From nobody Sun Jun 14 06:06:24 2026 Received: from mail-dl1-f74.google.com (mail-dl1-f74.google.com [74.125.82.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 70CBA19DF4F for ; Sun, 3 May 2026 00:35:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777768560; cv=none; b=ISyh8kVW5jGegOVbbVa9WJXvhJSiNGZyv/MdlrLqYakm625jAeSsIfwGOz3sXyJBmG/BNr2nLzD4r8jptaeKT7W5bJWq1tg/eH9TnVJ+gZp39G641QlXupeka3bXrHb/s3/OlB6zp0aURLjpNU8zt8eYmY04fdl1ffeT0mECJkI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777768560; c=relaxed/simple; bh=8JZDj9FsSiFtZTgJv9NSa3FaiaAa+RxFIzAHyFIkhq8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=PhfYGG4Qa6dW/BVAnBp2LT0LaAvSJjjtaSj9boEGO8+8YTPnKFY21Nnj6604jhhGgS9DFcQ9NsCFdy+ya+1qtnyA14Zhjp9ynwZdoDQbYZiEvMeMVA2yzjs/8rFOu4rOyQPTYH+7cImil4kjwj71At1DJKpFNBWfJ9hRE7BoHVU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--irogers.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=ueSIZYsY; arc=none smtp.client-ip=74.125.82.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--irogers.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="ueSIZYsY" Received: by mail-dl1-f74.google.com with SMTP id a92af1059eb24-12dba1e866dso3091622c88.1 for ; Sat, 02 May 2026 17:35:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1777768559; x=1778373359; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=nVHNOFHXHM4bgQvRUpFKg8gW6bF51M9wm8EnPDqQV18=; b=ueSIZYsYJqDz/N2WRQ4oS2d8thnHQp+s2gVS5jLm530DtlZjEXlPHEYDsLU6NRJ7SC ENDwQV57M7Keo5XLNynWHuAcLSyUDQeAWd0kz7UzWPu2L7ar8lmdgyyd0OTStRIjpzDo iwLjaEsjxszKBZJklaaT9Ny8KtZe5wVcnirDNEnIaK+otRgad6kveHlq4VFffr+I0kur 2YLCOl9tpbk1xdzCEeGw4fpr1d499gIdRsnT0YGQMxpBVjTksUaX7wBTUAmSqWpHKdJ0 uJz0qNcbmJSz7B610tSMBoRxoMedfBvjdLWdsl19LoDotm0QSF7ilI+p9IZ+dejkhw4F gzLA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777768559; x=1778373359; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=nVHNOFHXHM4bgQvRUpFKg8gW6bF51M9wm8EnPDqQV18=; b=hndnhDihCwfonDUVNEzihjIS/dnlXu/WAVAVrM9dwC4WYr/tXY9lSY4R+YNQ2pcQH4 /CF4jYqsrV7jmV0Gk3NbHuyXitdd3f9E9sIsAOTBXFUkvxUGSqzpHfGwVMsXx4JODJJ3 BJiDGU3k3faZLSKHUmYJlrdS0cgw/3sLmRr7KU5ZzRv9/nhsAlGrUV+n0u5Yfo8LPANU psAqhTCulBPedG/IuTYGDqS7gMcasy00n62v+mGmu9FLhor61OCFnBndf8m8l//zicIS cyTPwVkUdng54PXavG3LtD4ras7wvdzSwLSvPjhzE3rjxIY3S1Q0GhtgkB3mTVvq1Y7/ oT+g== X-Forwarded-Encrypted: i=1; AFNElJ8oPWqK4mJIw3US/n8vKLrIsrD/RGr21sTtkiXwS5eAlGWAgjvwpdhWk/weZUxGHiwMhmU/86YzLLUBaH8=@vger.kernel.org X-Gm-Message-State: AOJu0Yys1fOtqzVE53jhYATpUwmvQXuFglXXHCpoUmu34g4HMksxvdOO YTR6XsMcD6St2UjAE1+nsBt3octGQkHhY5APq39Ntp/i6Ni8YDil9Tnr1ktX9VJS28zROss9Pd5 F31yk+ZTcpw== X-Received: from dlbcm1.prod.google.com ([2002:a05:7022:6881:b0:12c:177a:ac1d]) (user=irogers job=prod-delivery.src-stubby-dispatcher) by 2002:a05:7022:f416:b0:123:3301:a718 with SMTP id a92af1059eb24-12dfd51fe0cmr1791428c88.1.1777768558425; Sat, 02 May 2026 17:35:58 -0700 (PDT) Date: Sat, 2 May 2026 17:35:47 -0700 In-Reply-To: <20260503003552.1063540-1-irogers@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260503003552.1063540-1-irogers@google.com> X-Mailer: git-send-email 2.54.0.545.g6539524ca2-goog Message-ID: <20260503003552.1063540-2-irogers@google.com> Subject: [PATCH v3 1/6] perf dwarf-aux: Fix libdw segmentation fault in cu_walk_functions_at From: Ian Rogers To: Peter Zijlstra , Ingo Molnar , Arnaldo Carvalho de Melo , Namhyung Kim , Jiri Olsa , Adrian Hunter , James Clark , Zecheng Li , Masami Hiramatsu , linux-perf-users@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Ian Rogers Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" A segmentation fault was observed in `libdw` when running `perf kmem` with `--page stat` on some workloads. The crash occurred deep inside `libdw` (specifically in `dwarf_child` and `dwarf_diename`) when processing DWARF information. The root cause was improper error handling of `dwarf_getfuncs` in `die_find_realfunc` and `die_find_tailfunc`. `dwarf_getfuncs` returns: - `0` on success (when all functions have been processed). - A positive offset if the callback aborts early (e.g., via `DWARF_CB_ABORT` when a match is found). - `-1` on error. The original code used `if (!dwarf_getfuncs(...)) return NULL;`. On error (`-1`), `!-1` evaluates to `0` (false), bypassing the error check. Execution then proceeded as if a match was found, returning uninitialized stack memory (`die_mem`) to the caller (`cu_walk_functions_at`). When `cu_walk_functions_at` passed this uninitialized memory to `libdw` via `dwarf_diename`, it caused a segmentation fault. Fix this by correcting the error check to `if (dwarf_getfuncs(...) <=3D 0)`. Fixes: e0d153c69040 ("perf-probe: Move dwarf library routines to dwarf-aux.= {c, h}") Fixes: d4c537e6bf86 ("perf probe: Ignore tail calls to probed functions") Assisted-by: Gemini-CLI:Google Gemini 3 Signed-off-by: Ian Rogers --- tools/perf/util/dwarf-aux.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/perf/util/dwarf-aux.c b/tools/perf/util/dwarf-aux.c index 92db2fccc788..8e83cb2d565e 100644 --- a/tools/perf/util/dwarf-aux.c +++ b/tools/perf/util/dwarf-aux.c @@ -171,7 +171,6 @@ int cu_walk_functions_at(Dwarf_Die *cu_die, Dwarf_Addr = addr, } =20 return ret; - } =20 /** @@ -620,7 +619,7 @@ Dwarf_Die *die_find_tailfunc(Dwarf_Die *cu_die, Dwarf_A= ddr addr, ad.addr =3D addr; ad.die_mem =3D die_mem; /* dwarf_getscopes can't find subprogram. */ - if (!dwarf_getfuncs(cu_die, __die_search_func_tail_cb, &ad, 0)) + if (dwarf_getfuncs(cu_die, __die_search_func_tail_cb, &ad, 0) <=3D 0) return NULL; else return die_mem; @@ -647,6 +646,7 @@ static int __die_search_func_cb(Dwarf_Die *fn_die, void= *data) * die_find_realfunc - Search a non-inlined function at given address * @cu_die: a CU DIE which including @addr * @addr: target address + * @dbg: Dwarf session * @die_mem: a buffer for result DIE * * Search a non-inlined function DIE which includes @addr. Stores the @@ -659,7 +659,7 @@ Dwarf_Die *die_find_realfunc(Dwarf_Die *cu_die, Dwarf_A= ddr addr, ad.addr =3D addr; ad.die_mem =3D die_mem; /* dwarf_getscopes can't find subprogram. */ - if (!dwarf_getfuncs(cu_die, __die_search_func_cb, &ad, 0)) + if (dwarf_getfuncs(cu_die, __die_search_func_cb, &ad, 0) <=3D 0) return NULL; else return die_mem; --=20 2.54.0.545.g6539524ca2-goog From nobody Sun Jun 14 06:06:24 2026 Received: from mail-dl1-f74.google.com (mail-dl1-f74.google.com [74.125.82.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 773A51EE7B7 for ; Sun, 3 May 2026 00:36:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777768563; cv=none; b=j7S6xNRnDw69HnwZReqZyUpSg/zcEZ1bAX2WSes9WLNPDTk25lqvPTgyT6eOfFTe6T7HvoTJ/XTlK3QhZG12zUT+g/Gd6/qz3H0eNYTqqF/BEWL5py0QP2es2S+qLjZw3YdmYJYYx3jWptsQ+2iUpRHx1PvJnIdQHx+oSsu7j2s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777768563; c=relaxed/simple; bh=B8lPhPkyBYn75j/w6V4mHVjbmAKvn0FEGtiJld/K6SA=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=G8GM6mU1GWCmKeliF2DAG3amNVS1/+Wj3moQYXBDfx+fSOwsyMJU3o2P2EZzaU3gTG5uvgjVBB5FH4SLJSmurG4fE+i6DETTaAtuNLNGOd2eRhrU780tHxHSuXGbDN2d4OUkMD3zMP1Hn813pk1deohLkqRdHESZXKVLpM6H2Jg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--irogers.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=GVYhx4Sm; arc=none smtp.client-ip=74.125.82.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--irogers.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="GVYhx4Sm" Received: by mail-dl1-f74.google.com with SMTP id a92af1059eb24-12dece274b1so4258135c88.1 for ; Sat, 02 May 2026 17:36:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1777768560; x=1778373360; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=/SLKmbcBWBxQ61L1rVy9BETcPORnn/ju3DpB5LsLCNU=; b=GVYhx4SmCkUahUyYkxySVLJW4tU5XiGoZQ+155l38fwY9CSlIA7Z5ey3UQG/RhkiVd l5O3yH9l/yaiOM8reTPnrRpDV5Tj3uLRGQePKHPIrtrdJtUVpeTKntNhC//yHn/BTutT S+4mPvgJj6FvjNsui1fZvwSs7R6F9+o8PSmhcA1CwLpsFMD9N0BUV8uw0CUs+dcGur+7 KFpDRAC0/MRaKNEd6+GLX4f3yZ94aawgpWwfnryKyAw0Rpu9wbnA0t0d6whFGsXsN/DJ uH1LUki1UyjgFKNFqMDvZriaCV6InSLALPIlDPz3595d15Dq9QyrEVVZYtpVrAp4tdld 10iQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777768560; x=1778373360; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=/SLKmbcBWBxQ61L1rVy9BETcPORnn/ju3DpB5LsLCNU=; b=PR23Hm3GRwU5VIitQeK6vAJ8ndyjFzHud+TGaaAOJ73WxO4CmzI+/XhzQu/IwqBSfw CDk2iGNGn+oOX5MKlW59Om1FB7lXRDm19u9Su4PkGu9DetdTJNepdq5e7C0SFxVGgYGC aHbk61skD8Iww4aItWLv85VbrKMdrNKeHByskFUb8Fto11beX9/Dy04uKFVrjbFIa0ot fASMHvw3VxpfUQGf4phViZ7InVDCFoIzMXkC9CArsCahCdgPcOIDSD19i4cugGDQT0RK P0Iuw13gT06gTHFReBO7ZU4bX7DRHYa5ACK8c8oBOu1ujHbOfjn/xJQUzw+iPpJvR/kS FO8w== X-Forwarded-Encrypted: i=1; AFNElJ9aKAXFInEPy/3RhFSLfIQqAtXTs3fBCHYIukkN1CflPIuWkgqaZM1SkviN+hz+EAGfgmaiv4kG2kVdcjE=@vger.kernel.org X-Gm-Message-State: AOJu0YytWYAda6fBjwwL5dBJSgvuDL0zQowfHy+C+zjoMqj9k3cFp5bz Q92eUr6BBUUvniLniXW3bGB4J8hMhw1t5Z7sHEyiYTRtOa8uvmJGUnpoS3LupX8Zh0ytHz9KUHj wvMCOoEvbjg== X-Received: from dlii2.prod.google.com ([2002:a05:7022:4182:b0:12a:7dc7:7b04]) (user=irogers job=prod-delivery.src-stubby-dispatcher) by 2002:a05:7022:6b81:b0:12d:ca31:f1b6 with SMTP id a92af1059eb24-12dfd7be0a3mr2120634c88.18.1777768560323; Sat, 02 May 2026 17:36:00 -0700 (PDT) Date: Sat, 2 May 2026 17:35:48 -0700 In-Reply-To: <20260503003552.1063540-1-irogers@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260503003552.1063540-1-irogers@google.com> X-Mailer: git-send-email 2.54.0.545.g6539524ca2-goog Message-ID: <20260503003552.1063540-3-irogers@google.com> Subject: [PATCH v3 2/6] perf dwarf-aux: Fix libdw API contract violations From: Ian Rogers To: Peter Zijlstra , Ingo Molnar , Arnaldo Carvalho de Melo , Namhyung Kim , Jiri Olsa , Adrian Hunter , James Clark , Zecheng Li , Masami Hiramatsu , linux-perf-users@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Ian Rogers Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Check return values of `dwarf_decl_line`, `dwarf_getfuncs`, and `dwarf_lineaddr` to prevent using uninitialized stack variables or incorrectly reporting success on failure. Fixes: 57f95bf5f882 ("perf probe: Show correct statement line number by per= f probe -l") Fixes: 3f4460a28fb2 ("perf probe: Filter out redundant inline-instances") Fixes: 75186a9b09e4 ("perf probe: Fix to show lines of sys_ functions corre= ctly") Fixes: e0d153c69040 ("perf-probe: Move dwarf library routines to dwarf-aux.= {c, h}") Fixes: 6243b9dc4c99 ("perf probe: Move dwarf specific functions to dwarf-au= x.c") Assisted-by: Gemini-CLI:Google Gemini 3 Signed-off-by: Ian Rogers --- tools/perf/util/dwarf-aux.c | 31 +++++++++++++++++++------------ 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/tools/perf/util/dwarf-aux.c b/tools/perf/util/dwarf-aux.c index 8e83cb2d565e..1168e69a9292 100644 --- a/tools/perf/util/dwarf-aux.c +++ b/tools/perf/util/dwarf-aux.c @@ -125,7 +125,8 @@ int cu_find_lineinfo(Dwarf_Die *cu_die, Dwarf_Addr addr, && die_entrypc(&die_mem, &faddr) =3D=3D 0 && faddr =3D=3D addr) { *fname =3D die_get_decl_file(&die_mem); - dwarf_decl_line(&die_mem, lineno); + if (dwarf_decl_line(&die_mem, lineno) !=3D 0) + return -ENOENT; goto out; } =20 @@ -796,8 +797,7 @@ static int __die_walk_instances_cb(Dwarf_Die *inst, voi= d *data) =20 /* Ignore redundant instances */ if (dwarf_tag(inst) =3D=3D DW_TAG_inlined_subroutine) { - dwarf_decl_line(origin, &tmp); - if (die_get_call_lineno(inst) =3D=3D tmp) { + if (dwarf_decl_line(origin, &tmp) =3D=3D 0 && die_get_call_lineno(inst) = =3D=3D tmp) { tmp =3D die_get_decl_fileno(origin); if (die_get_call_fileno(inst) =3D=3D tmp) return DIE_FIND_CB_CONTINUE; @@ -949,7 +949,11 @@ int die_walk_lines(Dwarf_Die *rt_die, line_walk_callba= ck_t callback, void *data) /* Get the CU die */ if (dwarf_tag(rt_die) !=3D DW_TAG_compile_unit) { cu_die =3D dwarf_diecu(rt_die, &die_mem, NULL, NULL); - dwarf_decl_line(rt_die, &decl); + if (dwarf_decl_line(rt_die, &decl) !=3D 0) { + pr_debug2("Failed to get the declared line number of %s\n", + dwarf_diename(rt_die)); + return -EINVAL; + } decf =3D die_get_decl_file(rt_die); if (!decf) { pr_debug2("Failed to get the declared file name of %s\n", @@ -1003,8 +1007,7 @@ int die_walk_lines(Dwarf_Die *rt_die, line_walk_callb= ack_t callback, void *data) die_get_call_lineno(&die_mem) =3D=3D lineno) goto found; =20 - dwarf_decl_line(&die_mem, &inl); - if (inl !=3D decl || + if (dwarf_decl_line(&die_mem, &inl) !=3D 0 || inl !=3D decl || decf !=3D die_get_decl_file(&die_mem)) continue; } @@ -1035,8 +1038,10 @@ int die_walk_lines(Dwarf_Die *rt_die, line_walk_call= back_t callback, void *data) .data =3D data, .retval =3D 0, }; - dwarf_getfuncs(cu_die, __die_walk_culines_cb, ¶m, 0); - ret =3D param.retval; + if (dwarf_getfuncs(cu_die, __die_walk_culines_cb, ¶m, 0) < 0) + ret =3D -EINVAL; + else + ret =3D param.retval; } =20 return ret; @@ -1940,10 +1945,12 @@ static bool die_get_postprologue_addr(unsigned long= entrypc_idx, break; } =20 - dwarf_lineaddr(line, postprologue_addr); - if (*postprologue_addr >=3D highpc) - dwarf_lineaddr(dwarf_onesrcline(lines, i - 1), - postprologue_addr); + if (dwarf_lineaddr(line, postprologue_addr) !=3D 0) + return false; + if (*postprologue_addr >=3D highpc) { + if (dwarf_lineaddr(dwarf_onesrcline(lines, i - 1), postprologue_addr) != =3D 0) + return false; + } =20 return true; } --=20 2.54.0.545.g6539524ca2-goog From nobody Sun Jun 14 06:06:24 2026 Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com [209.85.215.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 58C3E1F1932 for ; Sun, 3 May 2026 00:36:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777768566; cv=none; b=Mcqnm/jVx5f+jKmid4awWfwLneGXgb3PkYs91pjOJgkkCu57NoGz/4eT5ffGE5P+pIAh93Ev9kQ2JNwYe4ekRInL8Lv5byy/RHYfLaewDEAKreyt7Rzw63jLUu7Jb3wsWa5ACODdnBqPnclsKBIO0OtfCLUWghReC01uEFzKIPA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777768566; c=relaxed/simple; bh=bcwWM4oAyHctxhNnyNPL9T001VW9Tcv3kAMmr4OqRsE=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=tCYCezWSdUYLdktDqaDSlvy6gazgzqcwZq5J0HLFFu4U6qoz3L0bAnuOZkXfGvBS9QBOxkexKxCPt0CoTmPNqmkc2AhuCNStc1mJGlVP1DXc82hqK0q9hEWwAAIW4HKFiCi2Z8rK6QbldLrHrrrB4172+KWv+s0VuR3pnPSCe9s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--irogers.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=FqIRcv7W; arc=none smtp.client-ip=209.85.215.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--irogers.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="FqIRcv7W" Received: by mail-pg1-f202.google.com with SMTP id 41be03b00d2f7-c797d8c9c2dso3825990a12.2 for ; Sat, 02 May 2026 17:36:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1777768563; x=1778373363; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=YPd2uZcGUUWJNN1IIJhqH/dm1zq9pHxS4EWiNfzZKto=; b=FqIRcv7WIPWZycqhFFYuT1fMtC5whLTqkdIQOov++yIgNM1ru8r3T7+GD4j0xukD05 alYccCk2b77XMElBNrfeF05PP0yzLOsgCvZKXl4PN5I9zD6SszqX1W1p5XDQhfBB5xjX XrWbtVj5SlfkxBRA0fbQX4qend+eC140srrcN0ecFKbzqlFZfjpi9in53BUmm0O9h7jw JpAW9gi8YSOxZD2FplDB9QxD+YhnP3vG6MklLPRiB3PZfAVe9xZpnUFvVLTqzQkwLv+M qBgCdP6mJ1nyJjoIf89pYuKl23cmcxGBB4Xg4upZfrQndZmengc6fYR5w/B1JQZL5U9c Op/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777768563; x=1778373363; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=YPd2uZcGUUWJNN1IIJhqH/dm1zq9pHxS4EWiNfzZKto=; b=Oeuz/lq+1hfGimCmk8Gc9DSiBcBMPF3bgPaENASWkjnI8fZouyigPabSoC0LhdFjGW c7mWilIp4uw43fjmKUswm3ToF6wEmdL7cNrPcnJBgtKa6pl0EkZpKwppCmHJPILDHTkA GBs/bVWx/+aZ5UYkcMrk/XUGD46se/rHFT8r/sAEA4qOLN1o3O5d0xMLQAEjLkUOjfSS avVGW3yvSuFMVXhpKJfejJacfjeVz1JFzMyLeS7kzSinG6IYQOKsAJrwUxbmR8nVkdiL fji81FNsFvtOqJOnUkkSVakdNpeMw1LFwe2/SN0S05gabdIJYg+YUjg/NNBzfjiYPEbr 1tqg== X-Forwarded-Encrypted: i=1; AFNElJ+3vnO7rV3C42Dj0FXRkWxdTkANXk5AcljmeZEBvYQLHDCckNEmeT7YPv1bNF0eqWPngWnNcefuAf0Pmxg=@vger.kernel.org X-Gm-Message-State: AOJu0YzMOuKbLqGHGg6INuiJN5IvL/tw3Wm1Kbcf02VzfqUIVmLUIkuc XAZEj2J8DBidT2KskyvCqKezjvXInXdmz46Pop5Q0bofMVasaTjpx5ZP6y0HYrOCrHNna1mCOV1 wfZFYXDBpQw== X-Received: from pghp4.prod.google.com ([2002:a63:fe04:0:b0:c74:390e:55b3]) (user=irogers job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a20:158b:b0:398:4a1f:8a54 with SMTP id adf61e73a8af0-3a7f1c24b44mr4804121637.2.1777768562487; Sat, 02 May 2026 17:36:02 -0700 (PDT) Date: Sat, 2 May 2026 17:35:49 -0700 In-Reply-To: <20260503003552.1063540-1-irogers@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260503003552.1063540-1-irogers@google.com> X-Mailer: git-send-email 2.54.0.545.g6539524ca2-goog Message-ID: <20260503003552.1063540-4-irogers@google.com> Subject: [PATCH v3 3/6] perf libdw: Fix libdw API contract violations From: Ian Rogers To: Peter Zijlstra , Ingo Molnar , Arnaldo Carvalho de Melo , Namhyung Kim , Jiri Olsa , Adrian Hunter , James Clark , Zecheng Li , Masami Hiramatsu , linux-perf-users@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Ian Rogers Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Check return values of `dwfl_report_end` and `dwfl_module_addrdie`. Validate `dwarf_diename` result before passing to `new_inline_sym` (avoid potential `strdup(NULL)` crash) and check `die_get_call_lineno` for errors. Fixes: b7a2b011e962 ("perf powerpc: Unify the skip-callchain-idx libdw with= that for addr2line") Fixes: 88c51002d06f ("perf addr2line: Add a libdw implementation") Assisted-by: Gemini-CLI:Google Gemini 3 Signed-off-by: Ian Rogers --- tools/perf/util/libdw.c | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/tools/perf/util/libdw.c b/tools/perf/util/libdw.c index 216977884103..e37f3b22699d 100644 --- a/tools/perf/util/libdw.c +++ b/tools/perf/util/libdw.c @@ -60,7 +60,11 @@ struct Dwfl *dso__libdw_dwfl(struct dso *dso) return NULL; } =20 - dwfl_report_end(dwfl, /*removed=3D*/NULL, /*arg=3D*/NULL); + if (dwfl_report_end(dwfl, NULL, NULL) !=3D 0) { + dwfl_end(dwfl); + return NULL; + } + dso__set_libdw(dso, dwfl); =20 return dwfl; @@ -72,22 +76,27 @@ struct libdw_a2l_cb_args { struct inline_node *node; char *leaf_srcline; bool leaf_srcline_used; + int err; }; =20 static int libdw_a2l_cb(Dwarf_Die *die, void *_args) { struct libdw_a2l_cb_args *args =3D _args; - struct symbol *inline_sym =3D new_inline_sym(args->dso, args->sym, dwarf_= diename(die)); + const char *name =3D dwarf_diename(die); + struct symbol *inline_sym =3D new_inline_sym(args->dso, args->sym, name ?= : "unknown"); const char *call_fname =3D die_get_call_file(die); + int call_lineno =3D die_get_call_lineno(die); char *call_srcline =3D srcline__unknown; struct inline_list *ilist; =20 - if (!inline_sym) - return -ENOMEM; + if (!inline_sym) { + args->err =3D -ENOMEM; + return DWARF_CB_ABORT; + } =20 /* Assign caller information to the parent. */ - if (call_fname) - call_srcline =3D srcline_from_fileline(call_fname, die_get_call_lineno(d= ie)); + if (call_fname && call_lineno > 0) + call_srcline =3D srcline_from_fileline(call_fname, call_lineno); =20 list_for_each_entry(ilist, &args->node->val, list) { if (args->leaf_srcline =3D=3D ilist->srcline) @@ -163,7 +172,8 @@ int libdw__addr2line(u64 addr, char **file, unsigned in= t *line_nr, }; =20 /* Walk from the parent down to the leaf. */ - cu_walk_functions_at(cudie, addr, libdw_a2l_cb, &args); + if (cudie) + cu_walk_functions_at(cudie, addr, libdw_a2l_cb, &args); =20 if (!args.leaf_srcline_used) free(args.leaf_srcline); --=20 2.54.0.545.g6539524ca2-goog From nobody Sun Jun 14 06:06:24 2026 Received: from mail-dy1-f202.google.com (mail-dy1-f202.google.com [74.125.82.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 65DD51EA7DB for ; Sun, 3 May 2026 00:36:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777768568; cv=none; b=FvyftKOcABX4oTy7Z5wTOKpSh79vuV9vMrNhHJA+7rI3Fhf9iWmmd5aDT3qPr2PPfP3bJ16w/K/ZJhb3AfpIAHmp0WqDXe1ylrx/gXgPky8NMT3sBhprEinc3IiqUuw5oGEkOn7uAziMHUZ3SmKhS75GsBV2B5s8aThMpNxk54s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777768568; c=relaxed/simple; bh=o3pB6PDIQhOyfFxGHonM+bQw+A9rxf92ICetrnjBAhE=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=KriggNDNazmZ9twxXBJLw7VgQxbMgI6A9H9ktVXR41yg9PttPG6omuvY24RJXT+jQCK+EManPJVBtUgghmEzI0oEnrZSG0OCe5GBqhvzmE7COz/GEOs6+/CHv+hLZQFHL2lB0Z9499VlwmA9ZzdrxQko+ho6a1A5Gb510YRghgs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--irogers.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=B2pvAIn6; arc=none smtp.client-ip=74.125.82.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--irogers.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="B2pvAIn6" Received: by mail-dy1-f202.google.com with SMTP id 5a478bee46e88-2bda35eab74so2625597eec.0 for ; Sat, 02 May 2026 17:36:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1777768565; x=1778373365; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=uwNWY0ThrQQAxOv5nkaOloT61+s2PBWnuWqOepPBaLw=; b=B2pvAIn6COmGq5SpvTbZ2fg+asjK1PTzf5fUDV+QSMScgqPrkgrUj2N4Wl8VrDOwRf WlxlkIOC+M5zrwTL1ceRPw2w51Z93nlM+/7qBcdznS1dO0i6EQr5aM45Cq5YkJSA27Zz uQV6yKGTRCmZiRyH3/Qed5iwqRda8kMyhk4xKuLpF/XPMc9XxBmDRUE1Zc7FQsi+9E7J u8hVqpb5k9k2IEYOTvY4XAAWSxh80XE3ATvItLv/pO+X67JQ4E1RS7nXVl15Yg38s4LC HZtKb255l20mvw0gAyXsbEcxhBemZ3TB3TNgHBFFwtlrxuRg0fu9SfjBkWI0Xg8GLPy8 iDOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777768565; x=1778373365; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=uwNWY0ThrQQAxOv5nkaOloT61+s2PBWnuWqOepPBaLw=; b=DBs2UVzSQAkLJNxy9yP1pBUsxKS2Fz7nWHxp9/2is0nQV3fmd061xgu5FrwU9ljYGO PbqK65ozxDkIsdgQf4x45Za1UHruB7IVMogHx+20RmWo5CmKfm1kn9Ev5GiZsLLEfwhY NeCgAFpFpzhbDuO73yboxD9EahuX4BZaXzEMu3xLpqNnB2vwpyetUTN3RXsazaLrXMlB DiuwOo73y9NdTtrYmokPVB0HNI27xcaEB4rQE0M+7WIHs60x98ybri7crMFst5tIimV9 YaKHSpKEFbYZLqgMQD3HX4HzIzjZ7exB4jzTPrjvGMgIoGINPcUukgJI1XbFHxoIBW6Q NQ5Q== X-Forwarded-Encrypted: i=1; AFNElJ+RyaB+wWf+vdHOxYsnnIACtj65YVfd+8gheghicCnWaYe5KvMuPkBf9DR3cDBlAaqZR4CQjaJU18ftRuQ=@vger.kernel.org X-Gm-Message-State: AOJu0Yzc+hCm9vMvK+EsOtcFqSCRNd8GwLTDliEU6rlOzjOwwuW7SvXr rl1S8LIXMcWCCc3R2GkQliBriRyMMaGvvqIzEZgOKwSxwJWxQs6qyFnAz0yjIvkdmABb75KQMsQ /RVxUKg4Dqw== X-Received: from dlbsv4.prod.google.com ([2002:a05:7022:3a04:b0:12d:b86f:f7a6]) (user=irogers job=prod-delivery.src-stubby-dispatcher) by 2002:a05:7022:f102:b0:12c:6ec9:3f1 with SMTP id a92af1059eb24-12dece2f0c0mr4290294c88.21.1777768564362; Sat, 02 May 2026 17:36:04 -0700 (PDT) Date: Sat, 2 May 2026 17:35:50 -0700 In-Reply-To: <20260503003552.1063540-1-irogers@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260503003552.1063540-1-irogers@google.com> X-Mailer: git-send-email 2.54.0.545.g6539524ca2-goog Message-ID: <20260503003552.1063540-5-irogers@google.com> Subject: [PATCH v3 4/6] perf probe-finder: Fix libdw API contract violations From: Ian Rogers To: Peter Zijlstra , Ingo Molnar , Arnaldo Carvalho de Melo , Namhyung Kim , Jiri Olsa , Adrian Hunter , James Clark , Zecheng Li , Masami Hiramatsu , linux-perf-users@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Ian Rogers Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Check return values of `dwarf_formsdata`, `dwarf_entrypc`, `dwarf_highpc`, `dwarf_bytesize`, `dwarf_attr`, `dwarf_decl_line`, `dwarf_getfuncs`, and `dwarf_formref_die`. Validate `dwarf_diename` and `dwarf_diecu` results to prevent potential crashes. Fix C90 mixed declarations. Fixes: 66f69b219716 ("perf probe: Support DW_AT_const_value constant value") Fixes: 3d918a12a1b3 ("perf probe: Find fentry mcount fuzzed parameter locat= ion") Fixes: bcfc082150c6 ("perf probe: Remove redundant dwarf functions") Fixes: 221d061182b8 ("perf probe: Fix to search local variables in appropri= ate scope") Fixes: b55a87ade383 ("perf probe: Remove die() from probe-finder code") Fixes: 4c859351226c ("perf probe: Support glob wildcards for function name") Assisted-by: Gemini-CLI:Google Gemini 3 Signed-off-by: Ian Rogers --- tools/perf/util/probe-finder.c | 85 ++++++++++++++++++++++------------ 1 file changed, 56 insertions(+), 29 deletions(-) diff --git a/tools/perf/util/probe-finder.c b/tools/perf/util/probe-finder.c index 64328abeef8b..bdef340dfd55 100644 --- a/tools/perf/util/probe-finder.c +++ b/tools/perf/util/probe-finder.c @@ -93,7 +93,8 @@ static int convert_variable_location(Dwarf_Die *vr_die, D= warf_Addr addr, if (!tvar) return 0; =20 - dwarf_formsdata(&attr, &snum); + if (dwarf_formsdata(&attr, &snum) !=3D 0) + return -ENOENT; ret =3D asprintf(&tvar->value, "\\%ld", (long)snum); =20 return ret < 0 ? -ENOMEM : 0; @@ -103,8 +104,7 @@ static int convert_variable_location(Dwarf_Die *vr_die,= Dwarf_Addr addr, if (dwarf_attr(vr_die, DW_AT_location, &attr) =3D=3D NULL) return -EINVAL; /* Broken DIE ? */ if (dwarf_getlocation_addr(&attr, addr, &op, &nops, 1) <=3D 0) { - ret =3D dwarf_entrypc(sp_die, &tmp); - if (ret) + if (dwarf_entrypc(sp_die, &tmp) !=3D 0) return -ENOENT; =20 if (probe_conf.show_location_range && @@ -115,8 +115,7 @@ static int convert_variable_location(Dwarf_Die *vr_die,= Dwarf_Addr addr, return -ENOENT; } =20 - ret =3D dwarf_highpc(sp_die, &tmp); - if (ret) + if (dwarf_highpc(sp_die, &tmp) !=3D 0) return -ENOENT; /* * This is fuzzed by fentry mcount. We try to find the @@ -138,15 +137,21 @@ static int convert_variable_location(Dwarf_Die *vr_di= e, Dwarf_Addr addr, static_var: if (!tvar) return ret2; - /* Static variables on memory (not stack), make @varname */ - ret =3D strlen(dwarf_diename(vr_die)); - tvar->value =3D zalloc(ret + 2); - if (tvar->value =3D=3D NULL) - return -ENOMEM; - snprintf(tvar->value, ret + 2, "@%s", dwarf_diename(vr_die)); - tvar->ref =3D alloc_trace_arg_ref((long)offs); - if (tvar->ref =3D=3D NULL) - return -ENOMEM; + { + /* Static variables on memory (not stack), make @varname */ + const char *name =3D dwarf_diename(vr_die); + + if (!name) + return -ENOENT; + ret =3D strlen(name); + tvar->value =3D zalloc(ret + 2); + if (tvar->value =3D=3D NULL) + return -ENOMEM; + snprintf(tvar->value, ret + 2, "@%s", name); + tvar->ref =3D alloc_trace_arg_ref((long)offs); + if (tvar->ref =3D=3D NULL) + return -ENOMEM; + } return ret2; } =20 @@ -234,8 +239,8 @@ static int convert_variable_type(Dwarf_Die *vr_die, } =20 if (die_get_real_type(vr_die, &type) =3D=3D NULL) { - pr_warning("Failed to get a type information of %s.\n", - dwarf_diename(vr_die)); + const char *name =3D dwarf_diename(vr_die); + pr_warning("Failed to get a type information of %s.\n", name ? name : "<= unknown>"); return -ENOENT; } =20 @@ -291,7 +296,7 @@ static int convert_variable_type(Dwarf_Die *vr_die, probe_type_is_available(PROBE_TYPE_X) ? 'x' : 'u'; =20 ret =3D dwarf_bytesize(&type); - if (ret <=3D 0) + if (ret < 0) /* No size ... try to use default type */ return 0; ret =3D BYTES_TO_BITS(ret); @@ -357,7 +362,13 @@ static int convert_variable_fields(Dwarf_Die *vr_die, = const char *varname, else *ref_ptr =3D ref; } - ref->offset +=3D dwarf_bytesize(&type) * field->index; + { + int bsize =3D dwarf_bytesize(&type); + + if (bsize < 0) + return -EINVAL; + ref->offset +=3D bsize * field->index; + } ref->user_access =3D user_access; goto next; } else if (tag =3D=3D DW_TAG_pointer_type) { @@ -611,10 +622,16 @@ static int call_probe_finder(Dwarf_Die *sc_die, struc= t probe_finder *pf) memcpy(&pf->sp_die, sc_die, sizeof(Dwarf_Die)); =20 /* Get the frame base attribute/ops from subprogram */ - dwarf_attr(&pf->sp_die, DW_AT_frame_base, &fb_attr); - ret =3D dwarf_getlocation_addr(&fb_attr, pf->addr, &pf->fb_ops, &nops, 1); - if (ret <=3D 0 || nops =3D=3D 0) { + if (dwarf_attr(&pf->sp_die, DW_AT_frame_base, &fb_attr) =3D=3D NULL) { pf->fb_ops =3D NULL; + } else { + ret =3D dwarf_getlocation_addr(&fb_attr, pf->addr, &pf->fb_ops, &nops, 1= ); + if (ret <=3D 0 || nops =3D=3D 0) + pf->fb_ops =3D NULL; + } + + if (pf->fb_ops =3D=3D NULL) { + /* Not supported */ } else if (nops =3D=3D 1 && pf->fb_ops[0].atom =3D=3D DW_OP_call_frame_cf= a && (pf->cfi_eh !=3D NULL || pf->cfi_dbg !=3D NULL)) { if ((dwarf_cfi_addrframe(pf->cfi_eh, pf->addr, &frame) !=3D 0 && @@ -667,8 +684,8 @@ static int find_best_scope_cb(Dwarf_Die *fn_die, void *= data) } } else { /* With the line number, find the nearest declared DIE */ - dwarf_decl_line(fn_die, &lno); - if (lno < fsp->line && fsp->diff > fsp->line - lno) { + if (dwarf_decl_line(fn_die, &lno) =3D=3D 0 && lno < fsp->line && + fsp->diff > fsp->line - lno) { /* Keep a candidate and continue */ fsp->diff =3D fsp->line - lno; memcpy(fsp->die_mem, fn_die, sizeof(Dwarf_Die)); @@ -1018,7 +1035,8 @@ static int find_probe_point_by_func(struct probe_find= er *pf) { struct dwarf_callback_param _param =3D {.data =3D (void *)pf, .retval =3D 0}; - dwarf_getfuncs(&pf->cu_die, probe_point_search_cb, &_param, 0); + if (dwarf_getfuncs(&pf->cu_die, probe_point_search_cb, &_param, 0) < 0) + return -ENOENT; return _param.retval; } =20 @@ -1207,7 +1225,8 @@ static int copy_variables_cb(Dwarf_Die *die_mem, void= *data) * points to correct die. */ if (dwarf_attr(die_mem, DW_AT_abstract_origin, &attr)) { - dwarf_formref_die(&attr, &var_die); + if (dwarf_formref_die(&attr, &var_die) =3D=3D NULL) + goto out; if (pf->abstrace_dieoffset !=3D dwarf_dieoffset(&var_die)) goto out; } @@ -1270,6 +1289,8 @@ static int add_probe_trace_event(Dwarf_Die *sc_die, s= truct probe_finder *pf) struct probe_trace_event *tev; struct perf_probe_arg *args =3D NULL; int ret, i; + const char *realname; + Dwarf_Die cu_die_mem; =20 /* * For some reason (e.g. different column assigned to same address) @@ -1293,13 +1314,17 @@ static int add_probe_trace_event(Dwarf_Die *sc_die,= struct probe_finder *pf) if (ret < 0) goto end; =20 - tev->point.realname =3D strdup(dwarf_diename(sc_die)); + realname =3D dwarf_diename(sc_die); + tev->point.realname =3D strdup(realname ?: "unknown"); if (!tev->point.realname) { ret =3D -ENOMEM; goto end; } =20 - tev->lang =3D dwarf_srclang(dwarf_diecu(sc_die, &pf->cu_die, NULL, NULL)); + if (dwarf_diecu(sc_die, &cu_die_mem, NULL, NULL) !=3D NULL) + tev->lang =3D dwarf_srclang(&cu_die_mem); + else + tev->lang =3D DW_LANG_C; // Fallback =20 pr_debug("Probe point found: %s+%lu\n", tev->point.symbol, tev->point.offset); @@ -1794,7 +1819,8 @@ static int line_range_search_cb(Dwarf_Die *sp_die, vo= id *data) =20 if (die_match_name(sp_die, lr->function) && die_is_func_def(sp_die)) { lf->fname =3D die_get_decl_file(sp_die); - dwarf_decl_line(sp_die, &lr->offset); + if (dwarf_decl_line(sp_die, &lr->offset) !=3D 0) + return DWARF_CB_OK; // Skip if no line info pr_debug("fname: %s, lineno:%d\n", lf->fname, lr->offset); lf->lno_s =3D lr->offset + lr->start; if (lf->lno_s < 0) /* Overflow */ @@ -1818,7 +1844,8 @@ static int line_range_search_cb(Dwarf_Die *sp_die, vo= id *data) static int find_line_range_by_func(struct line_finder *lf) { struct dwarf_callback_param param =3D {.data =3D (void *)lf, .retval =3D = 0}; - dwarf_getfuncs(&lf->cu_die, line_range_search_cb, ¶m, 0); + if (dwarf_getfuncs(&lf->cu_die, line_range_search_cb, ¶m, 0) < 0) + return -ENOENT; return param.retval; } =20 --=20 2.54.0.545.g6539524ca2-goog From nobody Sun Jun 14 06:06:24 2026 Received: from mail-dl1-f74.google.com (mail-dl1-f74.google.com [74.125.82.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9E7A51EE7B7 for ; Sun, 3 May 2026 00:36:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777768568; cv=none; b=hhhSaxEr/Ee8iTrZ+MTWdrzY718QUbFuDaTDg/wdFobvoIHdk5t/laMnqu6ulGenn87431M3IXZGG9rUpa2wLoox3n3oJ5rWe6DYo62XwO4qr5zY1yMFNcdrfszu/axPnZfiz0E5AdcHYgZCCF0NhXggWlacQTnMl4RDic+Rqeg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777768568; c=relaxed/simple; bh=Qs82aQblWtjLLgeF3M5ilDmR1IJTXAu5AzapLrf9cY0=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=SIqENZ6m4r1AQLImo8acckxWRzLFSEUeperIJye2Z4SO0/FFlFC99OkNbLGzrjKXdo0eVtzYf9MUsWrqdghoEkt6BK1X3/pPvETZIIiTohh9mgmPZXF4XPZLZfQ9+W29UZ7cUNrYZYBmqScra1wBb2Z5Cr/F0D5EOuvHuk31hlk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--irogers.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=vGFviffI; arc=none smtp.client-ip=74.125.82.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--irogers.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="vGFviffI" Received: by mail-dl1-f74.google.com with SMTP id a92af1059eb24-1275c6fc58aso5970293c88.0 for ; Sat, 02 May 2026 17:36:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1777768567; x=1778373367; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Tt7TK3JC4x6/Ps79h7tGqZ56cFuxWDFNGGhg/Dvi8W4=; b=vGFviffIfqnN87BeAJz4mbfx8+gQJ5yf2hv22JAV8mYBD6pTdclGbY6jUOuZCJ+3lR Xr6kMUrzFyGXnPFbuyfHY1hrXIyGxpUX7Nnu2mm0xgupAZYaLY81vdsI2Qt67XZlPTe8 cG7vXCWjA4QIIzKKZ3LYR+zgwHJ7N8USJkanvG81LlCNkVD3B4b1iJ2V70AX/Nlurkss mTYLIPQrBfmzGNM87ckaDMD2+O+PUWacXm5iNJY/xkSKh7P6yaSREjnvytytOpI7F4hf TFWUmDmJ4HgVR1dmFNad++t3+rMLddOfS6T8WT7k630yf7LujR5DG6jyKtAkM/37iYM2 1HxA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777768567; x=1778373367; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Tt7TK3JC4x6/Ps79h7tGqZ56cFuxWDFNGGhg/Dvi8W4=; b=n43K0co5HBfLVjSA+YQL/HLkyq+ZdE6i4wsyFCftN/ahf6K8kfi3fBegdTuooPEi5q iC8iMsNI2pZA48iNxuuPPf9tmROdXQ0yCO0xaJ1uiqQb/Dfk6gRS67dd4Z3dg1WI7uS0 TY/eKomtpN5XJCU3QmzR29KwXMGIYweQL/RLIY/nEKOlJWVw6jq9jEfYdtDNuve1gp4/ JUITMo0qOLYhLIpNe8PQITJ2df9MLsdyY1jk6zqNyzTm/dFvt/64Dn7UpWIuUKM2cBhC lRpeiwcvOJtFAqGTiM2x+oXUwcSHL2CV/kJ61LUMpekoWQKoATl9dZCkGmhgyqj8gfm8 HKBw== X-Forwarded-Encrypted: i=1; AFNElJ8m6bi8u6eR0c2Endsj9woaTlsLsPMB1/laxuatBEss/67ZS0Ufcwdl/AsBkIkBoBj33Ob3+SE6C7YDgac=@vger.kernel.org X-Gm-Message-State: AOJu0Yy3eQxtoJgV8ecWBEfBJrH1iT5879GLuJTs0NfR27BkasZN7O/e JCvKx7mD0p98dv2C6fEFltQkAw9JFUfaqTdxojIYxbyXfoeMOWq5pDKW1vQbj8AUWqUO5lc7OV2 C0TEWnnDDmA== X-Received: from dlea17-n2.prod.google.com ([2002:a05:701b:4211:20b0:12d:b7d3:3e31]) (user=irogers job=prod-delivery.src-stubby-dispatcher) by 2002:a05:7022:2222:b0:11b:e21e:5653 with SMTP id a92af1059eb24-12dfd7c6388mr1746330c88.19.1777768566436; Sat, 02 May 2026 17:36:06 -0700 (PDT) Date: Sat, 2 May 2026 17:35:51 -0700 In-Reply-To: <20260503003552.1063540-1-irogers@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260503003552.1063540-1-irogers@google.com> X-Mailer: git-send-email 2.54.0.545.g6539524ca2-goog Message-ID: <20260503003552.1063540-6-irogers@google.com> Subject: [PATCH v3 5/6] perf annotate-data: Fix libdw API contract violations From: Ian Rogers To: Peter Zijlstra , Ingo Molnar , Arnaldo Carvalho de Melo , Namhyung Kim , Jiri Olsa , Adrian Hunter , James Clark , Zecheng Li , Masami Hiramatsu , linux-perf-users@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Ian Rogers Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Check return values of `dwarf_aggregate_size` and `dwarf_formudata`. Validate `dwarf_diename` before `strdup` to prevent potential crashes. Fixes: 2bc3cf575a16 ("perf annotate-data: Improve debug message with locati= on info") Fixes: 4a111cadac85 ("perf annotate-data: Add member field in the data type= ") Fixes: 8b1042c425f6 ("perf annotate-data: Set bitfield member offset and si= ze properly") Fixes: fc044c53b99f ("perf annotate-data: Add dso->data_types tree") Assisted-by: Gemini-CLI:Google Gemini 3 Signed-off-by: Ian Rogers --- tools/perf/util/annotate-data.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/tools/perf/util/annotate-data.c b/tools/perf/util/annotate-dat= a.c index 1eff0a27237d..e881a40a4885 100644 --- a/tools/perf/util/annotate-data.c +++ b/tools/perf/util/annotate-data.c @@ -74,7 +74,8 @@ void pr_debug_type_name(Dwarf_Die *die, enum type_state_k= ind kind) break; } =20 - dwarf_aggregate_size(die, &size); + if (dwarf_aggregate_size(die, &size) !=3D 0) + size =3D 0; =20 strbuf_init(&sb, 32); die_get_typename_from_type(die, &sb); @@ -250,9 +251,10 @@ static int __add_member_cb(Dwarf_Die *die, void *arg) if (dwarf_aggregate_size(&die_mem, &size) < 0) size =3D 0; =20 - if (dwarf_attr_integrate(die, DW_AT_data_member_location, &attr)) - dwarf_formudata(&attr, &loc); - else { + if (dwarf_attr_integrate(die, DW_AT_data_member_location, &attr)) { + if (dwarf_formudata(&attr, &loc) !=3D 0) + loc =3D 0; + } else { /* bitfield member */ if (dwarf_attr_integrate(die, DW_AT_data_bit_offset, &attr) && dwarf_formudata(&attr, &loc) =3D=3D 0) @@ -273,7 +275,9 @@ static int __add_member_cb(Dwarf_Die *die, void *arg) dwarf_diename(die), (long)bit_size) < 0) member->var_name =3D NULL; } else { - member->var_name =3D strdup(dwarf_diename(die)); + const char *name =3D dwarf_diename(die); + + member->var_name =3D strdup(name ?: "unknown"); } =20 if (member->var_name =3D=3D NULL) { @@ -370,7 +374,8 @@ static struct annotated_data_type *dso__findnew_data_ty= pe(struct dso *dso, if (dwarf_tag(type_die) =3D=3D DW_TAG_typedef) die_get_real_type(type_die, type_die); =20 - dwarf_aggregate_size(type_die, &size); + if (dwarf_aggregate_size(type_die, &size) !=3D 0) + size =3D 0; =20 /* Check existing nodes in dso->data_types tree */ key.self.type_name =3D type_name; --=20 2.54.0.545.g6539524ca2-goog From nobody Sun Jun 14 06:06:24 2026 Received: from mail-dl1-f74.google.com (mail-dl1-f74.google.com [74.125.82.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4ECB91A681B for ; Sun, 3 May 2026 00:36:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777768570; cv=none; b=sNmtHZ5FteOghOxE/VMz4N8DShQT7r4r0Q35AI/CYXYQFBKIMRUCsjLqwif3zZ+RWkHRIfOihwnEGtaGGzUomZRy4gu8RV0UOJbCsH5JsKKlvWRHepi2zdyhX3tOqJFkFUbNKTSFt7HB1csQJw1U4gpaZ7NQi36F1ydRD/5G9EA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777768570; c=relaxed/simple; bh=aejM4DU7JRkliTqft/Llsk1zUeLQIbJRjWsEykxh2ys=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=sL1WgJZOdH3cDqHemig4hNt+5QJ3eYu0+FQEW+dlr3tnDsBdbIjs7s49l8y+sphRpPtp9i4/b97eUSJQiCNwc1fxeqdP/hxDplYjYL/CI1mGVJwxejGdcxoghoCvUMxHWpg7qivmZq1xWBqd2tsuvXw9GCQUffe+02CZw/9Kj6k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--irogers.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=ikZbg2jP; arc=none smtp.client-ip=74.125.82.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--irogers.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="ikZbg2jP" Received: by mail-dl1-f74.google.com with SMTP id a92af1059eb24-126e8ee6227so4914099c88.0 for ; Sat, 02 May 2026 17:36:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1777768568; x=1778373368; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=cQmVm0Mk8S8yIw6NN5Lf29gNVzq8HKFVdhFBj2+c9Uw=; b=ikZbg2jPz4ColB+ubHRp7G4XwDH7MV9R/1EIIW0I31G9ec2zjnxyKmBI0IDEvxOjZ+ sbPXMnK8QqjcPdvjsAI/GDHIi4jFiRdJvtnoNko39DCodxAlXb+9t1uKxoCGq7TBUO7c hjRw9Ytf/nMVfZNW10D4IyO4a9vnFkNKWEjSs9gmeejuyShShxnUVAnh2U5pS/3le4DU lXKJForSUW3G5ycykMDrGRVzfl8UqJLkQbHx11LcwKnPNg3QSXPc8Ytc5LOMzY1Ik954 NxYWrBQqnPdLt2zTjdwv8lFKjco5eOVIRqlwRiLQHvVDFbt76HikD5Zb9kjyM2jBIcQH b/eg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777768568; x=1778373368; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=cQmVm0Mk8S8yIw6NN5Lf29gNVzq8HKFVdhFBj2+c9Uw=; b=peJ6kQ+aOzWAmHrpENJXVWz3re0H5XzGPhWZkOqiwE6f8he3Q9myYIW5fa/0tFFlNl X7kbHXI22UuFUSRvL4OFFAUPqGdWmRsfbS5+ZTcKU9MIp5ri5VXKm03OgTO6guEfPcg4 S1ZGFoUkkokW+MU/SE71oq2h1bUMyNe0zEicugIIlf7pqoviQOaFFl/hsOop666yU3sz w/XDICIHyF7z0WoT6/5WtC/zF3sppWnGjWc1KDcnXWlS1xSrwAFsHWtePAIRIFxec+SZ QcR2uQtq4bVUN59aoDFHtze0bgv+wiqZJ3+tdA3VQl2n1W3bjyAbIZHL659BBMWwBwW7 cOWw== X-Forwarded-Encrypted: i=1; AFNElJ9gmg11aoP1n06+eWMRUbp4FZpjkfNxfueXx23bdG7qi3EdDzgt7hb2Egiearp169wZgCE47/0KSpHKl5w=@vger.kernel.org X-Gm-Message-State: AOJu0YwzIHEGnFKT46BarBqtt6G8hvTGSrtu+PQNFVRdPH3NoHLKRkYW 2B1UcBEtblnmWEQoDCsLoPXUGg6NkK//9za34wSK9B+gI9sYPpTRuMAy+VzDhbfUBlLXIZF90/A BWtM4seXiUQ== X-Received: from dlbpt10.prod.google.com ([2002:a05:7022:e80a:b0:12d:bf5c:266]) (user=irogers job=prod-delivery.src-stubby-dispatcher) by 2002:a05:7022:69a9:b0:12d:c3fb:14ac with SMTP id a92af1059eb24-12dfd7fd8d4mr1828491c88.19.1777768568329; Sat, 02 May 2026 17:36:08 -0700 (PDT) Date: Sat, 2 May 2026 17:35:52 -0700 In-Reply-To: <20260503003552.1063540-1-irogers@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260503003552.1063540-1-irogers@google.com> X-Mailer: git-send-email 2.54.0.545.g6539524ca2-goog Message-ID: <20260503003552.1063540-7-irogers@google.com> Subject: [PATCH v3 6/6] perf debuginfo: Fix libdw API contract violations From: Ian Rogers To: Peter Zijlstra , Ingo Molnar , Arnaldo Carvalho de Melo , Namhyung Kim , Jiri Olsa , Adrian Hunter , James Clark , Zecheng Li , Masami Hiramatsu , linux-perf-users@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Ian Rogers Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Check return value of `dwfl_report_end` during offline initialization. Validate `dwfl_module_relocation_info` result before passing to `strcmp` to avoid potential segmentation faults. Fixes: 6f1b6291cf73 ("perf tools: Add util/debuginfo.[ch] files") Assisted-by: Gemini-CLI:Google Gemini 3 Signed-off-by: Ian Rogers --- tools/perf/util/debuginfo.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tools/perf/util/debuginfo.c b/tools/perf/util/debuginfo.c index 0e35c13abd04..49cb7f9b715d 100644 --- a/tools/perf/util/debuginfo.c +++ b/tools/perf/util/debuginfo.c @@ -62,7 +62,8 @@ static int debuginfo__init_offline_dwarf(struct debuginfo= *dbg, =20 dwfl_module_build_id(dbg->mod, &dbg->build_id, &dummy); =20 - dwfl_report_end(dbg->dwfl, NULL, NULL); + if (dwfl_report_end(dbg->dwfl, NULL, NULL) !=3D 0) + goto error; =20 return 0; error: @@ -167,7 +168,7 @@ int debuginfo__get_text_offset(struct debuginfo *dbg, D= warf_Addr *offs, /* Search the relocation related .text section */ for (i =3D 0; i < n; i++) { p =3D dwfl_module_relocation_info(dbg->mod, i, &shndx); - if (strcmp(p, ".text") =3D=3D 0) { + if (p && strcmp(p, ".text") =3D=3D 0) { /* OK, get the section header */ scn =3D elf_getscn(elf, shndx); if (!scn) --=20 2.54.0.545.g6539524ca2-goog