[v1] Perf kvm commands bug fix

[PATCH 1/5] perf tools kvm: Add missed memory allocation check and free

Posted by Dapeng Mi 2 months ago

Current code allocates rec_argv[] array, but doesn't check if the
allocation is successful and explicitly free the rec_argv[] array.

Add them back.

Signed-off-by: Dapeng Mi <dapeng1.mi@linux.intel.com>
---
 tools/perf/builtin-kvm.c | 29 +++++++++++++++++++++++------
 1 file changed, 23 insertions(+), 6 deletions(-)

diff --git a/tools/perf/builtin-kvm.c b/tools/perf/builtin-kvm.c
index 7b15b4a705e4..f78a67a199ff 100644
--- a/tools/perf/builtin-kvm.c
+++ b/tools/perf/builtin-kvm.c
@@ -1719,7 +1719,9 @@ kvm_events_record(struct perf_kvm_stat *kvm, int argc, const char **argv)
 	set_option_flag(record_options, 0, "transaction", PARSE_OPT_DISABLED);
 
 	record_usage = kvm_stat_record_usage;
-	return cmd_record(i, rec_argv);
+	ret = cmd_record(i, rec_argv);
+	free(rec_argv);
+	return ret;
 }
 
 static int
@@ -2006,6 +2008,9 @@ static int __cmd_record(const char *file_name, int argc, const char **argv)
 
 	rec_argc = argc + 2;
 	rec_argv = calloc(rec_argc + 1, sizeof(char *));
+	if (!rec_argv)
+		return -ENOMEM;
+
 	rec_argv[i++] = strdup("record");
 	rec_argv[i++] = strdup("-o");
 	rec_argv[i++] = strdup(file_name);
@@ -2014,16 +2019,21 @@ static int __cmd_record(const char *file_name, int argc, const char **argv)
 
 	BUG_ON(i != rec_argc);
 
-	return cmd_record(i, rec_argv);
+	ret = cmd_record(i, rec_argv);
+	free(rec_argv);
+	return ret;
 }
 
 static int __cmd_report(const char *file_name, int argc, const char **argv)
 {
-	int rec_argc, i = 0, j;
+	int rec_argc, i = 0, j, ret;
 	const char **rec_argv;
 
 	rec_argc = argc + 2;
 	rec_argv = calloc(rec_argc + 1, sizeof(char *));
+	if (!rec_argv)
+		return -ENOMEM;
+
 	rec_argv[i++] = strdup("report");
 	rec_argv[i++] = strdup("-i");
 	rec_argv[i++] = strdup(file_name);
@@ -2032,17 +2042,22 @@ static int __cmd_report(const char *file_name, int argc, const char **argv)
 
 	BUG_ON(i != rec_argc);
 
-	return cmd_report(i, rec_argv);
+	ret = cmd_report(i, rec_argv);
+	free(rec_argv);
+	return ret;
 }
 
 static int
 __cmd_buildid_list(const char *file_name, int argc, const char **argv)
 {
-	int rec_argc, i = 0, j;
+	int rec_argc, i = 0, j, ret;
 	const char **rec_argv;
 
 	rec_argc = argc + 2;
 	rec_argv = calloc(rec_argc + 1, sizeof(char *));
+	if (!rec_argv)
+		return -ENOMEM;
+
 	rec_argv[i++] = strdup("buildid-list");
 	rec_argv[i++] = strdup("-i");
 	rec_argv[i++] = strdup(file_name);
@@ -2051,7 +2066,9 @@ __cmd_buildid_list(const char *file_name, int argc, const char **argv)
 
 	BUG_ON(i != rec_argc);
 
-	return cmd_buildid_list(i, rec_argv);
+	ret = cmd_buildid_list(i, rec_argv);
+	free(rec_argv);
+	return ret;
 }
 
 int cmd_kvm(int argc, const char **argv)
-- 
2.34.1

Re: [PATCH 1/5] perf tools kvm: Add missed memory allocation check and free

Posted by Namhyung Kim 1 month, 4 weeks ago

On Tue, Aug 05, 2025 at 08:46:29AM +0800, Dapeng Mi wrote:
> Current code allocates rec_argv[] array, but doesn't check if the
> allocation is successful and explicitly free the rec_argv[] array.
> 
> Add them back.
> 
> Signed-off-by: Dapeng Mi <dapeng1.mi@linux.intel.com>
> ---
>  tools/perf/builtin-kvm.c | 29 +++++++++++++++++++++++------
>  1 file changed, 23 insertions(+), 6 deletions(-)
> 
> diff --git a/tools/perf/builtin-kvm.c b/tools/perf/builtin-kvm.c
> index 7b15b4a705e4..f78a67a199ff 100644
> --- a/tools/perf/builtin-kvm.c
> +++ b/tools/perf/builtin-kvm.c
> @@ -1719,7 +1719,9 @@ kvm_events_record(struct perf_kvm_stat *kvm, int argc, const char **argv)
>  	set_option_flag(record_options, 0, "transaction", PARSE_OPT_DISABLED);
>  
>  	record_usage = kvm_stat_record_usage;
> -	return cmd_record(i, rec_argv);
> +	ret = cmd_record(i, rec_argv);
> +	free(rec_argv);

Well.. it's not enough just to free rec_argv.  You also need to free all
items in the rec_argv[].  Probably you want to add more STRDUP_FAIL_EXIT
when copying the original argv (here and other places).

Thanks,
Namhyung


> +	return ret;
>  }
>  
>  static int
> @@ -2006,6 +2008,9 @@ static int __cmd_record(const char *file_name, int argc, const char **argv)
>  
>  	rec_argc = argc + 2;
>  	rec_argv = calloc(rec_argc + 1, sizeof(char *));
> +	if (!rec_argv)
> +		return -ENOMEM;
> +
>  	rec_argv[i++] = strdup("record");
>  	rec_argv[i++] = strdup("-o");
>  	rec_argv[i++] = strdup(file_name);
> @@ -2014,16 +2019,21 @@ static int __cmd_record(const char *file_name, int argc, const char **argv)
>  
>  	BUG_ON(i != rec_argc);
>  
> -	return cmd_record(i, rec_argv);
> +	ret = cmd_record(i, rec_argv);
> +	free(rec_argv);
> +	return ret;
>  }
>  
>  static int __cmd_report(const char *file_name, int argc, const char **argv)
>  {
> -	int rec_argc, i = 0, j;
> +	int rec_argc, i = 0, j, ret;
>  	const char **rec_argv;
>  
>  	rec_argc = argc + 2;
>  	rec_argv = calloc(rec_argc + 1, sizeof(char *));
> +	if (!rec_argv)
> +		return -ENOMEM;
> +
>  	rec_argv[i++] = strdup("report");
>  	rec_argv[i++] = strdup("-i");
>  	rec_argv[i++] = strdup(file_name);
> @@ -2032,17 +2042,22 @@ static int __cmd_report(const char *file_name, int argc, const char **argv)
>  
>  	BUG_ON(i != rec_argc);
>  
> -	return cmd_report(i, rec_argv);
> +	ret = cmd_report(i, rec_argv);
> +	free(rec_argv);
> +	return ret;
>  }
>  
>  static int
>  __cmd_buildid_list(const char *file_name, int argc, const char **argv)
>  {
> -	int rec_argc, i = 0, j;
> +	int rec_argc, i = 0, j, ret;
>  	const char **rec_argv;
>  
>  	rec_argc = argc + 2;
>  	rec_argv = calloc(rec_argc + 1, sizeof(char *));
> +	if (!rec_argv)
> +		return -ENOMEM;
> +
>  	rec_argv[i++] = strdup("buildid-list");
>  	rec_argv[i++] = strdup("-i");
>  	rec_argv[i++] = strdup(file_name);
> @@ -2051,7 +2066,9 @@ __cmd_buildid_list(const char *file_name, int argc, const char **argv)
>  
>  	BUG_ON(i != rec_argc);
>  
> -	return cmd_buildid_list(i, rec_argv);
> +	ret = cmd_buildid_list(i, rec_argv);
> +	free(rec_argv);
> +	return ret;
>  }
>  
>  int cmd_kvm(int argc, const char **argv)
> -- 
> 2.34.1
>

Re: [PATCH 1/5] perf tools kvm: Add missed memory allocation check and free

Posted by Mi, Dapeng 1 month, 4 weeks ago

On 8/7/2025 7:40 AM, Namhyung Kim wrote:
> On Tue, Aug 05, 2025 at 08:46:29AM +0800, Dapeng Mi wrote:
>> Current code allocates rec_argv[] array, but doesn't check if the
>> allocation is successful and explicitly free the rec_argv[] array.
>>
>> Add them back.
>>
>> Signed-off-by: Dapeng Mi <dapeng1.mi@linux.intel.com>
>> ---
>>  tools/perf/builtin-kvm.c | 29 +++++++++++++++++++++++------
>>  1 file changed, 23 insertions(+), 6 deletions(-)
>>
>> diff --git a/tools/perf/builtin-kvm.c b/tools/perf/builtin-kvm.c
>> index 7b15b4a705e4..f78a67a199ff 100644
>> --- a/tools/perf/builtin-kvm.c
>> +++ b/tools/perf/builtin-kvm.c
>> @@ -1719,7 +1719,9 @@ kvm_events_record(struct perf_kvm_stat *kvm, int argc, const char **argv)
>>  	set_option_flag(record_options, 0, "transaction", PARSE_OPT_DISABLED);
>>  
>>  	record_usage = kvm_stat_record_usage;
>> -	return cmd_record(i, rec_argv);
>> +	ret = cmd_record(i, rec_argv);
>> +	free(rec_argv);
> Well.. it's not enough just to free rec_argv.  You also need to free all
> items in the rec_argv[].  Probably you want to add more STRDUP_FAIL_EXIT
> when copying the original argv (here and other places).

Oh, yes. Would do. Thanks. 


>
> Thanks,
> Namhyung
>
>
>> +	return ret;
>>  }
>>  
>>  static int
>> @@ -2006,6 +2008,9 @@ static int __cmd_record(const char *file_name, int argc, const char **argv)
>>  
>>  	rec_argc = argc + 2;
>>  	rec_argv = calloc(rec_argc + 1, sizeof(char *));
>> +	if (!rec_argv)
>> +		return -ENOMEM;
>> +
>>  	rec_argv[i++] = strdup("record");
>>  	rec_argv[i++] = strdup("-o");
>>  	rec_argv[i++] = strdup(file_name);
>> @@ -2014,16 +2019,21 @@ static int __cmd_record(const char *file_name, int argc, const char **argv)
>>  
>>  	BUG_ON(i != rec_argc);
>>  
>> -	return cmd_record(i, rec_argv);
>> +	ret = cmd_record(i, rec_argv);
>> +	free(rec_argv);
>> +	return ret;
>>  }
>>  
>>  static int __cmd_report(const char *file_name, int argc, const char **argv)
>>  {
>> -	int rec_argc, i = 0, j;
>> +	int rec_argc, i = 0, j, ret;
>>  	const char **rec_argv;
>>  
>>  	rec_argc = argc + 2;
>>  	rec_argv = calloc(rec_argc + 1, sizeof(char *));
>> +	if (!rec_argv)
>> +		return -ENOMEM;
>> +
>>  	rec_argv[i++] = strdup("report");
>>  	rec_argv[i++] = strdup("-i");
>>  	rec_argv[i++] = strdup(file_name);
>> @@ -2032,17 +2042,22 @@ static int __cmd_report(const char *file_name, int argc, const char **argv)
>>  
>>  	BUG_ON(i != rec_argc);
>>  
>> -	return cmd_report(i, rec_argv);
>> +	ret = cmd_report(i, rec_argv);
>> +	free(rec_argv);
>> +	return ret;
>>  }
>>  
>>  static int
>>  __cmd_buildid_list(const char *file_name, int argc, const char **argv)
>>  {
>> -	int rec_argc, i = 0, j;
>> +	int rec_argc, i = 0, j, ret;
>>  	const char **rec_argv;
>>  
>>  	rec_argc = argc + 2;
>>  	rec_argv = calloc(rec_argc + 1, sizeof(char *));
>> +	if (!rec_argv)
>> +		return -ENOMEM;
>> +
>>  	rec_argv[i++] = strdup("buildid-list");
>>  	rec_argv[i++] = strdup("-i");
>>  	rec_argv[i++] = strdup(file_name);
>> @@ -2051,7 +2066,9 @@ __cmd_buildid_list(const char *file_name, int argc, const char **argv)
>>  
>>  	BUG_ON(i != rec_argc);
>>  
>> -	return cmd_buildid_list(i, rec_argv);
>> +	ret = cmd_buildid_list(i, rec_argv);
>> +	free(rec_argv);
>> +	return ret;
>>  }
>>  
>>  int cmd_kvm(int argc, const char **argv)
>> -- 
>> 2.34.1
>>

[PATCH 1/5] perf tools kvm: Add missed memory allocation check and free
[PATCH 2/5] perf tools kvm: Fix the potential out of range memory access issue
[PATCH 3/5] perf tools: Add helper x86__is_intel_cpu()
[PATCH 4/5] perf tools kvm: Use "cycles" to sample guest for "kvm record" on Intel
[PATCH 5/5] perf tools kvm: Use "cycles" to sample guest for "kvm top" on Intel