin Du Cc: David S. Miller Cc: Davidlohr Bueso Cc: Eric Saint-Etienne Cc: Jin Yao Cc: Konstantin Khlebnikov Cc: Mathieu Poirier Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Rasmus Villemoes Cc: Song Liu Cc: Suzuki Poulouse Cc: Thomas Gleixner Cc: Thomas Richter Cc: linux-arm-kernel@lists.infradead.org Link: http://lkml.kernel.org/r/20190702103420.27540-6-leo.yan@linaro.org [ Just made it look like other tools/perf constructors, same end result ] Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/builtin-trace.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) -- 2.21.0 diff --git a/tools/perf/builtin-trace.c b/tools/perf/builtin-trace.c index d0eb7224dd36..e3fc9062f136 100644 --- a/tools/perf/builtin-trace.c +++ b/tools/perf/builtin-trace.c @@ -1038,10 +1038,10 @@ static struct thread_trace *thread_trace__new(void) { struct thread_trace *ttrace = zalloc(sizeof(struct thread_trace)); - if (ttrace) + if (ttrace) { ttrace->files.max = -1; - - ttrace->syscall_stats = intlist__new(NULL); + ttrace->syscall_stats = intlist__new(NULL); + } return ttrace; } From patchwork Tue Jul 9 18:31:07 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [06/25] perf map: Fix potential NULL pointer dereference found by smatch tool X-Patchwork-Submitter: Arnaldo Carvalho de Melo X-Patchwork-Id: 168759 Message-Id: <20190709183126.30257-7-acme@kernel.org> To: Ingo Molnar , Thomas Gleixner Cc: Jiri Olsa , Namhyung Kim , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Leo Yan , Adrian Hunter , Alexander Shishkin , Alexey Budankov , Alexios Zavras , Andi Kleen , Changbin Du , "David S . Miller" , Davidlohr Bueso , Eric Saint-Etienne , Jin Yao , Konstantin Khlebnikov , Mathieu Poirier , Peter Zijlstra , Rasmus Villemoes , Song Liu , Suzuki Poulouse , Thomas Richter , linux-arm-kernel@lists.infradead.org, Arnaldo Carvalho de Melo Date: Tue, 9 Jul 2019 15:31:07 -0300 From: Arnaldo Carvalho de Melo List-Id: From: Leo Yan Based on the following report from Smatch, fix the potential NULL pointer dereference check. tools/perf/util/map.c:479 map__fprintf_srccode() error: we previously assumed 'state' could be null (see line 466) tools/perf/util/map.c 465 /* Avoid redundant printing */ 466 if (state && 467 state->srcfile && 468 !strcmp(state->srcfile, srcfile) && 469 state->line == line) { 470 free(srcfile); 471 return 0; 472 } 473 474 srccode = find_sourceline(srcfile, line, &len); 475 if (!srccode) 476 goto out_free_line; 477 478 ret = fprintf(fp, "|%-8d %.*s", line, len, srccode); 479 state->srcfile = srcfile; ^^^^^^^ 480 state->line = line; ^^^^^^^ This patch validates 'state' pointer before access its elements. Signed-off-by: Leo Yan Acked-by: Jiri Olsa Cc: Adrian Hunter Cc: Alexander Shishkin Cc: Alexey Budankov Cc: Alexios Zavras Cc: Andi Kleen Cc: Changbin Du Cc: David S. Miller Cc: Davidlohr Bueso Cc: Eric Saint-Etienne Cc: Jin Yao Cc: Konstantin Khlebnikov Cc: Mathieu Poirier Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Rasmus Villemoes Cc: Song Liu Cc: Suzuki Poulouse Cc: Thomas Gleixner Cc: Thomas Richter Cc: linux-arm-kernel@lists.infradead.org Fixes: dd2e18e9ac20 ("perf tools: Support 'srccode' output") Link: http://lkml.kernel.org/r/20190702103420.27540-8-leo.yan@linaro.org Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/map.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) -- 2.21.0 diff --git a/tools/perf/util/map.c b/tools/perf/util/map.c index 6fce983c6115..5f87975d2562 100644 --- a/tools/perf/util/map.c +++ b/tools/perf/util/map.c @@ -476,8 +476,11 @@ int map__fprintf_srccode(struct map *map, u64 addr, goto out_free_line; ret = fprintf(fp, "|%-8d %.*s", line, len, srccode); - state->srcfile = srcfile; - state->line = line; + + if (state) { + state->srcfile = srcfile; + state->line = line; + } return ret; out_free_line: From patchwork Tue Jul 9 18:31:09 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [08/25] perf session: Fix potential NULL pointer dereference found by the smatch tool X-Patchwork-Submitter: Arnaldo Carvalho de Melo X-Patchwork-Id: 168760 Message-Id: <20190709183126.30257-9-acme@kernel.org> To: Ingo Molnar , Thomas Gleixner Cc: Jiri Olsa , Namhyung Kim , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Leo Yan , Adrian Hunter , Alexander Shishkin , Alexey Budankov , Alexios Zavras , Andi Kleen , Changbin Du , "David S . Miller" , Davidlohr Bueso , Eric Saint-Etienne , Jin Yao , Konstantin Khlebnikov , Mathieu Poirier , Peter Zijlstra , Rasmus Villemoes , Song Liu , Suzuki Poulouse , Thomas Richter , linux-arm-kernel@lists.infradead.org, Arnaldo Carvalho de Melo Date: Tue, 9 Jul 2019 15:31:09 -0300 From: Arnaldo Carvalho de Melo List-Id: From: Leo Yan Based on the following report from Smatch, fix the potential NULL pointer dereference check. tools/perf/util/session.c:1252 dump_read() error: we previously assumed 'evsel' could be null (see line 1249) tools/perf/util/session.c 1240 static void dump_read(struct perf_evsel *evsel, union perf_event *event) 1241 { 1242 struct read_event *read_event = &event->read; 1243 u64 read_format; 1244 1245 if (!dump_trace) 1246 return; 1247 1248 printf(": %d %d %s %" PRIu64 "\n", event->read.pid, event->read.tid, 1249 evsel ? perf_evsel__name(evsel) : "FAIL", 1250 event->read.value); 1251 1252 read_format = evsel->attr.read_format; ^^^^^^^ 'evsel' could be NULL pointer, for this case this patch directly bails out without dumping read_event. Signed-off-by: Leo Yan Acked-by: Jiri Olsa Cc: Adrian Hunter Cc: Alexander Shishkin Cc: Alexey Budankov Cc: Alexios Zavras Cc: Andi Kleen Cc: Changbin Du Cc: David S. Miller Cc: Davidlohr Bueso Cc: Eric Saint-Etienne Cc: Jin Yao Cc: Konstantin Khlebnikov Cc: Mathieu Poirier Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Rasmus Villemoes Cc: Song Liu Cc: Suzuki Poulouse Cc: Thomas Gleixner Cc: Thomas Richter Cc: linux-arm-kernel@lists.infradead.org Link: http://lkml.kernel.org/r/20190702103420.27540-9-leo.yan@linaro.org Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/session.c | 3 +++ 1 file changed, 3 insertions(+) -- 2.21.0 diff --git a/tools/perf/util/session.c b/tools/perf/util/session.c index 54cf163347f7..2e61dd6a3574 100644 --- a/tools/perf/util/session.c +++ b/tools/perf/util/session.c @@ -1249,6 +1249,9 @@ static void dump_read(struct perf_evsel *evsel, union perf_event *event) evsel ? perf_evsel__name(evsel) : "FAIL", event->read.value); + if (!evsel) + return; + read_format = evsel->attr.read_format; if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) From patchwork Tue Jul 9 18:31:20 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [19/25] perf cs-etm: Fix potential NULL pointer dereference found by the smatch tool X-Patchwork-Submitter: Arnaldo Carvalho de Melo X-Patchwork-Id: 168761 Message-Id: <20190709183126.30257-20-acme@kernel.org> To: Ingo Molnar , Thomas Gleixner Cc: Jiri Olsa , Namhyung Kim , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Leo Yan , Mathieu Poirier , Adrian Hunter , Alexander Shishkin , Andi Kleen , Jiri Olsa , Suzuki Poulouse , linux-arm-kernel@lists.infradead.org, Arnaldo Carvalho de Melo Date: Tue, 9 Jul 2019 15:31:20 -0300 From: Arnaldo Carvalho de Melo List-Id: From: Leo Yan Based on the following report from Smatch, fix the potential NULL pointer dereference check. tools/perf/util/cs-etm.c:2545 cs_etm__process_auxtrace_info() error: we previously assumed 'session->itrace_synth_opts' could be null (see line 2541) tools/perf/util/cs-etm.c 2541 if (session->itrace_synth_opts && session->itrace_synth_opts->set) { 2542 etm->synth_opts = *session->itrace_synth_opts; 2543 } else { 2544 itrace_synth_opts__set_default(&etm->synth_opts, 2545 session->itrace_synth_opts->default_no_sample); ^^^^^^^^^^^^^^^^^^^^^^^^^^ 2546 etm->synth_opts.callchain = false; 2547 } 'session->itrace_synth_opts' is impossible to be a NULL pointer in cs_etm__process_auxtrace_info(), thus this patch removes the NULL test for 'session->itrace_synth_opts'. Signed-off-by: Leo Yan Reviewed-by: Mathieu Poirier Cc: Adrian Hunter Cc: Alexander Shishkin Cc: Andi Kleen Cc: Jiri Olsa Cc: Namhyung Kim Cc: Suzuki Poulouse Cc: linux-arm-kernel@lists.infradead.org Link: http://lkml.kernel.org/r/20190708143937.7722-5-leo.yan@linaro.org Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/cs-etm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.21.0 diff --git a/tools/perf/util/cs-etm.c b/tools/perf/util/cs-etm.c index 508e4a3ddc8c..67b88b599a53 100644 --- a/tools/perf/util/cs-etm.c +++ b/tools/perf/util/cs-etm.c @@ -2538,7 +2538,7 @@ int cs_etm__process_auxtrace_info(union perf_event *event, return 0; } - if (session->itrace_synth_opts && session->itrace_synth_opts->set) { + if (session->itrace_synth_opts->set) { etm->synth_opts = *session->itrace_synth_opts; } else { itrace_synth_opts__set_default(&etm->synth_opts, From patchwork Tue Jul 9 18:31:21 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [20/25] perf hists browser: Fix potential NULL pointer dereference found by the smatch tool X-Patchwork-Submitter: Arnaldo Carvalho de Melo X-Patchwork-Id: 168762 Message-Id: <20190709183126.30257-21-acme@kernel.org> To: Ingo Molnar , Thomas Gleixner Cc: Jiri Olsa , Namhyung Kim , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Leo Yan , Adrian Hunter , Alexander Shishkin , Andi Kleen , Mathieu Poirier , Suzuki Poulouse , linux-arm-kernel@lists.infradead.org, Arnaldo Carvalho de Melo Date: Tue, 9 Jul 2019 15:31:21 -0300 From: Arnaldo Carvalho de Melo List-Id: From: Leo Yan Based on the following report from Smatch, fix the potential NULL pointer dereference check. tools/perf/ui/browsers/hists.c:641 hist_browser__run() error: we previously assumed 'hbt' could be null (see line 625) tools/perf/ui/browsers/hists.c:3088 perf_evsel__hists_browse() error: we previously assumed 'browser->he_selection' could be null (see line 2902) tools/perf/ui/browsers/hists.c:3272 perf_evsel_menu__run() error: we previously assumed 'hbt' could be null (see line 3260) This patch firstly validating the pointers before access them, so can fix potential NULL pointer dereference. Signed-off-by: Leo Yan Acked-by: Jiri Olsa Cc: Adrian Hunter Cc: Alexander Shishkin Cc: Andi Kleen Cc: Mathieu Poirier Cc: Namhyung Kim Cc: Suzuki Poulouse Cc: linux-arm-kernel@lists.infradead.org Link: http://lkml.kernel.org/r/20190708143937.7722-2-leo.yan@linaro.org Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/ui/browsers/hists.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) -- 2.21.0 diff --git a/tools/perf/ui/browsers/hists.c b/tools/perf/ui/browsers/hists.c index 85581cfb9112..a94eb0755e8b 100644 --- a/tools/perf/ui/browsers/hists.c +++ b/tools/perf/ui/browsers/hists.c @@ -639,7 +639,11 @@ int hist_browser__run(struct hist_browser *browser, const char *help, switch (key) { case K_TIMER: { u64 nr_entries; - hbt->timer(hbt->arg); + + WARN_ON_ONCE(!hbt); + + if (hbt) + hbt->timer(hbt->arg); if (hist_browser__has_filter(browser) || symbol_conf.report_hierarchy) @@ -2821,7 +2825,7 @@ static int perf_evsel__hists_browse(struct perf_evsel *evsel, int nr_events, { struct hists *hists = evsel__hists(evsel); struct hist_browser *browser = perf_evsel_browser__new(evsel, hbt, env, annotation_opts); - struct branch_info *bi; + struct branch_info *bi = NULL; #define MAX_OPTIONS 16 char *options[MAX_OPTIONS]; struct popup_action actions[MAX_OPTIONS]; @@ -3087,7 +3091,9 @@ static int perf_evsel__hists_browse(struct perf_evsel *evsel, int nr_events, goto skip_annotation; if (sort__mode == SORT_MODE__BRANCH) { - bi = browser->he_selection->branch_info; + + if (browser->he_selection) + bi = browser->he_selection->branch_info; if (bi == NULL) goto skip_annotation; @@ -3271,7 +3277,8 @@ static int perf_evsel_menu__run(struct perf_evsel_menu *menu, switch (key) { case K_TIMER: - hbt->timer(hbt->arg); + if (hbt) + hbt->timer(hbt->arg); if (!menu->lost_events_warned && menu->lost_events && From patchwork Tue Jul 9 18:31:25 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [24/25] perf intel-bts: Fix potential NULL pointer dereference found by the smatch tool X-Patchwork-Submitter: Arnaldo Carvalho de Melo X-Patchwork-Id: 168763 Message-Id: <20190709183126.30257-25-acme@kernel.org> To: Ingo Molnar , Thomas Gleixner Cc: Jiri Olsa , Namhyung Kim , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Leo Yan , Adrian Hunter , Alexander Shishkin , Andi Kleen , Jiri Olsa , Mathieu Poirier , Suzuki Poulouse , linux-arm-kernel@lists.infradead.org, Arnaldo Carvalho de Melo Date: Tue, 9 Jul 2019 15:31:25 -0300 From: Arnaldo Carvalho de Melo List-Id: From: Leo Yan Based on the following report from Smatch, fix the potential NULL pointer dereference check. tools/perf/util/intel-bts.c:898 intel_bts_process_auxtrace_info() error: we previously assumed 'session->itrace_synth_opts' could be null (see line 894) tools/perf/util/intel-bts.c:899 intel_bts_process_auxtrace_info() warn: variable dereferenced before check 'session->itrace_synth_opts' (see line 898) tools/perf/util/intel-bts.c 894 if (session->itrace_synth_opts && session->itrace_synth_opts->set) { 895 bts->synth_opts = *session->itrace_synth_opts; 896 } else { 897 itrace_synth_opts__set_default(&bts->synth_opts, 898 session->itrace_synth_opts->default_no_sample); ^^^^^^^^^^^^^^^^^^^^^^^^^^ 899 if (session->itrace_synth_opts) ^^^^^^^^^^^^^^^^^^^^^^^^^^ 900 bts->synth_opts.thread_stack = 901 session->itrace_synth_opts->thread_stack; 902 } 'session->itrace_synth_opts' is impossible to be a NULL pointer in intel_bts_process_auxtrace_info(), thus this patch removes the NULL test for 'session->itrace_synth_opts'. Signed-off-by: Leo Yan Acked-by: Adrian Hunter Cc: Alexander Shishkin Cc: Andi Kleen Cc: Jiri Olsa Cc: Mathieu Poirier Cc: Namhyung Kim Cc: Suzuki Poulouse Cc: linux-arm-kernel@lists.infradead.org Link: http://lkml.kernel.org/r/20190708143937.7722-3-leo.yan@linaro.org Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/intel-bts.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) -- 2.21.0 diff --git a/tools/perf/util/intel-bts.c b/tools/perf/util/intel-bts.c index 5a21bcdb8ef7..5560e95afdda 100644 --- a/tools/perf/util/intel-bts.c +++ b/tools/perf/util/intel-bts.c @@ -891,13 +891,12 @@ int intel_bts_process_auxtrace_info(union perf_event *event, if (dump_trace) return 0; - if (session->itrace_synth_opts && session->itrace_synth_opts->set) { + if (session->itrace_synth_opts->set) { bts->synth_opts = *session->itrace_synth_opts; } else { itrace_synth_opts__set_default(&bts->synth_opts, session->itrace_synth_opts->default_no_sample); - if (session->itrace_synth_opts) - bts->synth_opts.thread_stack = + bts->synth_opts.thread_stack = session->itrace_synth_opts->thread_stack; } From patchwork Tue Jul 9 18:31:26 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [25/25] perf intel-pt: Fix potential NULL pointer dereference found by the smatch tool X-Patchwork-Submitter: Arnaldo Carvalho de Melo X-Patchwork-Id: 168764 Message-Id: <20190709183126.30257-26-acme@kernel.org> To: Ingo Molnar , Thomas Gleixner Cc: Jiri Olsa , Namhyung Kim , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Leo Yan , Adrian Hunter , Alexander Shishkin , Andi Kleen , Jiri Olsa , Mathieu Poirier , Suzuki Poulouse , linux-arm-kernel@lists.infradead.org, Arnaldo Carvalho de Melo Date: Tue, 9 Jul 2019 15:31:26 -0300 From: Arnaldo Carvalho de Melo List-Id: From: Leo Yan Based on the following report from Smatch, fix the potential NULL pointer dereference check. tools/perf/util/intel-pt.c:3200 intel_pt_process_auxtrace_info() error: we previously assumed 'session->itrace_synth_opts' could be null (see line 3196) tools/perf/util/intel-pt.c:3206 intel_pt_process_auxtrace_info() warn: variable dereferenced before check 'session->itrace_synth_opts' (see line 3200) tools/perf/util/intel-pt.c 3196 if (session->itrace_synth_opts && session->itrace_synth_opts->set) { 3197 pt->synth_opts = *session->itrace_synth_opts; 3198 } else { 3199 itrace_synth_opts__set_default(&pt->synth_opts, 3200 session->itrace_synth_opts->default_no_sample); ^^^^^^^^^^^^^^^^^^^^^^^^^^ 3201 if (!session->itrace_synth_opts->default_no_sample && 3202 !session->itrace_synth_opts->inject) { 3203 pt->synth_opts.branches = false; 3204 pt->synth_opts.callchain = true; 3205 } 3206 if (session->itrace_synth_opts) ^^^^^^^^^^^^^^^^^^^^^^^^^^ 3207 pt->synth_opts.thread_stack = 3208 session->itrace_synth_opts->thread_stack; 3209 } 'session->itrace_synth_opts' is impossible to be a NULL pointer in intel_pt_process_auxtrace_info(), thus this patch removes the NULL test for 'session->itrace_synth_opts'. Signed-off-by: Leo Yan Acked-by: Adrian Hunter Cc: Alexander Shishkin Cc: Andi Kleen Cc: Jiri Olsa Cc: Mathieu Poirier Cc: Namhyung Kim Cc: Suzuki Poulouse Cc: linux-arm-kernel@lists.infradead.org Link: http://lkml.kernel.org/r/20190708143937.7722-4-leo.yan@linaro.org Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/intel-pt.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) -- 2.21.0 diff --git a/tools/perf/util/intel-pt.c b/tools/perf/util/intel-pt.c index c76a96f777fb..df061599fef4 100644 --- a/tools/perf/util/intel-pt.c +++ b/tools/perf/util/intel-pt.c @@ -3210,7 +3210,7 @@ int intel_pt_process_auxtrace_info(union perf_event *event, goto err_delete_thread; } - if (session->itrace_synth_opts && session->itrace_synth_opts->set) { + if (session->itrace_synth_opts->set) { pt->synth_opts = *session->itrace_synth_opts; } else { itrace_synth_opts__set_default(&pt->synth_opts, @@ -3220,8 +3220,7 @@ int intel_pt_process_auxtrace_info(union perf_event *event, pt->synth_opts.branches = false; pt->synth_opts.callchain = true; } - if (session->itrace_synth_opts) - pt->synth_opts.thread_stack = + pt->synth_opts.thread_stack = session->itrace_synth_opts->thread_stack; } @@ -3241,11 +3240,9 @@ int intel_pt_process_auxtrace_info(union perf_event *event, pt->cbr2khz = tsc_freq / pt->max_non_turbo_ratio / 1000; } - if (session->itrace_synth_opts) { - err = intel_pt_setup_time_ranges(pt, session->itrace_synth_opts); - if (err) - goto err_delete_thread; - } + err = intel_pt_setup_time_ranges(pt, session->itrace_synth_opts); + if (err) + goto err_delete_thread; if (pt->synth_opts.calls) pt->branches_filter |= PERF_IP_FLAG_CALL | PERF_IP_FLAG_ASYNC |