From nobody Sun Jun 14 05:47:57 2026
Received: from mail-dy1-f201.google.com (mail-dy1-f201.google.com
 [74.125.82.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id F2B6C382F03
	for <linux-kernel@vger.kernel.org>; Sat,  2 May 2026 15:57:22 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=74.125.82.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1777737444; cv=none;
 b=m3m3aAuapYMFolqH9ynUV7KWKQmGU/n7vEnxyjolFk005euicrLCFaeZHeWBmQcG8qs/tktU+WIIh9gSy+jRh0D4a9VRJQk1IXjYQUdQSHQlaoIc+XYnrBXBDX/I32a5+ayKZFs7o9z3/+RJJywiunHEE0iNNfvipzfnCbUTcLU=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1777737444; c=relaxed/simple;
	bh=ds1Oe0e0nvO55IkZQO1U/MiR+jF6HIuo5Gz4q8JrD1o=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=lLZ7Vpc5+jvKc7YLsNRP9k6+LHaCAqKTMfpZqgGz0E0/p9hBpIFCVJRwZHdpBzdawMfaNqvcJektfv3gckSlkVarH4l2dHUJDZAOuNyKriiH9FXPiiihW+kleWjmS6WfmvgqMfp7a5y7ZWEbZIjuE+342LkutPO2qXjQIhXnpUw=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--irogers.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=Ji+XLLX8; arc=none smtp.client-ip=74.125.82.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--irogers.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="Ji+XLLX8"
Received: by mail-dy1-f201.google.com with SMTP id
 5a478bee46e88-2ef62078ee7so982665eec.0
        for <linux-kernel@vger.kernel.org>;
 Sat, 02 May 2026 08:57:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1777737442; x=1778342242;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=Gp66yLPVBQoGa/v+8cqVP0kxyXDV2z8u4Se4Pcb+AKo=;
        b=Ji+XLLX8A8aG/m4/caTzxVlUDRkVF4trrMjzpEX0E7lxVyMddpWmNPKOVZeKytDpoC
         /N37W+OnYSdo4kPlWKazLN8gDOr/4PQMxbdVXZLmTsfMbnGhvtF+9nwiLZevf3iI6Rgq
         k+gMuY+hMPieuCUMgxIIEkRs8V159aQhP2R6anng8OlulOsgOLfxGLKg5WieigIABkSF
         VGh9Qdiq2ej4vg6QyBgUF1ZxIghQu3R6iaGBIvGuzUxBzZDcMpXna3/xAB4OnwLttrX5
         t4fdTJcKF93eNGIq3WJ4L54IAkxdfS4rTWH+zgio9RfkhCGQM8MSrsTFhJ/4uP0U2D4H
         BsTg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1777737442; x=1778342242;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=Gp66yLPVBQoGa/v+8cqVP0kxyXDV2z8u4Se4Pcb+AKo=;
        b=CRmaVThoTY8SbWCTbKjAt5znp6upZ+BE4qvqGIU6LV+motAhytpZgW4IpWIsKWzupV
         4fcOySU4IuIHVqEl938RlLvHPBmc6JO/NzBqB3WEqHCcWGB1dZz5W8gpuBnpaVPrFHO0
         ef7q6cjCDnszmg1D0vlYjs612Ks43SwzSCF3X73SM3PpAHKOqgs5nrtKPJPt8cvZDYn+
         j+zbI8f9mwFtCSKk0Oxf1PNlRr95iALrSqQlp77ZfECpQm0j+sAtJ3M/VEP9jpdUCIb+
         +Bqm9FSlF9oEdKNQ4UkpQz8Flo6pFXWHxMjtJ7kw1jyLpEWkYoYSh3Cnv23pxUhd2KDZ
         TUUA==
X-Forwarded-Encrypted: i=1;
 AFNElJ+TmgFywEcUlj2/582P4pAVIPSXvqJPBzK2QLnYZhgKJU+Lok5JI5+OnjcDVgifhEXbsdvb4VSXogKt7AQ=@vger.kernel.org
X-Gm-Message-State: AOJu0YxucO8/xGFbWRaTGHLPZUBQd3TEk9kqq7qboxw8h96R/BSvwGaG
	OM+eeiM49xU7tDYhNiJTmDjoBWMOwtxbork57UwvnJ5YWaG6/reIri2k3e9TtJvwwDBziZBOAwg
	Eq80fUC4BSQ==
X-Received: from dll26.prod.google.com ([2002:a05:7022:21a:b0:12d:b48e:8597])
 (user=irogers job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:7022:395:b0:127:3b1e:7e0e
 with SMTP id a92af1059eb24-12dfd807253mr1396621c88.20.1777737441668; Sat, 02
 May 2026 08:57:21 -0700 (PDT)
Date: Sat,  2 May 2026 08:56:51 -0700
In-Reply-To: <20260502155656.478642-1-irogers@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260502064839.282422-1-irogers@google.com>
 <20260502155656.478642-1-irogers@google.com>
X-Mailer: git-send-email 2.54.0.545.g6539524ca2-goog
Message-ID: <20260502155656.478642-2-irogers@google.com>
Subject: [PATCH v2 1/6] perf dwarf-aux: Fix libdw segmentation fault in
 cu_walk_functions_at
From: Ian Rogers <irogers@google.com>
To: Peter Zijlstra <peterz@infradead.org>, Ingo Molnar <mingo@redhat.com>,
	Arnaldo Carvalho de Melo <acme@kernel.org>,
 Namhyung Kim <namhyung@kernel.org>, Jiri Olsa <jolsa@kernel.org>,
	Adrian Hunter <adrian.hunter@intel.com>,
 James Clark <james.clark@linaro.org>,
	Zecheng Li <zli94@ncsu.edu>,
 Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>,
	linux-perf-users@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Ian Rogers <irogers@google.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

A segmentation fault was observed in `libdw` when running `perf kmem`
with `--page stat` on some workloads. The crash occurred deep inside
`libdw` (specifically in `dwarf_child` and `dwarf_diename`) when
processing DWARF information.

The root cause was improper error handling of `dwarf_getfuncs` in
`die_find_realfunc` and `die_find_tailfunc`.

`dwarf_getfuncs` returns:
 - `0` on success (when all functions have been processed).
 - A positive offset if the callback aborts early (e.g., via
   `DWARF_CB_ABORT` when a match is found).
 - `-1` on error.

The original code used `if (!dwarf_getfuncs(...)) return NULL;`. On
error (`-1`), `!-1` evaluates to `0` (false), bypassing the error
check. Execution then proceeded as if a match was found, returning
uninitialized stack memory (`die_mem`) to the caller
(`cu_walk_functions_at`). When `cu_walk_functions_at` passed this
uninitialized memory to `libdw` via `dwarf_diename`, it caused a
segmentation fault.

Fix this by correcting the error check to `if (dwarf_getfuncs(...) <=3D 0)`.

Fixes: e0d153c69040 ("perf-probe: Move dwarf library routines to dwarf-aux.=
{c, h}")
Fixes: d4c537e6bf86 ("perf probe: Ignore tail calls to probed functions")
Assisted-by: Gemini-CLI:Google Gemini 3
Signed-off-by: Ian Rogers <irogers@google.com>
---
 tools/perf/util/dwarf-aux.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/tools/perf/util/dwarf-aux.c b/tools/perf/util/dwarf-aux.c
index 92db2fccc788..6752adca8ee8 100644
--- a/tools/perf/util/dwarf-aux.c
+++ b/tools/perf/util/dwarf-aux.c
@@ -171,7 +171,6 @@ int cu_walk_functions_at(Dwarf_Die *cu_die, Dwarf_Addr =
addr,
 	}
=20
 	return ret;
-
 }
=20
 /**
@@ -620,12 +619,13 @@ Dwarf_Die *die_find_tailfunc(Dwarf_Die *cu_die, Dwarf=
_Addr addr,
 	ad.addr =3D addr;
 	ad.die_mem =3D die_mem;
 	/* dwarf_getscopes can't find subprogram. */
-	if (!dwarf_getfuncs(cu_die, __die_search_func_tail_cb, &ad, 0))
+	if (dwarf_getfuncs(cu_die, __die_search_func_tail_cb, &ad, 0) <=3D 0)
 		return NULL;
 	else
 		return die_mem;
 }
=20
+
 /* die_find callback for non-inlined function search */
 static int __die_search_func_cb(Dwarf_Die *fn_die, void *data)
 {
@@ -647,6 +647,7 @@ static int __die_search_func_cb(Dwarf_Die *fn_die, void=
 *data)
  * die_find_realfunc - Search a non-inlined function at given address
  * @cu_die: a CU DIE which including @addr
  * @addr: target address
+ * @dbg: Dwarf session
  * @die_mem: a buffer for result DIE
  *
  * Search a non-inlined function DIE which includes @addr. Stores the
@@ -659,7 +660,7 @@ Dwarf_Die *die_find_realfunc(Dwarf_Die *cu_die, Dwarf_A=
ddr addr,
 	ad.addr =3D addr;
 	ad.die_mem =3D die_mem;
 	/* dwarf_getscopes can't find subprogram. */
-	if (!dwarf_getfuncs(cu_die, __die_search_func_cb, &ad, 0))
+	if (dwarf_getfuncs(cu_die, __die_search_func_cb, &ad, 0) <=3D 0)
 		return NULL;
 	else
 		return die_mem;
--=20
2.54.0.545.g6539524ca2-goog
From nobody Sun Jun 14 05:47:57 2026
Received: from mail-dl1-f74.google.com (mail-dl1-f74.google.com
 [74.125.82.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0BA1838425A
	for <linux-kernel@vger.kernel.org>; Sat,  2 May 2026 15:57:24 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=74.125.82.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1777737446; cv=none;
 b=nttyExvKP0r+huW07J/or6DcaUWQ6/FcYZHL8p4+/7MCVMSYhudWXODb6iorPyKRf5l9g3iXw8+H81D8eDXCEINXaJP9ASulzBsVspRH0au+q7QH6S5XBwMyZ80jPxLu8IUUBx/BP+2w9YUPkEZaQRlQmMk9e4sQzU2xIjrZdx4=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1777737446; c=relaxed/simple;
	bh=5gLxise+rZ+bFPmlstkxp+NbVs8kBWQOZpMC2jqtjrY=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=dSBE/JRMwyb+1KkmPKkwBmmMVVfpwDQOHyYrPTz0DxEorevQRCVz0nyf0UCPUZ9jG0YWJ9Ln17I0n0x1fAIWG0bZiOOBQiIVvDhRIGXwXmblEcUDIeLNKeMmsOiaRxgCyPCB97F8LiM8KUF+ypmhAZy/dx+aQ1C8hIo1HLWN00Q=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--irogers.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=Fh3aPr1d; arc=none smtp.client-ip=74.125.82.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--irogers.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="Fh3aPr1d"
Received: by mail-dl1-f74.google.com with SMTP id
 a92af1059eb24-12dfb99429bso1705069c88.1
        for <linux-kernel@vger.kernel.org>;
 Sat, 02 May 2026 08:57:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1777737444; x=1778342244;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=RFMu+NMSt8/XDqsoxIh3OWm3JYI+p2qOMDVKWn0qr8Q=;
        b=Fh3aPr1dmKp9lCYvg9EJPhMn+u4CgQaPDSf4sUsFddxWFyQlKsA4uz4QcBnPsdbQTc
         s8Mw5QnguELKWXaJrvwF4i+v5a2sCT2RLf0SJQ3j9/pfkFCuCQBnr4YiGumyTnXd356A
         7QTDZYPSiArYDHEFu4FqgCim+xNRexMMJjofD3dKrRv8h3c9Je+jhJNIXlASKj6x/0sm
         usvR9ZvmfUUhZZdQTNhRKZOGTSQBfb9M9ccxcL5LsolLI64bveRl3k30/L8RLoBdbVh3
         WNHv/kwg3Wb6xDHzBeFLl1hbb+h0Siin1MbH7uuOD58W3/KR9xw3qjGW7tcw9FWjc5tG
         /cmg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1777737444; x=1778342244;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=RFMu+NMSt8/XDqsoxIh3OWm3JYI+p2qOMDVKWn0qr8Q=;
        b=UkgX1R5YnYcRGgK7QGsYo0V2NZDkSVXCaXwnVd9jX3UXht1zZ5lqeAKHxlmOU9pbqj
         UhXqOSLd4HBT5+tTEdQ/t89vzTnqq//uSLd2ud78nyvQtTMCKW6RI/cuAD+iz6o2cET5
         H3qYOJjQ7DCrSPDMOT7Baqjuru3vs15QPXRakkQ2n1pZ2qxEXlifFziVUUPY5F6cQ/VZ
         irDNVEighqd4dixQeP1DvVHxN5K7Jf2QZ325xbPzP0uwGLtDJoxXzte73R/N/BszqG2S
         fRc/96dA6Hb1uuy84VXQ+o8TbhOIpO6i7XOhoEwElpZRs+G5aqP2713x3Lect+xOKqtP
         NI0Q==
X-Forwarded-Encrypted: i=1;
 AFNElJ94eJFClQ+z3Blx0kCZf7mZp5AFRvo5WobrLI1MrHtduxNbIgnzw23wtcUl/aiumrlLHkHCCwsEjr5+rmo=@vger.kernel.org
X-Gm-Message-State: AOJu0YySdS4WeJpX0OGFh1OybcJpXUG3NeXMFK4Ng7+eUk4q+wAzMprO
	lpmC0gKEeDeOSFKpeJK2UHYXPwjufhPw/wIVtZ0O+4Y+k+erCysilvO4i28+Q+fZClKBtU7Pd1x
	C5j6vQkAYFQ==
X-Received: from dlaj8.prod.google.com ([2002:a05:701b:2808:b0:12a:ad8d:be18])
 (user=irogers job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:7022:2227:b0:12b:ec96:c936
 with SMTP id a92af1059eb24-12dfd7d11cemr1450375c88.14.1777737443762; Sat, 02
 May 2026 08:57:23 -0700 (PDT)
Date: Sat,  2 May 2026 08:56:52 -0700
In-Reply-To: <20260502155656.478642-1-irogers@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260502064839.282422-1-irogers@google.com>
 <20260502155656.478642-1-irogers@google.com>
X-Mailer: git-send-email 2.54.0.545.g6539524ca2-goog
Message-ID: <20260502155656.478642-3-irogers@google.com>
Subject: [PATCH v2 2/6] perf dwarf-aux: Fix libdw API contract violations
From: Ian Rogers <irogers@google.com>
To: Peter Zijlstra <peterz@infradead.org>, Ingo Molnar <mingo@redhat.com>,
	Arnaldo Carvalho de Melo <acme@kernel.org>,
 Namhyung Kim <namhyung@kernel.org>, Jiri Olsa <jolsa@kernel.org>,
	Adrian Hunter <adrian.hunter@intel.com>,
 James Clark <james.clark@linaro.org>,
	Zecheng Li <zli94@ncsu.edu>,
 Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>,
	linux-perf-users@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Ian Rogers <irogers@google.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Check return values of `dwarf_decl_line`, `dwarf_getfuncs`, and
`dwarf_lineaddr` to prevent using uninitialized stack variables or
incorrectly reporting success on failure.

Fixes: 57f95bf5f882 ("perf probe: Show correct statement line number by per=
f probe -l")
Fixes: 3f4460a28fb2 ("perf probe: Filter out redundant inline-instances")
Fixes: 75186a9b09e4 ("perf probe: Fix to show lines of sys_ functions corre=
ctly")
Fixes: e0d153c69040 ("perf-probe: Move dwarf library routines to dwarf-aux.=
{c, h}")
Fixes: 6243b9dc4c99 ("perf probe: Move dwarf specific functions to dwarf-au=
x.c")
Assisted-by: Gemini-CLI:Google Gemini 3
Signed-off-by: Ian Rogers <irogers@google.com>
---
 tools/perf/util/dwarf-aux.c | 34 ++++++++++++++++++++++------------
 1 file changed, 22 insertions(+), 12 deletions(-)

diff --git a/tools/perf/util/dwarf-aux.c b/tools/perf/util/dwarf-aux.c
index 6752adca8ee8..0b75b4af2b47 100644
--- a/tools/perf/util/dwarf-aux.c
+++ b/tools/perf/util/dwarf-aux.c
@@ -125,7 +125,8 @@ int cu_find_lineinfo(Dwarf_Die *cu_die, Dwarf_Addr addr,
 	    && die_entrypc(&die_mem, &faddr) =3D=3D 0 &&
 	    faddr =3D=3D addr) {
 		*fname =3D die_get_decl_file(&die_mem);
-		dwarf_decl_line(&die_mem, lineno);
+		if (dwarf_decl_line(&die_mem, lineno) !=3D 0)
+			return -ENOENT;
 		goto out;
 	}
=20
@@ -797,8 +798,8 @@ static int __die_walk_instances_cb(Dwarf_Die *inst, voi=
d *data)
=20
 	/* Ignore redundant instances */
 	if (dwarf_tag(inst) =3D=3D DW_TAG_inlined_subroutine) {
-		dwarf_decl_line(origin, &tmp);
-		if (die_get_call_lineno(inst) =3D=3D tmp) {
+		if (dwarf_decl_line(origin, &tmp) =3D=3D 0 &&
+		    die_get_call_lineno(inst) =3D=3D tmp) {
 			tmp =3D die_get_decl_fileno(origin);
 			if (die_get_call_fileno(inst) =3D=3D tmp)
 				return DIE_FIND_CB_CONTINUE;
@@ -950,7 +951,11 @@ int die_walk_lines(Dwarf_Die *rt_die, line_walk_callba=
ck_t callback, void *data)
 	/* Get the CU die */
 	if (dwarf_tag(rt_die) !=3D DW_TAG_compile_unit) {
 		cu_die =3D dwarf_diecu(rt_die, &die_mem, NULL, NULL);
-		dwarf_decl_line(rt_die, &decl);
+		if (dwarf_decl_line(rt_die, &decl) !=3D 0) {
+			pr_debug2("Failed to get the declared line number of %s\n",
+				  dwarf_diename(rt_die));
+			return -EINVAL;
+		}
 		decf =3D die_get_decl_file(rt_die);
 		if (!decf) {
 			pr_debug2("Failed to get the declared file name of %s\n",
@@ -1004,8 +1009,8 @@ int die_walk_lines(Dwarf_Die *rt_die, line_walk_callb=
ack_t callback, void *data)
 				    die_get_call_lineno(&die_mem) =3D=3D lineno)
 					goto found;
=20
-				dwarf_decl_line(&die_mem, &inl);
-				if (inl !=3D decl ||
+				if (dwarf_decl_line(&die_mem, &inl) !=3D 0 ||
+				    inl !=3D decl ||
 				    decf !=3D die_get_decl_file(&die_mem))
 					continue;
 			}
@@ -1036,8 +1041,10 @@ int die_walk_lines(Dwarf_Die *rt_die, line_walk_call=
back_t callback, void *data)
 			.data =3D data,
 			.retval =3D 0,
 		};
-		dwarf_getfuncs(cu_die, __die_walk_culines_cb, &param, 0);
-		ret =3D param.retval;
+		if (dwarf_getfuncs(cu_die, __die_walk_culines_cb, &param, 0) < 0)
+			ret =3D -EINVAL;
+		else
+			ret =3D param.retval;
 	}
=20
 	return ret;
@@ -1941,10 +1948,13 @@ static bool die_get_postprologue_addr(unsigned long=
 entrypc_idx,
 			break;
 	}
=20
-	dwarf_lineaddr(line, postprologue_addr);
-	if (*postprologue_addr >=3D highpc)
-		dwarf_lineaddr(dwarf_onesrcline(lines, i - 1),
-			       postprologue_addr);
+	if (dwarf_lineaddr(line, postprologue_addr) !=3D 0)
+		return false;
+	if (*postprologue_addr >=3D highpc) {
+		if (dwarf_lineaddr(dwarf_onesrcline(lines, i - 1),
+				   postprologue_addr) !=3D 0)
+			return false;
+	}
=20
 	return true;
 }
--=20
2.54.0.545.g6539524ca2-goog
From nobody Sun Jun 14 05:47:57 2026
Received: from mail-dl1-f74.google.com (mail-dl1-f74.google.com
 [74.125.82.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id A49633859D3
	for <linux-kernel@vger.kernel.org>; Sat,  2 May 2026 15:57:26 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=74.125.82.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1777737449; cv=none;
 b=CrwAy/O2VamaWqkWDr0pNDcT/AfcBsAviX7rU2ltU/YOxWRHRZ69JqRDgmtZxxx9rpNyQ6EA3qHMpAFwgSSpYGhUOBTCUXRWVvPvYQKiDx1Gy2lIBxs/2ZbDUDOUUGcnkkGca+7M0/VttL2d5h+2BRldAQocmCGvHlH+pNwFUKs=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1777737449; c=relaxed/simple;
	bh=bcwWM4oAyHctxhNnyNPL9T001VW9Tcv3kAMmr4OqRsE=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=GvVwqhO6iwYWH+/t8cH2i1pJ3xRLGdFbCnqbLdrRtN+9WKWEiFgRAMFylyNv57nBMNAatRnsFvmkXHyAfvlGZCYyLcgvWBfmYnwH4cLfPSBQddq5okqQzGnug98R/vgIYeubKJroM0YEeSq+L/UUpwArWuWxm024DN25/+ruQJU=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--irogers.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=N1u52Mnd; arc=none smtp.client-ip=74.125.82.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--irogers.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="N1u52Mnd"
Received: by mail-dl1-f74.google.com with SMTP id
 a92af1059eb24-12dba1e866dso2828367c88.1
        for <linux-kernel@vger.kernel.org>;
 Sat, 02 May 2026 08:57:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1777737446; x=1778342246;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=YPd2uZcGUUWJNN1IIJhqH/dm1zq9pHxS4EWiNfzZKto=;
        b=N1u52MndtIU2kLhUjOXtgizbKxMkAnk6jtDAw2iu40qsQ5ayof9Xk+Ux/fGiFMqD5r
         2/zShUZwbhI7GDaie8XlesgNaqlZCYzLZQ3XzZk8A4v//l7iz2ypv5oAr7/EdfY+7X5K
         2MIwWFJrJiBVv5ybPtdDpMoNIuxaGAmZPrEewh9QLqKFsTmaRLLuT2QvCp6RCbzZJdRw
         vlRtRMG18xqqGkYz32U3lhXehiQOiO7lhND+dIkA7JnnoSu2Z1jqHPdhpeeum0F6OUNI
         CVoKzb59V/cUfeY/rLe3axHGbXqibxdu/dA4Ry3rvZslsTL7Ep8T14u06k89icHDxvcf
         gkXg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1777737446; x=1778342246;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=YPd2uZcGUUWJNN1IIJhqH/dm1zq9pHxS4EWiNfzZKto=;
        b=peYXLpF+LQJZhrZ6mr7izlU28OPblLrh9J7jrsDHARgvmhu5xXaNzmOWTORTHQQjMg
         RZ6CWjaVvB/w+0S1VHBZdRim6T7LXWvGkJBKphjs6c8ypUxegcAKEDIDLjBdkdHyFnxo
         xaksaXXeNUYwu9R1yWbVRl2Z8vUqSmakGD88KbjzU3xOP1hSCEIOhognmz/09KeoKtju
         FYFnrJD9E7JNBlNas8xmAJ9MRKyJtV6708i+BrdMbVUa0+27gTQRdqzderIEBR/KDqe9
         3aNuFKUfA5MkgKJBhQADyuFUrFzu6FNi+okt3a1HF/rlkV/fUVGCy6h0hSGVqFWQ/lXg
         7M1g==
X-Forwarded-Encrypted: i=1;
 AFNElJ/hFfYPfBsmtMKNxUdfDqmsw6WEgK0T49uGs9i5EyoArWWiHo6vE8V7PVRVylpYtwUwiHgH5SXJlX+iwOo=@vger.kernel.org
X-Gm-Message-State: AOJu0Yzj1Ponj2bwtGLQY9xxxtbYC2kLBYVeQRx2UWJBujB4iP+s50OZ
	IiIpkURriZEcSEybgHTEMDvoOMJ70HndEhfxYz1+9ZlYlRTDa3bo/78NgRzYMPOCqBcPIkZiILy
	ZNWv0A+TJCA==
X-Received: from dleb6-n1.prod.google.com
 ([2002:a05:701b:4246:10b0:12a:9ef0:93ed])
 (user=irogers job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:7022:693:b0:12a:8122:24a9
 with SMTP id a92af1059eb24-12dece338bcmr4012923c88.22.1777737445602; Sat, 02
 May 2026 08:57:25 -0700 (PDT)
Date: Sat,  2 May 2026 08:56:53 -0700
In-Reply-To: <20260502155656.478642-1-irogers@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260502064839.282422-1-irogers@google.com>
 <20260502155656.478642-1-irogers@google.com>
X-Mailer: git-send-email 2.54.0.545.g6539524ca2-goog
Message-ID: <20260502155656.478642-4-irogers@google.com>
Subject: [PATCH v2 3/6] perf libdw: Fix libdw API contract violations
From: Ian Rogers <irogers@google.com>
To: Peter Zijlstra <peterz@infradead.org>, Ingo Molnar <mingo@redhat.com>,
	Arnaldo Carvalho de Melo <acme@kernel.org>,
 Namhyung Kim <namhyung@kernel.org>, Jiri Olsa <jolsa@kernel.org>,
	Adrian Hunter <adrian.hunter@intel.com>,
 James Clark <james.clark@linaro.org>,
	Zecheng Li <zli94@ncsu.edu>,
 Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>,
	linux-perf-users@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Ian Rogers <irogers@google.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Check return values of `dwfl_report_end` and `dwfl_module_addrdie`.
Validate `dwarf_diename` result before passing to `new_inline_sym` (avoid
potential `strdup(NULL)` crash) and check `die_get_call_lineno` for
errors.

Fixes: b7a2b011e962 ("perf powerpc: Unify the skip-callchain-idx libdw with=
 that for addr2line")
Fixes: 88c51002d06f ("perf addr2line: Add a libdw implementation")
Assisted-by: Gemini-CLI:Google Gemini 3
Signed-off-by: Ian Rogers <irogers@google.com>
---
 tools/perf/util/libdw.c | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/tools/perf/util/libdw.c b/tools/perf/util/libdw.c
index 216977884103..e37f3b22699d 100644
--- a/tools/perf/util/libdw.c
+++ b/tools/perf/util/libdw.c
@@ -60,7 +60,11 @@ struct Dwfl *dso__libdw_dwfl(struct dso *dso)
 		return NULL;
 	}
=20
-	dwfl_report_end(dwfl, /*removed=3D*/NULL, /*arg=3D*/NULL);
+	if (dwfl_report_end(dwfl, NULL, NULL) !=3D 0) {
+		dwfl_end(dwfl);
+		return NULL;
+	}
+
 	dso__set_libdw(dso, dwfl);
=20
 	return dwfl;
@@ -72,22 +76,27 @@ struct libdw_a2l_cb_args {
 	struct inline_node *node;
 	char *leaf_srcline;
 	bool leaf_srcline_used;
+	int err;
 };
=20
 static int libdw_a2l_cb(Dwarf_Die *die, void *_args)
 {
 	struct libdw_a2l_cb_args *args  =3D _args;
-	struct symbol *inline_sym =3D new_inline_sym(args->dso, args->sym, dwarf_=
diename(die));
+	const char *name =3D dwarf_diename(die);
+	struct symbol *inline_sym =3D new_inline_sym(args->dso, args->sym, name ?=
: "unknown");
 	const char *call_fname =3D die_get_call_file(die);
+	int call_lineno =3D die_get_call_lineno(die);
 	char *call_srcline =3D srcline__unknown;
 	struct inline_list *ilist;
=20
-	if (!inline_sym)
-		return -ENOMEM;
+	if (!inline_sym) {
+		args->err =3D -ENOMEM;
+		return DWARF_CB_ABORT;
+	}
=20
 	/* Assign caller information to the parent. */
-	if (call_fname)
-		call_srcline =3D srcline_from_fileline(call_fname, die_get_call_lineno(d=
ie));
+	if (call_fname && call_lineno > 0)
+		call_srcline =3D srcline_from_fileline(call_fname, call_lineno);
=20
 	list_for_each_entry(ilist, &args->node->val, list) {
 		if (args->leaf_srcline =3D=3D ilist->srcline)
@@ -163,7 +172,8 @@ int libdw__addr2line(u64 addr, char **file, unsigned in=
t *line_nr,
 		};
=20
 		/* Walk from the parent down to the leaf. */
-		cu_walk_functions_at(cudie, addr, libdw_a2l_cb, &args);
+		if (cudie)
+			cu_walk_functions_at(cudie, addr, libdw_a2l_cb, &args);
=20
 		if (!args.leaf_srcline_used)
 			free(args.leaf_srcline);
--=20
2.54.0.545.g6539524ca2-goog
From nobody Sun Jun 14 05:47:57 2026
Received: from mail-dy1-f201.google.com (mail-dy1-f201.google.com
 [74.125.82.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 466FC382F1A
	for <linux-kernel@vger.kernel.org>; Sat,  2 May 2026 15:57:28 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=74.125.82.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1777737449; cv=none;
 b=pToN1pbN7JdWKVvCiE552U7ZwEhvpE6mDtjCSBo6yunVnlNeICTLLSCslNNFqFAo6BTtzFNoXqzsTe9mKw5cWTtO8JieSHEZlVK7fZ9XwXH4SE0LNMLS7K3BXIvidKC303cvdm9rI0nqkE3jWz/a3mwnWFhM9yLX9DTU0tR80Xs=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1777737449; c=relaxed/simple;
	bh=vKFHrCjlKGhKq21Pd2ks1LeyB99UP6QRapSzP1imIIo=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=qTb2iBIYZOGLsoaMLsg2GZ63JC8Nz22qgTKHsqaK5VA19g2ReQ8VefY1PG/yb88kMh/pVPhDpOXMEaRAa9r2JIIqY5xtewXDPc6xLA1GyMyIMSXjWYXLwdKOWpmbpcF7AuZqGa1vdV0XyzXI9QmMqOycMfhfAR22+GhDun58eGI=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--irogers.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=UpdintwA; arc=none smtp.client-ip=74.125.82.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--irogers.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="UpdintwA"
Received: by mail-dy1-f201.google.com with SMTP id
 5a478bee46e88-2efc342ef15so1152083eec.1
        for <linux-kernel@vger.kernel.org>;
 Sat, 02 May 2026 08:57:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1777737447; x=1778342247;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=tbPVPyvaI7+J7NjdbYB4bFnyac0UwqZDPlHHgX6Sb0k=;
        b=UpdintwAAEwELjWYGa15h/CrBm/hT01wVe0O+LZIIyrwIlOa3pcN5BJVqIqEjpv5H8
         nge7VGLmWAVOtpc/g0FA1xp7LZ4/Pa3MJeggh3latZxVcb302TeWP21bB30SP4oylZDa
         UL6RDMbhIPTR+bjGQvsgDH3q4hwXQgHGD8cTT8RXFQ8XedN8yISLEssAjJ7pR3nI0LF5
         TMM6XS9ndTv/5QcctPk5v3uHAmv6CIea0mIkZMQ0+iqKdByfEgiyDY2GRPTeWLvXcJbS
         ZGQ5XD96vqTL2V4H6RaSlHsRHdkvCA0YytXHhg0kusP75lJSqE189kI+3hPi3n6gzY1z
         phBg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1777737447; x=1778342247;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=tbPVPyvaI7+J7NjdbYB4bFnyac0UwqZDPlHHgX6Sb0k=;
        b=LJR+8bDZFLlXh4GVdEjzptEkvKYziGBXX8SZvXlWZRgcdKCkYIMwybf8mHRvf3MduS
         +fSEyjqenRjtsgqdud12CTaCK7clA68kyUPLnzRAn+b8H6cGnkZz/ef07EB8UBAIAPWN
         yFHUyt0xLzNhmFIDYXJtwW+76nD2NmK5RtjXQOc9o3aiijBx3DO/4JFnFrHFilYwHtFN
         UgnQoPajM0fIMeb9gPfekGm/TIKSMvxtBawiBVy6KvH6tieKJhqHZnExnOLs6BQKmQTD
         qd+G1BAA+B2CtVRahVJTjVcEfoVFViwsefUvHyXojwOe/+Tn96CT+o4HWaKAmKf1KHOf
         BHow==
X-Forwarded-Encrypted: i=1;
 AFNElJ9NQLKTVXjMZfY9CPIVRpscGME6nJ94rsfytHsw7/RQ5OF+jXzXiMfP2NTOrQB2jMaqO9Nh5C7nZaH9ggw=@vger.kernel.org
X-Gm-Message-State: AOJu0YzcJmrMoCRW8994FpKe8/8AFffLJ/Vajd/tI69ugcpOrmuxP9em
	QcZvtnA9OcFEUDgG+W98PGl7H3YqXaP1M39YTqTHbHwdPAdSiXTBCxMwHBUzKeKEdX1ua++AMlr
	2hy63+jTOsA==
X-Received: from dlbeb4.prod.google.com ([2002:a05:7022:d44:b0:12d:bc1d:8783])
 (user=irogers job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:7022:2391:b0:12d:de3e:be8d
 with SMTP id a92af1059eb24-12dfd856e08mr1606645c88.41.1777737447314; Sat, 02
 May 2026 08:57:27 -0700 (PDT)
Date: Sat,  2 May 2026 08:56:54 -0700
In-Reply-To: <20260502155656.478642-1-irogers@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260502064839.282422-1-irogers@google.com>
 <20260502155656.478642-1-irogers@google.com>
X-Mailer: git-send-email 2.54.0.545.g6539524ca2-goog
Message-ID: <20260502155656.478642-5-irogers@google.com>
Subject: [PATCH v2 4/6] perf probe-finder: Fix libdw API contract violations
From: Ian Rogers <irogers@google.com>
To: Peter Zijlstra <peterz@infradead.org>, Ingo Molnar <mingo@redhat.com>,
	Arnaldo Carvalho de Melo <acme@kernel.org>,
 Namhyung Kim <namhyung@kernel.org>, Jiri Olsa <jolsa@kernel.org>,
	Adrian Hunter <adrian.hunter@intel.com>,
 James Clark <james.clark@linaro.org>,
	Zecheng Li <zli94@ncsu.edu>,
 Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>,
	linux-perf-users@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Ian Rogers <irogers@google.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Check return values of `dwarf_formsdata`, `dwarf_entrypc`,
`dwarf_highpc`, `dwarf_bytesize`, `dwarf_attr`, `dwarf_decl_line`,
`dwarf_getfuncs`, and `dwarf_formref_die`. Validate `dwarf_diename` and
`dwarf_diecu` results to prevent potential crashes. Fix C90 mixed
declarations.

Fixes: 66f69b219716 ("perf probe: Support DW_AT_const_value constant value")
Fixes: 3d918a12a1b3 ("perf probe: Find fentry mcount fuzzed parameter locat=
ion")
Fixes: bcfc082150c6 ("perf probe: Remove redundant dwarf functions")
Fixes: 221d061182b8 ("perf probe: Fix to search local variables in appropri=
ate scope")
Fixes: b55a87ade383 ("perf probe: Remove die() from probe-finder code")
Fixes: 4c859351226c ("perf probe: Support glob wildcards for function name")
Assisted-by: Gemini-CLI:Google Gemini 3
Signed-off-by: Ian Rogers <irogers@google.com>
---
 tools/perf/util/probe-finder.c | 84 ++++++++++++++++++++++------------
 1 file changed, 56 insertions(+), 28 deletions(-)

diff --git a/tools/perf/util/probe-finder.c b/tools/perf/util/probe-finder.c
index 64328abeef8b..069f0d83d0b7 100644
--- a/tools/perf/util/probe-finder.c
+++ b/tools/perf/util/probe-finder.c
@@ -93,7 +93,8 @@ static int convert_variable_location(Dwarf_Die *vr_die, D=
warf_Addr addr,
 		if (!tvar)
 			return 0;
=20
-		dwarf_formsdata(&attr, &snum);
+		if (dwarf_formsdata(&attr, &snum) !=3D 0)
+			return -ENOENT;
 		ret =3D asprintf(&tvar->value, "\\%ld", (long)snum);
=20
 		return ret < 0 ? -ENOMEM : 0;
@@ -103,8 +104,7 @@ static int convert_variable_location(Dwarf_Die *vr_die,=
 Dwarf_Addr addr,
 	if (dwarf_attr(vr_die, DW_AT_location, &attr) =3D=3D NULL)
 		return -EINVAL;	/* Broken DIE ? */
 	if (dwarf_getlocation_addr(&attr, addr, &op, &nops, 1) <=3D 0) {
-		ret =3D dwarf_entrypc(sp_die, &tmp);
-		if (ret)
+		if (dwarf_entrypc(sp_die, &tmp) !=3D 0)
 			return -ENOENT;
=20
 		if (probe_conf.show_location_range &&
@@ -115,8 +115,7 @@ static int convert_variable_location(Dwarf_Die *vr_die,=
 Dwarf_Addr addr,
 			return -ENOENT;
 		}
=20
-		ret =3D dwarf_highpc(sp_die, &tmp);
-		if (ret)
+		if (dwarf_highpc(sp_die, &tmp) !=3D 0)
 			return -ENOENT;
 		/*
 		 * This is fuzzed by fentry mcount. We try to find the
@@ -138,15 +137,21 @@ static int convert_variable_location(Dwarf_Die *vr_di=
e, Dwarf_Addr addr,
 static_var:
 		if (!tvar)
 			return ret2;
-		/* Static variables on memory (not stack), make @varname */
-		ret =3D strlen(dwarf_diename(vr_die));
-		tvar->value =3D zalloc(ret + 2);
-		if (tvar->value =3D=3D NULL)
-			return -ENOMEM;
-		snprintf(tvar->value, ret + 2, "@%s", dwarf_diename(vr_die));
-		tvar->ref =3D alloc_trace_arg_ref((long)offs);
-		if (tvar->ref =3D=3D NULL)
-			return -ENOMEM;
+		{
+			/* Static variables on memory (not stack), make @varname */
+			const char *name =3D dwarf_diename(vr_die);
+
+			if (!name)
+				return -ENOENT;
+			ret =3D strlen(name);
+			tvar->value =3D zalloc(ret + 2);
+			if (tvar->value =3D=3D NULL)
+				return -ENOMEM;
+			snprintf(tvar->value, ret + 2, "@%s", name);
+			tvar->ref =3D alloc_trace_arg_ref((long)offs);
+			if (tvar->ref =3D=3D NULL)
+				return -ENOMEM;
+		}
 		return ret2;
 	}
=20
@@ -234,8 +239,9 @@ static int convert_variable_type(Dwarf_Die *vr_die,
 	}
=20
 	if (die_get_real_type(vr_die, &type) =3D=3D NULL) {
+		const char *name =3D dwarf_diename(vr_die);
 		pr_warning("Failed to get a type information of %s.\n",
-			   dwarf_diename(vr_die));
+			   name ? name : "<unknown>");
 		return -ENOENT;
 	}
=20
@@ -291,7 +297,7 @@ static int convert_variable_type(Dwarf_Die *vr_die,
 			 probe_type_is_available(PROBE_TYPE_X) ? 'x' : 'u';
=20
 	ret =3D dwarf_bytesize(&type);
-	if (ret <=3D 0)
+	if (ret < 0)
 		/* No size ... try to use default type */
 		return 0;
 	ret =3D BYTES_TO_BITS(ret);
@@ -357,7 +363,13 @@ static int convert_variable_fields(Dwarf_Die *vr_die, =
const char *varname,
 			else
 				*ref_ptr =3D ref;
 		}
-		ref->offset +=3D dwarf_bytesize(&type) * field->index;
+		{
+			int bsize =3D dwarf_bytesize(&type);
+
+			if (bsize < 0)
+				return -EINVAL;
+			ref->offset +=3D bsize * field->index;
+		}
 		ref->user_access =3D user_access;
 		goto next;
 	} else if (tag =3D=3D DW_TAG_pointer_type) {
@@ -611,10 +623,16 @@ static int call_probe_finder(Dwarf_Die *sc_die, struc=
t probe_finder *pf)
 		memcpy(&pf->sp_die, sc_die, sizeof(Dwarf_Die));
=20
 	/* Get the frame base attribute/ops from subprogram */
-	dwarf_attr(&pf->sp_die, DW_AT_frame_base, &fb_attr);
-	ret =3D dwarf_getlocation_addr(&fb_attr, pf->addr, &pf->fb_ops, &nops, 1);
-	if (ret <=3D 0 || nops =3D=3D 0) {
+	if (dwarf_attr(&pf->sp_die, DW_AT_frame_base, &fb_attr) =3D=3D NULL) {
 		pf->fb_ops =3D NULL;
+	} else {
+		ret =3D dwarf_getlocation_addr(&fb_attr, pf->addr, &pf->fb_ops, &nops, 1=
);
+		if (ret <=3D 0 || nops =3D=3D 0)
+			pf->fb_ops =3D NULL;
+	}
+
+	if (pf->fb_ops =3D=3D NULL) {
+		/* Not supported */
 	} else if (nops =3D=3D 1 && pf->fb_ops[0].atom =3D=3D DW_OP_call_frame_cf=
a &&
 		   (pf->cfi_eh !=3D NULL || pf->cfi_dbg !=3D NULL)) {
 		if ((dwarf_cfi_addrframe(pf->cfi_eh, pf->addr, &frame) !=3D 0 &&
@@ -667,8 +685,8 @@ static int find_best_scope_cb(Dwarf_Die *fn_die, void *=
data)
 		}
 	} else {
 		/* With the line number, find the nearest declared DIE */
-		dwarf_decl_line(fn_die, &lno);
-		if (lno < fsp->line && fsp->diff > fsp->line - lno) {
+		if (dwarf_decl_line(fn_die, &lno) =3D=3D 0 &&
+		    lno < fsp->line && fsp->diff > fsp->line - lno) {
 			/* Keep a candidate and continue */
 			fsp->diff =3D fsp->line - lno;
 			memcpy(fsp->die_mem, fn_die, sizeof(Dwarf_Die));
@@ -1018,7 +1036,8 @@ static int find_probe_point_by_func(struct probe_find=
er *pf)
 {
 	struct dwarf_callback_param _param =3D {.data =3D (void *)pf,
 					      .retval =3D 0};
-	dwarf_getfuncs(&pf->cu_die, probe_point_search_cb, &_param, 0);
+	if (dwarf_getfuncs(&pf->cu_die, probe_point_search_cb, &_param, 0) < 0)
+		return -ENOENT;
 	return _param.retval;
 }
=20
@@ -1207,7 +1226,8 @@ static int copy_variables_cb(Dwarf_Die *die_mem, void=
 *data)
 		 * points to correct die.
 		 */
 		if (dwarf_attr(die_mem, DW_AT_abstract_origin, &attr)) {
-			dwarf_formref_die(&attr, &var_die);
+			if (dwarf_formref_die(&attr, &var_die) =3D=3D NULL)
+				goto out;
 			if (pf->abstrace_dieoffset !=3D dwarf_dieoffset(&var_die))
 				goto out;
 		}
@@ -1270,6 +1290,8 @@ static int add_probe_trace_event(Dwarf_Die *sc_die, s=
truct probe_finder *pf)
 	struct probe_trace_event *tev;
 	struct perf_probe_arg *args =3D NULL;
 	int ret, i;
+	const char *realname;
+	Dwarf_Die cu_die_mem;
=20
 	/*
 	 * For some reason (e.g. different column assigned to same address)
@@ -1293,13 +1315,17 @@ static int add_probe_trace_event(Dwarf_Die *sc_die,=
 struct probe_finder *pf)
 	if (ret < 0)
 		goto end;
=20
-	tev->point.realname =3D strdup(dwarf_diename(sc_die));
+	realname =3D dwarf_diename(sc_die);
+	tev->point.realname =3D strdup(realname ?: "unknown");
 	if (!tev->point.realname) {
 		ret =3D -ENOMEM;
 		goto end;
 	}
=20
-	tev->lang =3D dwarf_srclang(dwarf_diecu(sc_die, &pf->cu_die, NULL, NULL));
+	if (dwarf_diecu(sc_die, &cu_die_mem, NULL, NULL) !=3D NULL)
+		tev->lang =3D dwarf_srclang(&cu_die_mem);
+	else
+		tev->lang =3D DW_LANG_C; // Fallback
=20
 	pr_debug("Probe point found: %s+%lu\n", tev->point.symbol,
 		 tev->point.offset);
@@ -1794,7 +1820,8 @@ static int line_range_search_cb(Dwarf_Die *sp_die, vo=
id *data)
=20
 	if (die_match_name(sp_die, lr->function) && die_is_func_def(sp_die)) {
 		lf->fname =3D die_get_decl_file(sp_die);
-		dwarf_decl_line(sp_die, &lr->offset);
+		if (dwarf_decl_line(sp_die, &lr->offset) !=3D 0)
+			return DWARF_CB_OK; // Skip if no line info
 		pr_debug("fname: %s, lineno:%d\n", lf->fname, lr->offset);
 		lf->lno_s =3D lr->offset + lr->start;
 		if (lf->lno_s < 0)	/* Overflow */
@@ -1818,7 +1845,8 @@ static int line_range_search_cb(Dwarf_Die *sp_die, vo=
id *data)
 static int find_line_range_by_func(struct line_finder *lf)
 {
 	struct dwarf_callback_param param =3D {.data =3D (void *)lf, .retval =3D =
0};
-	dwarf_getfuncs(&lf->cu_die, line_range_search_cb, &param, 0);
+	if (dwarf_getfuncs(&lf->cu_die, line_range_search_cb, &param, 0) < 0)
+		return -ENOENT;
 	return param.retval;
 }
=20
--=20
2.54.0.545.g6539524ca2-goog
From nobody Sun Jun 14 05:47:57 2026
Received: from mail-dy1-f202.google.com (mail-dy1-f202.google.com
 [74.125.82.202])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5F496386557
	for <linux-kernel@vger.kernel.org>; Sat,  2 May 2026 15:57:30 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=74.125.82.202
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1777737451; cv=none;
 b=Tg7NzBiDse8uX6MXudmjcfTLG3e5iPH+XE6vLPwKWw/jh6Vnfwn6fghdMGqBNBlrcIM1BSEDtO2q41AQIj7XbltaUgbq8Td+pqvSs+svzcKr1PekECQv31gw79S/qAwqOMPKyFCY2oZbKrMeA30A9NWkZZ2OLj1JNrGRTZHTP5Y=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1777737451; c=relaxed/simple;
	bh=Qs82aQblWtjLLgeF3M5ilDmR1IJTXAu5AzapLrf9cY0=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=C6dxkPIQ03a667cDWfpwHJKqqC6PDd4aoI34VTl+u2RQKPWkbpRCQH3uVRlwxMn+B8HGgC/M0CdWe0OX4k+HtyFojDU2mi/FPJN8F2prWYwkM25KIcRZ9nPZ5P0RRNWeQyGhPKpLuAfkV7QiKRiWSm3A2QtqWmKKNOdCLq6Wrfk=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--irogers.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=Etww/siu; arc=none smtp.client-ip=74.125.82.202
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--irogers.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="Etww/siu"
Received: by mail-dy1-f202.google.com with SMTP id
 5a478bee46e88-2c0f6593ef5so4330304eec.1
        for <linux-kernel@vger.kernel.org>;
 Sat, 02 May 2026 08:57:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1777737449; x=1778342249;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=Tt7TK3JC4x6/Ps79h7tGqZ56cFuxWDFNGGhg/Dvi8W4=;
        b=Etww/siu4pTyjG8dgraUTSsRH+k1VfqNDcBpSvOoLhumt5/oQ+gTOLCaeUD8rDRPjy
         vxxUSkz7BI7M9VIpVYfijiyd2TsjGnFpx8t3p/MMOTiVNjODtx2i2ietHkPYeC3I6L1P
         8enzbMMj8pxtOI74BgNwEgDK8RZeULBRkEj5mCgHYbfsP5gNaBq66IdHRKEG+V6tK7E/
         90nbv8PZX9frkhj+0Vt+buDGerAswIM4wgpJT/iTc1UPpFWggFupmKJ25zO8KF+Vvp2V
         aPoioWH/YeuMnj0ct0xsCRbP6CRHOK6K4B2SbWoxJ459+0HdjEFmIkZF668evPsLzkvd
         monw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1777737449; x=1778342249;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=Tt7TK3JC4x6/Ps79h7tGqZ56cFuxWDFNGGhg/Dvi8W4=;
        b=ASjsnuMw/RQpSWT0JPsJdUt/TbtFvQGhh0P63L/FZoY1QMQDQMTVvz0Pjbvn9yXgty
         oYD+4QMr+PfxvfxtvTSn511FJgEJv+aT/IhY0flpn5qbL4oOvyFrO5UwpAu0w9EZUSRy
         eojSOCBg7ywEuXc1leK5374NZaxVF4FQ4TQphjMWXkFlOUniio0VSAkSdHLSXZyU0opd
         iFmLxflGpO3C6YwGzBDqeP1ezOBuBPud9xMhXpZGt6kxD70iZiTEPy+qcqwYi3sj4IA1
         uO4tFlF5F3NcSYKaDSGZC5l0X3RytLv0l7NvnU1g/Vd2GsafsSIrDpXyEeq7O6KF0q3H
         ORFw==
X-Forwarded-Encrypted: i=1;
 AFNElJ+2qjdc/Pa/PlUbVIqWxdXhmH/WCXzDXTSX8/wmDKSLQUom/yiFTqVqVJYHN1eJ/RuNsFhlBzuufsTRclI=@vger.kernel.org
X-Gm-Message-State: AOJu0YwNJ8HZ6qnbVrqzZp0p0QlhBRjNMQxwvNOxaVaCDkPVzv5oBPzb
	QAr/TPzrrfIpBVQfGUMiNj/8mvVMDlQuQQPTRjk5w7LKsCTspNgyxH9UzZPDe8bp1bGfeIuuDEJ
	IF5HUnhMkrg==
X-Received: from dlbph19.prod.google.com
 ([2002:a05:7022:3713:b0:12d:d0a4:2ed9])
 (user=irogers job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:7022:61a:b0:128:d967:4678
 with SMTP id a92af1059eb24-12dfd80734emr1533128c88.23.1777737449277; Sat, 02
 May 2026 08:57:29 -0700 (PDT)
Date: Sat,  2 May 2026 08:56:55 -0700
In-Reply-To: <20260502155656.478642-1-irogers@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260502064839.282422-1-irogers@google.com>
 <20260502155656.478642-1-irogers@google.com>
X-Mailer: git-send-email 2.54.0.545.g6539524ca2-goog
Message-ID: <20260502155656.478642-6-irogers@google.com>
Subject: [PATCH v2 5/6] perf annotate-data: Fix libdw API contract violations
From: Ian Rogers <irogers@google.com>
To: Peter Zijlstra <peterz@infradead.org>, Ingo Molnar <mingo@redhat.com>,
	Arnaldo Carvalho de Melo <acme@kernel.org>,
 Namhyung Kim <namhyung@kernel.org>, Jiri Olsa <jolsa@kernel.org>,
	Adrian Hunter <adrian.hunter@intel.com>,
 James Clark <james.clark@linaro.org>,
	Zecheng Li <zli94@ncsu.edu>,
 Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>,
	linux-perf-users@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Ian Rogers <irogers@google.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Check return values of `dwarf_aggregate_size` and `dwarf_formudata`.
Validate `dwarf_diename` before `strdup` to prevent potential crashes.

Fixes: 2bc3cf575a16 ("perf annotate-data: Improve debug message with locati=
on info")
Fixes: 4a111cadac85 ("perf annotate-data: Add member field in the data type=
")
Fixes: 8b1042c425f6 ("perf annotate-data: Set bitfield member offset and si=
ze properly")
Fixes: fc044c53b99f ("perf annotate-data: Add dso->data_types tree")
Assisted-by: Gemini-CLI:Google Gemini 3
Signed-off-by: Ian Rogers <irogers@google.com>
---
 tools/perf/util/annotate-data.c | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/tools/perf/util/annotate-data.c b/tools/perf/util/annotate-dat=
a.c
index 1eff0a27237d..e881a40a4885 100644
--- a/tools/perf/util/annotate-data.c
+++ b/tools/perf/util/annotate-data.c
@@ -74,7 +74,8 @@ void pr_debug_type_name(Dwarf_Die *die, enum type_state_k=
ind kind)
 		break;
 	}
=20
-	dwarf_aggregate_size(die, &size);
+	if (dwarf_aggregate_size(die, &size) !=3D 0)
+		size =3D 0;
=20
 	strbuf_init(&sb, 32);
 	die_get_typename_from_type(die, &sb);
@@ -250,9 +251,10 @@ static int __add_member_cb(Dwarf_Die *die, void *arg)
 	if (dwarf_aggregate_size(&die_mem, &size) < 0)
 		size =3D 0;
=20
-	if (dwarf_attr_integrate(die, DW_AT_data_member_location, &attr))
-		dwarf_formudata(&attr, &loc);
-	else {
+	if (dwarf_attr_integrate(die, DW_AT_data_member_location, &attr)) {
+		if (dwarf_formudata(&attr, &loc) !=3D 0)
+			loc =3D 0;
+	} else {
 		/* bitfield member */
 		if (dwarf_attr_integrate(die, DW_AT_data_bit_offset, &attr) &&
 		    dwarf_formudata(&attr, &loc) =3D=3D 0)
@@ -273,7 +275,9 @@ static int __add_member_cb(Dwarf_Die *die, void *arg)
 				     dwarf_diename(die), (long)bit_size) < 0)
 				member->var_name =3D NULL;
 		} else {
-			member->var_name =3D strdup(dwarf_diename(die));
+			const char *name =3D dwarf_diename(die);
+
+			member->var_name =3D strdup(name ?: "unknown");
 		}
=20
 		if (member->var_name =3D=3D NULL) {
@@ -370,7 +374,8 @@ static struct annotated_data_type *dso__findnew_data_ty=
pe(struct dso *dso,
 	if (dwarf_tag(type_die) =3D=3D DW_TAG_typedef)
 		die_get_real_type(type_die, type_die);
=20
-	dwarf_aggregate_size(type_die, &size);
+	if (dwarf_aggregate_size(type_die, &size) !=3D 0)
+		size =3D 0;
=20
 	/* Check existing nodes in dso->data_types tree */
 	key.self.type_name =3D type_name;
--=20
2.54.0.545.g6539524ca2-goog
From nobody Sun Jun 14 05:47:57 2026
Received: from mail-dy1-f202.google.com (mail-dy1-f202.google.com
 [74.125.82.202])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 95B0A386C3F
	for <linux-kernel@vger.kernel.org>; Sat,  2 May 2026 15:57:32 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=74.125.82.202
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1777737453; cv=none;
 b=pSkHo4NrIWsNe1GSOAg/UB4rFBaYBF2UEu3S+U2qYiwlp8xNNQ9eS47Y4BCqJ8qoZQbS2cBj+j6DrldL9xzN6+K+Ly2fi2c1a2xoaW/WrI7Q1JjVqXf2YsPnnQsJfJddSMvB0PZHLiQHtaqQCc4AylkbwJngIxYeaSa1XULPYkg=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1777737453; c=relaxed/simple;
	bh=aejM4DU7JRkliTqft/Llsk1zUeLQIbJRjWsEykxh2ys=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=T1FUwA9onPbQptKPQb7cY9B6zYaagd8jg7xYqjlqp3JekrAhqO9XvLdGW2fmwgdMd9mIKfcFt0QeI9TSMahuPdiL43Vnx/AyMVOb6gdoDWbwbPYnFwl5PLfwdq9v+OCGyRzPocrVqvglMyGZlwOY1rGZTX8QNcvfSkRNIbj3YKI=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--irogers.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=eTLixmli; arc=none smtp.client-ip=74.125.82.202
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--irogers.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="eTLixmli"
Received: by mail-dy1-f202.google.com with SMTP id
 5a478bee46e88-2ba9a744f7dso5114234eec.0
        for <linux-kernel@vger.kernel.org>;
 Sat, 02 May 2026 08:57:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1777737452; x=1778342252;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=cQmVm0Mk8S8yIw6NN5Lf29gNVzq8HKFVdhFBj2+c9Uw=;
        b=eTLixmliEyuBkQWOJAZLMP4GBad6asQ75oGhS9/9b0qx4BG/gigdAEiD7B0DDhiXzG
         MVehFt+x643i3Y5YzQOqy4Jw+aJwsfvXu7i3XuUO5YBcsksUM+lnXpks04/jW1r66IUl
         Q8CG0hR0has6SyncZ2hHClo2fWOv1oWYoBWFMA45IrFOT6sn1Rb1Cp/2nnrgwCb6eqfW
         Mt0jbHkWSEG+hzxuDYdMqH4T5qbrkOLXFxu1Q0fJ64FxhHsxdV1oQ3gvmOmTst+3w7Rf
         MTMbZICMhPfndS6cMDMoJbokHtOcvZVv3V3Jlksh7/DaBU1rZpHjdbzJQcAJD+kDpwFd
         PBhA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1777737452; x=1778342252;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=cQmVm0Mk8S8yIw6NN5Lf29gNVzq8HKFVdhFBj2+c9Uw=;
        b=ldzVMHNi+1EDZcmLAgnnDjDHtvyGeH+hf9GJRdniB1CAeFY4bsq9zgGwosmyXyztGz
         G9m7WVwSwyEQpWphpeIXTHj0xKMb4hYrd8TdjKo1W3rEUmKSqthDFhUkjpK71qg9Vd8D
         B6X15MwJ2/y/Fa9Q94jcPNvhGlCMPsIclBKZeeD0PbIz4C+7WaAppOYJ7x0VtSHhqfpE
         ThKyrV7Qk87HdhhnxuAPCz070m6aMNkuQamCBKXRwBRIOCkNIvYmoW1LtHqepFU9mJQN
         VT/eKuzO1hFf7PgiT6WyAfNq9MECkXSIAz7bquWWqpF1oC/5s55mpRJmRMevGOSZGvEp
         2REQ==
X-Forwarded-Encrypted: i=1;
 AFNElJ8G5yuMOyod8spzQrnQZlLdX2Gu0wUMXiPjayQmaIXb16OvrT+HFw+v2/2d7NFX3f2j0M7zc/j+pLM0Beg=@vger.kernel.org
X-Gm-Message-State: AOJu0YzR+gN923O/DEMPOuZFve1xSUFom1rzr22SvFSBdaLgRgtFeLu9
	vvTqR+oMgL2Z5UGSMKG6aQ7Ga5V8s8yC1lTIzqWbS88Iq7ozZewGwVr3lmAlRmmk1i9tnCHg8YZ
	S/CzfKcOkpA==
X-Received: from dlad7.prod.google.com ([2002:a05:701b:2207:b0:128:cfd6:a3c6])
 (user=irogers job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:701b:2412:b0:12f:1f67:e744
 with SMTP id a92af1059eb24-12f1f67e7f4mr258370c88.44.1777737451549; Sat, 02
 May 2026 08:57:31 -0700 (PDT)
Date: Sat,  2 May 2026 08:56:56 -0700
In-Reply-To: <20260502155656.478642-1-irogers@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260502064839.282422-1-irogers@google.com>
 <20260502155656.478642-1-irogers@google.com>
X-Mailer: git-send-email 2.54.0.545.g6539524ca2-goog
Message-ID: <20260502155656.478642-7-irogers@google.com>
Subject: [PATCH v2 6/6] perf debuginfo: Fix libdw API contract violations
From: Ian Rogers <irogers@google.com>
To: Peter Zijlstra <peterz@infradead.org>, Ingo Molnar <mingo@redhat.com>,
	Arnaldo Carvalho de Melo <acme@kernel.org>,
 Namhyung Kim <namhyung@kernel.org>, Jiri Olsa <jolsa@kernel.org>,
	Adrian Hunter <adrian.hunter@intel.com>,
 James Clark <james.clark@linaro.org>,
	Zecheng Li <zli94@ncsu.edu>,
 Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>,
	linux-perf-users@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Ian Rogers <irogers@google.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Check return value of `dwfl_report_end` during offline initialization.
Validate `dwfl_module_relocation_info` result before passing to `strcmp`
to avoid potential segmentation faults.

Fixes: 6f1b6291cf73 ("perf tools: Add util/debuginfo.[ch] files")
Assisted-by: Gemini-CLI:Google Gemini 3
Signed-off-by: Ian Rogers <irogers@google.com>
---
 tools/perf/util/debuginfo.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/tools/perf/util/debuginfo.c b/tools/perf/util/debuginfo.c
index 0e35c13abd04..49cb7f9b715d 100644
--- a/tools/perf/util/debuginfo.c
+++ b/tools/perf/util/debuginfo.c
@@ -62,7 +62,8 @@ static int debuginfo__init_offline_dwarf(struct debuginfo=
 *dbg,
=20
 	dwfl_module_build_id(dbg->mod, &dbg->build_id, &dummy);
=20
-	dwfl_report_end(dbg->dwfl, NULL, NULL);
+	if (dwfl_report_end(dbg->dwfl, NULL, NULL) !=3D 0)
+		goto error;
=20
 	return 0;
 error:
@@ -167,7 +168,7 @@ int debuginfo__get_text_offset(struct debuginfo *dbg, D=
warf_Addr *offs,
 	/* Search the relocation related .text section */
 	for (i =3D 0; i < n; i++) {
 		p =3D dwfl_module_relocation_info(dbg->mod, i, &shndx);
-		if (strcmp(p, ".text") =3D=3D 0) {
+		if (p && strcmp(p, ".text") =3D=3D 0) {
 			/* OK, get the section header */
 			scn =3D elf_getscn(elf, shndx);
 			if (!scn)
--=20
2.54.0.545.g6539524ca2-goog