From nobody Fri Dec 19 07:51:00 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7AF44C4167B for ; Thu, 7 Dec 2023 14:09:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1443014AbjLGOJc (ORCPT ); Thu, 7 Dec 2023 09:09:32 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49380 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1442831AbjLGOJ3 (ORCPT ); Thu, 7 Dec 2023 09:09:29 -0500 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 529E610C2; Thu, 7 Dec 2023 06:09:34 -0800 (PST) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 407A412FC; Thu, 7 Dec 2023 06:10:20 -0800 (PST) Received: from e126817.. (e126817.cambridge.arm.com [10.2.3.5]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id A71BB3F6C4; Thu, 7 Dec 2023 06:09:32 -0800 (PST) From: Ben Gainey To: linux-perf-users@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, mingo@redhat.com, acme@kernel.org, mark.rutland@arm.com, alexander.shishkin@linux.intel.com, jolsa@kernel.org, namhyung@kernel.org, irogers@google.com, adrian.hunter@intel.com, Ben Gainey Subject: [PATCH] tools/perf: Fix missing reference count get in call_path_from_sample Date: Thu, 7 Dec 2023 14:09:11 +0000 Message-ID: <20231207140911.3240408-1-ben.gainey@arm.com> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" The addr_location map and maps fields in the inner loop were missing calls to map__get/maps__get. The subsequent addr_location__exit call in each loop puts the map/maps fields causing use-after-free aborts. This issue reproduces on at least arm64 and x86_64 with something simple like `perf record -g ls` followed by `perf script -s script.py` with the following script: perf_db_export_mode =3D True perf_db_export_calls =3D False perf_db_export_callchains =3D True def sample_table(*args): print(f'sample_table({args})') def call_path_table(*args): print(f'call_path_table({args}') Fixes: 0dd5041c9a0ea ("perf addr_location: Add init/exit/copy functions") Signed-off-by: Ben Gainey Tested-by: Ian Rogers --- tools/perf/util/db-export.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/perf/util/db-export.c b/tools/perf/util/db-export.c index b9fb71ab7a73..106429155c2e 100644 --- a/tools/perf/util/db-export.c +++ b/tools/perf/util/db-export.c @@ -253,8 +253,8 @@ static struct call_path *call_path_from_sample(struct d= b_export *dbe, */ addr_location__init(&al); al.sym =3D node->ms.sym; - al.map =3D node->ms.map; - al.maps =3D thread__maps(thread); + al.map =3D map__get(node->ms.map); + al.maps =3D maps__get(thread__maps(thread)); al.addr =3D node->ip; =20 if (al.map && !al.sym) --=20 2.43.0