1. Patchew
  2. linux
  3. View series

[PATCH urgent] perf data: Fix double free in perf_session__delete

Alexey Bayduraev posted 1 patch 4 years, 4 months ago 
tools/perf/util/data.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
[PATCH urgent] perf data: Fix double free in perf_session__delete
Posted by Alexey Bayduraev 4 years, 4 months ago 
When perf_data__create_dir fails, it calls close_dir, but
perf_session__delete also calls close_dir and since dir.version and
dir.nr was initialized by perf_data__create_dir, a double free occurs.
This patch moves the initialization of dir.version and dir.nr after
successful initialization of dir.files, that prevents double freeing.
This behavior is already implemented in perf_data__open_dir.

Fixes: 145520631130bd64 ("perf data: Add perf_data__(create_dir|close_dir) functions")
Signed-off-by: Alexey Bayduraev <alexey.v.bayduraev@linux.intel.com>
---
 tools/perf/util/data.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/tools/perf/util/data.c b/tools/perf/util/data.c
index f5d260b1df4d..15a4547d608e 100644
--- a/tools/perf/util/data.c
+++ b/tools/perf/util/data.c
@@ -44,10 +44,6 @@ int perf_data__create_dir(struct perf_data *data, int nr)
 	if (!files)
 		return -ENOMEM;
 
-	data->dir.version = PERF_DIR_VERSION;
-	data->dir.files   = files;
-	data->dir.nr      = nr;
-
 	for (i = 0; i < nr; i++) {
 		struct perf_data_file *file = &files[i];
 
@@ -62,6 +58,9 @@ int perf_data__create_dir(struct perf_data *data, int nr)
 		file->fd = ret;
 	}
 
+	data->dir.version = PERF_DIR_VERSION;
+	data->dir.files   = files;
+	data->dir.nr      = nr;
 	return 0;
 
 out_err:
-- 
2.19.0
Re: [PATCH urgent] perf data: Fix double free in perf_session__delete
Posted by Jiri Olsa 4 years, 4 months ago 
On Fri, Feb 18, 2022 at 06:23:41PM +0300, Alexey Bayduraev wrote:
> When perf_data__create_dir fails, it calls close_dir, but
> perf_session__delete also calls close_dir and since dir.version and
> dir.nr was initialized by perf_data__create_dir, a double free occurs.
> This patch moves the initialization of dir.version and dir.nr after
> successful initialization of dir.files, that prevents double freeing.
> This behavior is already implemented in perf_data__open_dir.
> 
> Fixes: 145520631130bd64 ("perf data: Add perf_data__(create_dir|close_dir) functions")
> Signed-off-by: Alexey Bayduraev <alexey.v.bayduraev@linux.intel.com>

Acked-by: Jiri Olsa <jolsa@kernel.org>

thanks,
jirka

> ---
>  tools/perf/util/data.c | 7 +++----
>  1 file changed, 3 insertions(+), 4 deletions(-)
> 
> diff --git a/tools/perf/util/data.c b/tools/perf/util/data.c
> index f5d260b1df4d..15a4547d608e 100644
> --- a/tools/perf/util/data.c
> +++ b/tools/perf/util/data.c
> @@ -44,10 +44,6 @@ int perf_data__create_dir(struct perf_data *data, int nr)
>  	if (!files)
>  		return -ENOMEM;
>  
> -	data->dir.version = PERF_DIR_VERSION;
> -	data->dir.files   = files;
> -	data->dir.nr      = nr;
> -
>  	for (i = 0; i < nr; i++) {
>  		struct perf_data_file *file = &files[i];
>  
> @@ -62,6 +58,9 @@ int perf_data__create_dir(struct perf_data *data, int nr)
>  		file->fd = ret;
>  	}
>  
> +	data->dir.version = PERF_DIR_VERSION;
> +	data->dir.files   = files;
> +	data->dir.nr      = nr;
>  	return 0;
>  
>  out_err:
> -- 
> 2.19.0
>

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.