1. Patchew
  2. linux
  3. View series

[PATCH] perf pmu: Handle memory failure in tool_pmu__new()

Thomas Richter posted 1 patch 9 months ago
There is a newer version of this series
tools/perf/util/pmus.c     | 3 ++-
tools/perf/util/tool_pmu.c | 9 +++++++++
2 files changed, 11 insertions(+), 1 deletion(-)
[PATCH] perf pmu: Handle memory failure in tool_pmu__new()
Posted by Thomas Richter 9 months ago 
On linux-next
commit 72c6f57a4193 ("perf pmu: Dynamically allocate tool PMU")
allocated PMU named "tool" dynamicly. However that allocation
can fail and a NULL pointer is returned. That case is currently
not handled and would result in an invalid address reference.
Add a check for NULL pointer.

Fixes: 72c6f57a4193 ("perf pmu: Dynamically allocate tool PMU")
Signed-off-by: Thomas Richter <tmricht@linux.ibm.com>
Cc: Ian Rogers <irogers@google.com>
Cc: James Clark <james.clark@linaro.org>
---
 tools/perf/util/pmus.c     | 3 ++-
 tools/perf/util/tool_pmu.c | 9 +++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/tools/perf/util/pmus.c b/tools/perf/util/pmus.c
index 9b5a63ecb249..b99292de7669 100644
--- a/tools/perf/util/pmus.c
+++ b/tools/perf/util/pmus.c
@@ -265,7 +265,8 @@ static void pmu_read_sysfs(unsigned int to_read_types)
 	if ((to_read_types & PERF_TOOL_PMU_TYPE_TOOL_MASK) != 0 &&
 	    (read_pmu_types & PERF_TOOL_PMU_TYPE_TOOL_MASK) == 0) {
 		tool_pmu = tool_pmu__new();
-		list_add_tail(&tool_pmu->list, &other_pmus);
+		if (tool_pmu)
+			list_add_tail(&tool_pmu->list, &other_pmus);
 	}
 	if ((to_read_types & PERF_TOOL_PMU_TYPE_HWMON_MASK) != 0 &&
 	    (read_pmu_types & PERF_TOOL_PMU_TYPE_HWMON_MASK) == 0)
diff --git a/tools/perf/util/tool_pmu.c b/tools/perf/util/tool_pmu.c
index b60ac390d52d..d764c4734be6 100644
--- a/tools/perf/util/tool_pmu.c
+++ b/tools/perf/util/tool_pmu.c
@@ -495,12 +495,21 @@ struct perf_pmu *tool_pmu__new(void)
 {
 	struct perf_pmu *tool = zalloc(sizeof(struct perf_pmu));
 
+	if (!tool)
+		goto out;
 	tool->name = strdup("tool");
+	if (!tool->name) {
+		zfree(tool);
+		tool = NULL;
+		goto out;
+	}
+
 	tool->type = PERF_PMU_TYPE_TOOL;
 	INIT_LIST_HEAD(&tool->aliases);
 	INIT_LIST_HEAD(&tool->caps);
 	INIT_LIST_HEAD(&tool->format);
 	tool->events_table = find_core_events_table("common", "common");
 
+out:
 	return tool;
 }
-- 
2.48.1
Re: [PATCH] perf pmu: Handle memory failure in tool_pmu__new()
Posted by James Clark 9 months ago 

On 19/03/2025 9:28 am, Thomas Richter wrote:
> On linux-next
> commit 72c6f57a4193 ("perf pmu: Dynamically allocate tool PMU")
> allocated PMU named "tool" dynamicly. However that allocation
> can fail and a NULL pointer is returned. That case is currently
> not handled and would result in an invalid address reference.
> Add a check for NULL pointer.
> 
> Fixes: 72c6f57a4193 ("perf pmu: Dynamically allocate tool PMU")
> Signed-off-by: Thomas Richter <tmricht@linux.ibm.com>
> Cc: Ian Rogers <irogers@google.com>
> Cc: James Clark <james.clark@linaro.org>
> ---
>   tools/perf/util/pmus.c     | 3 ++-
>   tools/perf/util/tool_pmu.c | 9 +++++++++
>   2 files changed, 11 insertions(+), 1 deletion(-)
> 
> diff --git a/tools/perf/util/pmus.c b/tools/perf/util/pmus.c
> index 9b5a63ecb249..b99292de7669 100644
> --- a/tools/perf/util/pmus.c
> +++ b/tools/perf/util/pmus.c
> @@ -265,7 +265,8 @@ static void pmu_read_sysfs(unsigned int to_read_types)
>   	if ((to_read_types & PERF_TOOL_PMU_TYPE_TOOL_MASK) != 0 &&
>   	    (read_pmu_types & PERF_TOOL_PMU_TYPE_TOOL_MASK) == 0) {
>   		tool_pmu = tool_pmu__new();
> -		list_add_tail(&tool_pmu->list, &other_pmus);
> +		if (tool_pmu)
> +			list_add_tail(&tool_pmu->list, &other_pmus);
>   	}
>   	if ((to_read_types & PERF_TOOL_PMU_TYPE_HWMON_MASK) != 0 &&
>   	    (read_pmu_types & PERF_TOOL_PMU_TYPE_HWMON_MASK) == 0)
> diff --git a/tools/perf/util/tool_pmu.c b/tools/perf/util/tool_pmu.c
> index b60ac390d52d..d764c4734be6 100644
> --- a/tools/perf/util/tool_pmu.c
> +++ b/tools/perf/util/tool_pmu.c
> @@ -495,12 +495,21 @@ struct perf_pmu *tool_pmu__new(void)
>   {
>   	struct perf_pmu *tool = zalloc(sizeof(struct perf_pmu));
>   
> +	if (!tool)
> +		goto out;
>   	tool->name = strdup("tool");
> +	if (!tool->name) {
> +		zfree(tool);
> +		tool = NULL;

Hi Thomas,

zfree() already sets the thing to NULL but you need to pass a pointer to it:

   zfree(&tool);

Without doing that you only free the first u64 of the struct, which 
happens to be zero in this case so free() does nothing. Then zfree() 
sets the first u64 of the struct to zero which it already is.

With that fixed:

Reviewed-by: James Clark <james.clark@linaro.org>
Re: [PATCH] perf pmu: Handle memory failure in tool_pmu__new()
Posted by Thomas Richter 9 months ago 
On 3/19/25 10:58, James Clark wrote:
> 
> 
> On 19/03/2025 9:28 am, Thomas Richter wrote:
>> On linux-next
>> commit 72c6f57a4193 ("perf pmu: Dynamically allocate tool PMU")
>> allocated PMU named "tool" dynamicly. However that allocation
>> can fail and a NULL pointer is returned. That case is currently
>> not handled and would result in an invalid address reference.
>> Add a check for NULL pointer.
>>
>> Fixes: 72c6f57a4193 ("perf pmu: Dynamically allocate tool PMU")
>> Signed-off-by: Thomas Richter <tmricht@linux.ibm.com>
>> Cc: Ian Rogers <irogers@google.com>
>> Cc: James Clark <james.clark@linaro.org>
>> ---
>>   tools/perf/util/pmus.c     | 3 ++-
>>   tools/perf/util/tool_pmu.c | 9 +++++++++
>>   2 files changed, 11 insertions(+), 1 deletion(-)
>>
>> diff --git a/tools/perf/util/pmus.c b/tools/perf/util/pmus.c
>> index 9b5a63ecb249..b99292de7669 100644
>> --- a/tools/perf/util/pmus.c
>> +++ b/tools/perf/util/pmus.c
>> @@ -265,7 +265,8 @@ static void pmu_read_sysfs(unsigned int to_read_types)
>>       if ((to_read_types & PERF_TOOL_PMU_TYPE_TOOL_MASK) != 0 &&
>>           (read_pmu_types & PERF_TOOL_PMU_TYPE_TOOL_MASK) == 0) {
>>           tool_pmu = tool_pmu__new();
>> -        list_add_tail(&tool_pmu->list, &other_pmus);
>> +        if (tool_pmu)
>> +            list_add_tail(&tool_pmu->list, &other_pmus);
>>       }
>>       if ((to_read_types & PERF_TOOL_PMU_TYPE_HWMON_MASK) != 0 &&
>>           (read_pmu_types & PERF_TOOL_PMU_TYPE_HWMON_MASK) == 0)
>> diff --git a/tools/perf/util/tool_pmu.c b/tools/perf/util/tool_pmu.c
>> index b60ac390d52d..d764c4734be6 100644
>> --- a/tools/perf/util/tool_pmu.c
>> +++ b/tools/perf/util/tool_pmu.c
>> @@ -495,12 +495,21 @@ struct perf_pmu *tool_pmu__new(void)
>>   {
>>       struct perf_pmu *tool = zalloc(sizeof(struct perf_pmu));
>>   +    if (!tool)
>> +        goto out;
>>       tool->name = strdup("tool");
>> +    if (!tool->name) {
>> +        zfree(tool);
>> +        tool = NULL;
> 
> Hi Thomas,
> 
> zfree() already sets the thing to NULL but you need to pass a pointer to it:
> 
>   zfree(&tool);
> 
> Without doing that you only free the first u64 of the struct, which happens to be zero in this case so free() does nothing. Then zfree() sets the first u64 of the struct to zero which it already is.
> 
> With that fixed:
> 
> Reviewed-by: James Clark <james.clark@linaro.org>
> 
> 

Thanks for the finding. I'll post verion 2 soon.

-- 
Thomas Richter, Dept 3303, IBM s390 Linux Development, Boeblingen, Germany
--
IBM Deutschland Research & Development GmbH

Vorsitzender des Aufsichtsrats: Wolfgang Wendt

Geschäftsführung: David Faller

Sitz der Gesellschaft: Böblingen / Registergericht: Amtsgericht Stuttgart, HRB 243294

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.