From nobody Mon Feb 9 00:55:18 2026 Received: from mail-dy1-f201.google.com (mail-dy1-f201.google.com [74.125.82.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 037B03542F6 for ; Thu, 22 Jan 2026 21:35:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769117741; cv=none; b=GXpbdCFecbZL6oEClkOfLwJkzp2qR4m4Cs1Rz81UGKmcTVpQMEPub+3AGZz0/D243bcX0t3t7w4UsQC7ePuDAbYM9yQc/azLep7udp0rxeLazucsye/0PV5n+ShhKALt6jmRuWY4untx/S7PoPgSaTrM4iOhYBa/2J9Ytu9z/MY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769117741; c=relaxed/simple; bh=ANN7VbZ/Xm6UtamlT5mlRTMZ4rnilmOIpmNJZRsm4WY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Content-Type; b=XnYM2uvqz/n13u+6liqnX3brxWjmFFvYXHjfQBIS3T4SA+awW1ZqOqxK/3o0FHG+kVkvSe2pPGItg9WDjwh5fhMOtuYuRBgo+afJWQIIsXYZ4f4INh9ZDYYrd1gtabbrMDzlcuZLOy+xHHnjo5uCKbL9F6LCGotFd6SbGvJdStA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--irogers.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=yjP30E4F; arc=none smtp.client-ip=74.125.82.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--irogers.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="yjP30E4F" Received: by mail-dy1-f201.google.com with SMTP id 5a478bee46e88-2b6f0b345e3so7790791eec.0 for ; Thu, 22 Jan 2026 13:35:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1769117727; x=1769722527; darn=vger.kernel.org; h=to:from:subject:message-id:references:mime-version:in-reply-to:date :from:to:cc:subject:date:message-id:reply-to; bh=LBuhE4G4GBsctT6JHyOVnLTy18pSFx2hMEt8LFslTxA=; b=yjP30E4FemFDUS5/KQ5Y8AUCx/pFuUCiBPLmG/D0BK2Z6qSkudyTrEBJTxOcqt/DbX kWOll5CIGN60KmBjPkad5rrSSKd51v8Lp4iIxb9LrVmkA0rRfZ2J43tYfzn8OSqJGBdx 89o/f6ppM3JH3+RQ3wKkREbFM9nv14efkMr57GNmP3P78flHrKP1fJv6t1fSjnjmf2yz 3DUd06e4EGlUWGkMftcNB9QKCN+nuk1Lr4jCf0IQ7bgz4wrP+0Q4ElGsqM5KmkXUxyOP 10M1oRsU34+zTv76hrniRIgLd4aDel1yp39jUTTFbRLHNNnTDGa5OY1bjwW4SCkOGeGK CPnQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769117727; x=1769722527; h=to:from:subject:message-id:references:mime-version:in-reply-to:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=LBuhE4G4GBsctT6JHyOVnLTy18pSFx2hMEt8LFslTxA=; b=FLs8fILYEaHissuS/StXp0NNIFSaxkLdA/z8oONpuov4QgOMi3zYfjNCd030kcoT0/ zv9wYZxa150AU/cDGe0VSOqRXSlIeokjOV5pDhxogCjONhCa6Jlvkgu4fZSYoeXSc7so 5u+KZ3NPx2NVgaU8FTPtIcGwSKrP0rhBo+1SrOIKDkYR7OS9qj+8MOSOmY/tBc6PyLR7 9CRwCZ0ymogL8+vPMc+TSrg3TopMEmD/l6qoJHtueCzkee2zWKzZhf5Tdj4LOHTlha+n TbiqET92oe18kZPw6OaInp5nXpJKlPN+CRpH1tmXc+NOvMfJ10F0wGF0ic1bnH73CzXb IGBA== X-Forwarded-Encrypted: i=1; AJvYcCWrxrzEiGjy6HxJF9eI2D1bt/LgDoD+EGELE1dIdwocBnO6K77Z6yyJKDSGwJaWkiKy/RALGPmZA8F36go=@vger.kernel.org X-Gm-Message-State: AOJu0YzfSocL5CcOA3G7I02PyF2vW8ey2I3O3OVXAxz3d5oDIwqkcS8j /BrCE8GM9x/kqnE+lI33WYglPMdQVE8dZsMxo8a+/zu3t+PqZAieNt80LIu0CsvwjVMA51WVhFf 7IjsYU3uevg== X-Received: from dycro21.prod.google.com ([2002:a05:693c:2b15:b0:2b7:880:7a40]) (user=irogers job=prod-delivery.src-stubby-dispatcher) by 2002:a05:7300:6ca8:b0:2ac:1e9f:a0ed with SMTP id 5a478bee46e88-2b739b7437cmr522257eec.25.1769117726697; Thu, 22 Jan 2026 13:35:26 -0800 (PST) Date: Thu, 22 Jan 2026 13:35:06 -0800 In-Reply-To: <20260122213516.671089-1-irogers@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260122213516.671089-1-irogers@google.com> X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog Message-ID: <20260122213516.671089-3-irogers@google.com> Subject: [PATCH v3 02/12] perf annotate: Fix args leak of map_symbol From: Ian Rogers To: Peter Zijlstra , Ingo Molnar , Arnaldo Carvalho de Melo , Namhyung Kim , Alexander Shishkin , Jiri Olsa , Ian Rogers , Adrian Hunter , James Clark , John Garry , Will Deacon , Leo Yan , Guo Ren , Paul Walmsley , Palmer Dabbelt , Albert Ou , Alexandre Ghiti , Nathan Chancellor , Nick Desaulniers , Bill Wendling , Justin Stitt , Zecheng Li , Tianyou Li , Thomas Falcon , Julia Lawall , Suchit Karunakaran , Athira Rajeev , Aditya Bodkhe , Howard Chu , "=?UTF-8?q?Krzysztof=20=C5=81opatowski?=" , "Dr. David Alan Gilbert" , Shimin Guo , Sergei Trofimovich , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-csky@vger.kernel.org, linux-riscv@lists.infradead.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" map_symbol__exit needs calling on an annotate_args.ms, however, rather than introduce proper reference count handling to symbol__annotate just switch to passing the map_symbol pointer parameter around, making the puts the caller's responsibility. Fix a number of cases to ensure the map in a map_symbol has a reference count increment and add the then necessary map_symbol_exits. Signed-off-by: Ian Rogers Fixes: 56e144fe9826 ("perf mem_info: Add and use map_symbol__exit and addr_= map_symbol__exit") --- .../arch/loongarch/annotate/instructions.c | 14 ++++---- tools/perf/arch/s390/annotate/instructions.c | 11 +++--- tools/perf/util/annotate.c | 2 +- tools/perf/util/capstone.c | 14 ++++---- tools/perf/util/disasm.c | 36 ++++++++++--------- tools/perf/util/disasm.h | 2 +- tools/perf/util/llvm.c | 6 ++-- 7 files changed, 47 insertions(+), 38 deletions(-) diff --git a/tools/perf/arch/loongarch/annotate/instructions.c b/tools/perf= /arch/loongarch/annotate/instructions.c index 70262d5f1444..1c3abb43c8d7 100644 --- a/tools/perf/arch/loongarch/annotate/instructions.c +++ b/tools/perf/arch/loongarch/annotate/instructions.c @@ -10,9 +10,7 @@ static int loongarch_call__parse(struct arch *arch, struc= t ins_operands *ops, st { char *c, *endptr, *tok, *name; struct map *map =3D ms->map; - struct addr_map_symbol target =3D { - .ms =3D { .map =3D map, }, - }; + struct addr_map_symbol target; =20 c =3D strchr(ops->raw, '#'); if (c++ =3D=3D NULL) @@ -38,12 +36,16 @@ static int loongarch_call__parse(struct arch *arch, str= uct ins_operands *ops, st if (ops->target.name =3D=3D NULL) return -1; =20 - target.addr =3D map__objdump_2mem(map, ops->target.addr); + target =3D (struct addr_map_symbol) { + .ms =3D { .map =3D map__get(map), }, + .addr =3D map__objdump_2mem(map, ops->target.addr), + }; =20 if (maps__find_ams(ms->maps, &target) =3D=3D 0 && map__rip_2objdump(target.ms.map, map__map_ip(target.ms.map, target.ad= dr)) =3D=3D ops->target.addr) ops->target.sym =3D target.ms.sym; =20 + addr_map_symbol__exit(&target); return 0; } =20 @@ -58,7 +60,7 @@ static int loongarch_jump__parse(struct arch *arch, struc= t ins_operands *ops, st struct map *map =3D ms->map; struct symbol *sym =3D ms->sym; struct addr_map_symbol target =3D { - .ms =3D { .map =3D map, }, + .ms =3D { .map =3D map__get(map), }, }; const char *c =3D strchr(ops->raw, '#'); u64 start, end; @@ -90,7 +92,7 @@ static int loongarch_jump__parse(struct arch *arch, struc= t ins_operands *ops, st } else { ops->target.offset_avail =3D false; } - + addr_map_symbol__exit(&target); return 0; } =20 diff --git a/tools/perf/arch/s390/annotate/instructions.c b/tools/perf/arch= /s390/annotate/instructions.c index c61193f1e096..626e6d2cbc81 100644 --- a/tools/perf/arch/s390/annotate/instructions.c +++ b/tools/perf/arch/s390/annotate/instructions.c @@ -6,9 +6,7 @@ static int s390_call__parse(struct arch *arch, struct ins_o= perands *ops, { char *endptr, *tok, *name; struct map *map =3D ms->map; - struct addr_map_symbol target =3D { - .ms =3D { .map =3D map, }, - }; + struct addr_map_symbol target; =20 tok =3D strchr(ops->raw, ','); if (!tok) @@ -36,12 +34,17 @@ static int s390_call__parse(struct arch *arch, struct i= ns_operands *ops, =20 if (ops->target.name =3D=3D NULL) return -1; - target.addr =3D map__objdump_2mem(map, ops->target.addr); + + target =3D (struct addr_map_symbol) { + .ms =3D { .map =3D map__get(map), }, + .addr =3D map__objdump_2mem(map, ops->target.addr), + }; =20 if (maps__find_ams(ms->maps, &target) =3D=3D 0 && map__rip_2objdump(target.ms.map, map__map_ip(target.ms.map, target.ad= dr)) =3D=3D ops->target.addr) ops->target.sym =3D target.ms.sym; =20 + addr_map_symbol__exit(&target); return 0; } =20 diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c index cc7764455faf..791d60f97c23 100644 --- a/tools/perf/util/annotate.c +++ b/tools/perf/util/annotate.c @@ -1031,7 +1031,7 @@ int symbol__annotate(struct map_symbol *ms, struct ev= sel *evsel, return 0; =20 args.arch =3D arch; - args.ms =3D *ms; + args.ms =3D ms; =20 if (notes->src =3D=3D NULL) { notes->src =3D annotated_source__new(); diff --git a/tools/perf/util/capstone.c b/tools/perf/util/capstone.c index be5fd44b1f9d..2c7feab61b7b 100644 --- a/tools/perf/util/capstone.c +++ b/tools/perf/util/capstone.c @@ -143,7 +143,7 @@ static void print_capstone_detail(cs_insn *insn, char *= buf, size_t len, struct annotate_args *args, u64 addr) { int i; - struct map *map =3D args->ms.map; + struct map *map =3D args->ms->map; struct symbol *sym; =20 /* TODO: support more architectures */ @@ -222,7 +222,7 @@ int symbol__disassemble_capstone(const char *filename _= _maybe_unused, { #ifdef HAVE_LIBCAPSTONE_SUPPORT struct annotation *notes =3D symbol__annotation(sym); - struct map *map =3D args->ms.map; + struct map *map =3D args->ms->map; struct dso *dso =3D map__dso(map); u64 start =3D map__rip_2objdump(map, sym->start); u64 offset; @@ -256,7 +256,7 @@ int symbol__disassemble_capstone(const char *filename _= _maybe_unused, args->line =3D disasm_buf; args->line_nr =3D 0; args->fileloc =3D NULL; - args->ms.sym =3D sym; + args->ms->sym =3D sym; =20 dl =3D disasm_line__new(args); if (dl =3D=3D NULL) @@ -268,7 +268,7 @@ int symbol__disassemble_capstone(const char *filename _= _maybe_unused, !strcmp(args->options->disassembler_style, "att")) disassembler_style =3D true; =20 - if (capstone_init(maps__machine(args->ms.maps), &handle, is_64bit, disass= embler_style) < 0) + if (capstone_init(maps__machine(args->ms->maps), &handle, is_64bit, disas= sembler_style) < 0) goto err; =20 needs_cs_close =3D true; @@ -345,7 +345,7 @@ int symbol__disassemble_capstone_powerpc(const char *fi= lename __maybe_unused, { #ifdef HAVE_LIBCAPSTONE_SUPPORT struct annotation *notes =3D symbol__annotation(sym); - struct map *map =3D args->ms.map; + struct map *map =3D args->ms->map; struct dso *dso =3D map__dso(map); struct nscookie nsc; u64 start =3D map__rip_2objdump(map, sym->start); @@ -382,7 +382,7 @@ int symbol__disassemble_capstone_powerpc(const char *fi= lename __maybe_unused, !strcmp(args->options->disassembler_style, "att")) disassembler_style =3D true; =20 - if (capstone_init(maps__machine(args->ms.maps), &handle, is_64bit, disass= embler_style) < 0) + if (capstone_init(maps__machine(args->ms->maps), &handle, is_64bit, disas= sembler_style) < 0) goto err; =20 needs_cs_close =3D true; @@ -408,7 +408,7 @@ int symbol__disassemble_capstone_powerpc(const char *fi= lename __maybe_unused, args->line =3D disasm_buf; args->line_nr =3D 0; args->fileloc =3D NULL; - args->ms.sym =3D sym; + args->ms->sym =3D sym; =20 dl =3D disasm_line__new(args); if (dl =3D=3D NULL) diff --git a/tools/perf/util/disasm.c b/tools/perf/util/disasm.c index 50b9433f3f8e..924429142631 100644 --- a/tools/perf/util/disasm.c +++ b/tools/perf/util/disasm.c @@ -269,9 +269,7 @@ static int call__parse(struct arch *arch, struct ins_op= erands *ops, struct map_s { char *endptr, *tok, *name; struct map *map =3D ms->map; - struct addr_map_symbol target =3D { - .ms =3D { .map =3D map, }, - }; + struct addr_map_symbol target; =20 ops->target.addr =3D strtoull(ops->raw, &endptr, 16); =20 @@ -296,12 +294,16 @@ static int call__parse(struct arch *arch, struct ins_= operands *ops, struct map_s if (ops->target.name =3D=3D NULL) return -1; find_target: - target.addr =3D map__objdump_2mem(map, ops->target.addr); + target =3D (struct addr_map_symbol) { + .ms =3D { .map =3D map__get(map), }, + .addr =3D map__objdump_2mem(map, ops->target.addr), + }; =20 if (maps__find_ams(ms->maps, &target) =3D=3D 0 && map__rip_2objdump(target.ms.map, map__map_ip(target.ms.map, target.ad= dr)) =3D=3D ops->target.addr) ops->target.sym =3D target.ms.sym; =20 + addr_map_symbol__exit(&target); return 0; =20 indirect_call: @@ -366,7 +368,7 @@ static int jump__parse(struct arch *arch, struct ins_op= erands *ops, struct map_s struct map *map =3D ms->map; struct symbol *sym =3D ms->sym; struct addr_map_symbol target =3D { - .ms =3D { .map =3D map, }, + .ms =3D { .map =3D map__get(map), }, }; const char *c =3D strchr(ops->raw, ','); u64 start, end; @@ -440,7 +442,7 @@ static int jump__parse(struct arch *arch, struct ins_op= erands *ops, struct map_s } else { ops->target.offset_avail =3D false; } - + addr_map_symbol__exit(&target); return 0; } =20 @@ -1046,7 +1048,7 @@ static size_t disasm_line_size(int nr) struct disasm_line *disasm_line__new(struct annotate_args *args) { struct disasm_line *dl =3D NULL; - struct annotation *notes =3D symbol__annotation(args->ms.sym); + struct annotation *notes =3D symbol__annotation(args->ms->sym); int nr =3D notes->src->nr_events; =20 dl =3D zalloc(disasm_line_size(nr)); @@ -1064,7 +1066,7 @@ struct disasm_line *disasm_line__new(struct annotate_= args *args) } else if (disasm_line__parse(dl->al.line, &dl->ins.name, &dl->ops.raw) = < 0) goto out_free_line; =20 - disasm_line__init_ins(dl, args->arch, &args->ms); + disasm_line__init_ins(dl, args->arch, args->ms); } =20 return dl; @@ -1119,7 +1121,7 @@ static int symbol__parse_objdump_line(struct symbol *= sym, struct annotate_args *args, char *parsed_line, int *line_nr, char **fileloc) { - struct map *map =3D args->ms.map; + struct map *map =3D args->ms->map; struct annotation *notes =3D symbol__annotation(sym); struct disasm_line *dl; char *tmp; @@ -1151,7 +1153,7 @@ static int symbol__parse_objdump_line(struct symbol *= sym, args->line =3D parsed_line; args->line_nr =3D *line_nr; args->fileloc =3D *fileloc; - args->ms.sym =3D sym; + args->ms->sym =3D sym; =20 dl =3D disasm_line__new(args); (*line_nr)++; @@ -1169,12 +1171,14 @@ static int symbol__parse_objdump_line(struct symbol= *sym, if (dl->ins.ops && ins__is_call(&dl->ins) && !dl->ops.target.sym) { struct addr_map_symbol target =3D { .addr =3D dl->ops.target.addr, - .ms =3D { .map =3D map, }, + .ms =3D { .map =3D map__get(map), }, }; =20 - if (!maps__find_ams(args->ms.maps, &target) && + if (!maps__find_ams(args->ms->maps, &target) && target.ms.sym->start =3D=3D target.al_addr) dl->ops.target.sym =3D target.ms.sym; + + addr_map_symbol__exit(&target); } =20 annotation_line__add(&dl->al, ¬es->src->source); @@ -1338,7 +1342,7 @@ static int symbol__disassemble_raw(char *filename, st= ruct symbol *sym, struct annotate_args *args) { struct annotation *notes =3D symbol__annotation(sym); - struct map *map =3D args->ms.map; + struct map *map =3D args->ms->map; struct dso *dso =3D map__dso(map); u64 start =3D map__rip_2objdump(map, sym->start); u64 end =3D map__rip_2objdump(map, sym->end); @@ -1375,7 +1379,7 @@ static int symbol__disassemble_raw(char *filename, st= ruct symbol *sym, args->line =3D disasm_buf; args->line_nr =3D 0; args->fileloc =3D NULL; - args->ms.sym =3D sym; + args->ms->sym =3D sym; =20 dl =3D disasm_line__new(args); if (dl =3D=3D NULL) @@ -1501,7 +1505,7 @@ static int symbol__disassemble_objdump(const char *fi= lename, struct symbol *sym, struct annotate_args *args) { struct annotation_options *opts =3D &annotate_opts; - struct map *map =3D args->ms.map; + struct map *map =3D args->ms->map; struct dso *dso =3D map__dso(map); char *command; FILE *file; @@ -1644,7 +1648,7 @@ static int symbol__disassemble_objdump(const char *fi= lename, struct symbol *sym, int symbol__disassemble(struct symbol *sym, struct annotate_args *args) { struct annotation_options *options =3D args->options; - struct map *map =3D args->ms.map; + struct map *map =3D args->ms->map; struct dso *dso =3D map__dso(map); char symfs_filename[PATH_MAX]; bool delete_extract =3D false; diff --git a/tools/perf/util/disasm.h b/tools/perf/util/disasm.h index d2cb555e4a3b..a3ea9d676281 100644 --- a/tools/perf/util/disasm.h +++ b/tools/perf/util/disasm.h @@ -97,7 +97,7 @@ struct ins_ops { =20 struct annotate_args { struct arch *arch; - struct map_symbol ms; + struct map_symbol *ms; struct annotation_options *options; s64 offset; char *line; diff --git a/tools/perf/util/llvm.c b/tools/perf/util/llvm.c index 2ebf1f5f65bf..4ada9a10bd93 100644 --- a/tools/perf/util/llvm.c +++ b/tools/perf/util/llvm.c @@ -118,7 +118,7 @@ int symbol__disassemble_llvm(const char *filename, stru= ct symbol *sym, { #ifdef HAVE_LIBLLVM_SUPPORT struct annotation *notes =3D symbol__annotation(sym); - struct map *map =3D args->ms.map; + struct map *map =3D args->ms->map; struct dso *dso =3D map__dso(map); u64 start =3D map__rip_2objdump(map, sym->start); /* Malloc-ed buffer containing instructions read from disk. */ @@ -184,7 +184,7 @@ int symbol__disassemble_llvm(const char *filename, stru= ct symbol *sym, args->line =3D disasm_buf; args->line_nr =3D 0; args->fileloc =3D NULL; - args->ms.sym =3D sym; + args->ms->sym =3D sym; =20 dl =3D disasm_line__new(args); if (dl =3D=3D NULL) @@ -242,7 +242,7 @@ int symbol__disassemble_llvm(const char *filename, stru= ct symbol *sym, &line_storage_len); args->line_nr =3D 0; args->fileloc =3D NULL; - args->ms.sym =3D sym; + args->ms->sym =3D sym; =20 llvm_addr2line(filename, pc, &args->fileloc, (unsigned int *)&args->line_nr, false, NULL); --=20 2.52.0.457.g6b5491de43-goog