Changbin Du 0dba9e4be9 perf top: Delete the evlist before perf_session, fixing heap-use-after-free issue ... The evlist should be destroyed before the perf session. Detected with gcc's ASan: ================================================================= ==27350==ERROR: AddressSanitizer: heap-use-after-free on address 0x62b000002e38 at pc 0x5611da276999 bp 0x7ffce8f1d1a0 sp 0x7ffce8f1d190 WRITE of size 8 at 0x62b000002e38 thread T0 #0 0x5611da276998 in __list_del /home/work/linux/tools/include/linux/list.h:89 #1 0x5611da276d4a in __list_del_entry /home/work/linux/tools/include/linux/list.h:102 #2 0x5611da276e77 in list_del_init /home/work/linux/tools/include/linux/list.h:145 #3 0x5611da2781cd in thread__put util/thread.c:130 #4 0x5611da2cc0a8 in __thread__zput util/thread.h:68 #5 0x5611da2d2dcb in hist_entry__delete util/hist.c:1148 #6 0x5611da2cdf91 in hists__delete_entry util/hist.c:337 #7 0x5611da2ce19e in hists__delete_entries util/hist.c:365 #8 0x5611da2db2ab in hists__delete_all_entries util/hist.c:2639 #9 0x5611da2db325 in hists_evsel__exit util/hist.c:2651 #10 0x5611da1c5352 in perf_evsel__exit util/evsel.c:1304 #11 0x5611da1c5390 in perf_evsel__delete util/evsel.c:1309 #12 0x5611da1b35f0 in perf_evlist__purge util/evlist.c:124 #13 0x5611da1b38e2 in perf_evlist__delete util/evlist.c:148 #14 0x5611da069781 in cmd_top /home/changbin/work/linux/tools/perf/builtin-top.c:1645 #15 0x5611da17d038 in run_builtin /home/changbin/work/linux/tools/perf/perf.c:302 #16 0x5611da17d577 in handle_internal_command /home/changbin/work/linux/tools/perf/perf.c:354 #17 0x5611da17d97b in run_argv /home/changbin/work/linux/tools/perf/perf.c:398 #18 0x5611da17e0e9 in main /home/changbin/work/linux/tools/perf/perf.c:520 #19 0x7fdcc970f09a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a) #20 0x5611d9ff35c9 in _start (/home/work/linux/tools/perf/perf+0x3e95c9) 0x62b000002e38 is located 11320 bytes inside of 27448-byte region [0x62b000000200,0x62b000006d38) freed by thread T0 here: #0 0x7fdccb04ab70 in free (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xedb70) #1 0x5611da260df4 in perf_session__delete util/session.c:201 #2 0x5611da063de5 in __cmd_top /home/changbin/work/linux/tools/perf/builtin-top.c:1300 #3 0x5611da06973c in cmd_top /home/changbin/work/linux/tools/perf/builtin-top.c:1642 #4 0x5611da17d038 in run_builtin /home/changbin/work/linux/tools/perf/perf.c:302 #5 0x5611da17d577 in handle_internal_command /home/changbin/work/linux/tools/perf/perf.c:354 #6 0x5611da17d97b in run_argv /home/changbin/work/linux/tools/perf/perf.c:398 #7 0x5611da17e0e9 in main /home/changbin/work/linux/tools/perf/perf.c:520 #8 0x7fdcc970f09a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a) previously allocated by thread T0 here: #0 0x7fdccb04b138 in calloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xee138) #1 0x5611da26010c in zalloc util/util.h:23 #2 0x5611da260824 in perf_session__new util/session.c:118 #3 0x5611da0633a6 in __cmd_top /home/changbin/work/linux/tools/perf/builtin-top.c:1192 #4 0x5611da06973c in cmd_top /home/changbin/work/linux/tools/perf/builtin-top.c:1642 #5 0x5611da17d038 in run_builtin /home/changbin/work/linux/tools/perf/perf.c:302 #6 0x5611da17d577 in handle_internal_command /home/changbin/work/linux/tools/perf/perf.c:354 #7 0x5611da17d97b in run_argv /home/changbin/work/linux/tools/perf/perf.c:398 #8 0x5611da17e0e9 in main /home/changbin/work/linux/tools/perf/perf.c:520 #9 0x7fdcc970f09a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a) SUMMARY: AddressSanitizer: heap-use-after-free /home/work/linux/tools/include/linux/list.h:89 in __list_del Shadow bytes around the buggy address: 0x0c567fff8570: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c567fff8580: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c567fff8590: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c567fff85a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c567fff85b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x0c567fff85c0: fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd 0x0c567fff85d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c567fff85e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c567fff85f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c567fff8600: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c567fff8610: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==27350==ABORTING Signed-off-by: Changbin Du <changbin.du@gmail.com> Reviewed-by: Jiri Olsa <jolsa@kernel.org> Cc: Alexei Starovoitov <ast@kernel.org> Cc: Daniel Borkmann <daniel@iogearbox.net> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Steven Rostedt (VMware) <rostedt@goodmis.org> Link: http://lkml.kernel.org/r/20190316080556.3075-8-changbin.du@gmail.com Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>		2019-03-19 16:52:04 -03:00
..
arch	perf tools: Update x86's syscall_64.tbl, no change in tools/perf behaviour	2019-03-11 16:13:04 -03:00
bench	perf tools: Fix errors under optimization level '-Og'	2019-03-19 16:52:04 -03:00
Documentation	perf config: Fix an error in the config template documentation	2019-03-19 16:52:04 -03:00
examples/bpf	perf augmented_syscalls: Convert to bpf_map()	2019-01-25 15:12:11 +01:00
include/bpf	perf bpf: Automatically add BTF ELF markers	2019-03-06 09:45:37 -03:00
jvmti	perf jvmti: Separate jvmti cmlr check	2018-11-21 22:39:58 -03:00
pmu-events	perf vendor events: Remove P8 HW events which are not supported	2019-03-19 16:52:03 -03:00
python	perf python: Make twatch.py work with both python2 and python3	2018-02-19 12:28:08 -03:00
scripts	perf script python: Add printdate function to SQL exporters	2019-03-11 16:13:02 -03:00
tests	perf tools: Fix errors under optimization level '-Og'	2019-03-19 16:52:04 -03:00
trace	perf beauty msg_flags: Add missing %s lost when adding prefix suppression logic	2019-03-01 15:45:35 -03:00
ui	perf tools report: Add custom scripts to script menu	2019-03-11 16:33:20 -03:00
util	perf build-id: Fix memory leak in print_sdt_events()	2019-03-19 16:52:04 -03:00
.gitignore	perf tools: Add trace/beauty/generated/ into .gitignore	2018-02-05 13:58:02 -03:00
Build	perf tools: Rename build libperf to perf	2019-02-14 15:18:08 -03:00
builtin-annotate.c	perf data: Add global path holder	2019-02-22 16:52:07 -03:00
builtin-bench.c	perf bench: Add epoll_ctl(2) benchmark	2018-11-21 22:39:55 -03:00
builtin-buildid-cache.c	perf data: Add global path holder	2019-02-22 16:52:07 -03:00
builtin-buildid-list.c	perf data: Add global path holder	2019-02-22 16:52:07 -03:00
builtin-c2c.c	perf c2c: Fix c2c report for empty numa node	2019-03-06 18:15:24 -03:00
builtin-config.c	perf config: Show the configuration when no arguments are provided	2018-12-18 12:24:00 -03:00
builtin-data.c
builtin-diff.c	perf diff: Support --pid/--tid filter options	2019-03-06 18:06:16 -03:00
builtin-evlist.c	perf data: Add global path holder	2019-02-22 16:52:07 -03:00
builtin-ftrace.c	perf ftrace: Append an EOL when write tracing files	2018-02-19 09:49:12 -03:00
builtin-help.c	perf help: Remove needless use of strncpy()	2018-12-17 14:59:18 -03:00
builtin-inject.c	perf data: Add global path holder	2019-02-22 16:52:07 -03:00
builtin-kallsyms.c	pref tools: Add missing map.h includes	2019-02-06 10:00:38 -03:00
builtin-kmem.c	perf data: Add global path holder	2019-02-22 16:52:07 -03:00
builtin-kvm.c	perf data: Add global path holder	2019-02-22 16:52:07 -03:00
builtin-list.c	perf list: Filter metrics too	2019-03-19 11:56:19 -03:00
builtin-lock.c	perf data: Add global path holder	2019-02-22 16:52:07 -03:00
builtin-mem.c	perf data: Add global path holder	2019-02-22 16:52:07 -03:00
builtin-probe.c	perf namespaces: Remove namespaces.h from .h headers	2019-01-25 15:12:09 +01:00
builtin-record.c	perf record: Clarify help for --switch-output	2019-03-19 16:15:42 -03:00
builtin-report.c	perf report: Show all sort keys in help output	2019-03-19 16:15:42 -03:00
builtin-sched.c	perf data: Add global path holder	2019-02-22 16:52:07 -03:00
builtin-script.c	perf script: Support relative time	2019-03-19 16:52:03 -03:00
builtin-stat.c	perf stat: Fix --no-scale	2019-03-19 16:52:03 -03:00
builtin-timechart.c	perf data: Add global path holder	2019-02-22 16:52:07 -03:00
builtin-top.c	perf top: Delete the evlist before perf_session, fixing heap-use-after-free issue	2019-03-19 16:52:04 -03:00
builtin-trace.c	perf data: Add global path holder	2019-02-22 16:52:07 -03:00
builtin-version.c	perf version: Print status for syscall_table	2018-04-12 10:33:34 -03:00
builtin.h	perf script: Add array bound checking to list_scripts	2019-03-11 16:33:19 -03:00
check-headers.sh	tools headers powerpc: Remove unistd.h	2019-01-10 10:42:08 -03:00
command-list.txt	perf help: Add missing subcommand version	2018-09-19 14:53:36 -03:00
CREDITS
design.txt	perf/doc: Update design.txt for exclude_{host|guest} flags	2019-01-21 11:01:18 +01:00
Makefile	perf tools: Disable parallelism for 'make clean'	2018-08-20 08:54:58 -03:00
Makefile.config	perf build: Add missing FEATURE_CHECK_LDFLAGS-libcrypto	2019-02-14 15:18:05 -03:00
Makefile.perf	perf tools: Rename LIB_FILE to LIBPERF_A	2019-02-14 15:18:08 -03:00
MANIFEST
perf-archive.sh
perf-completion.sh
perf-read-vdso.c	perf tools: Make find_vdso_map() more modular	2019-01-08 13:28:13 -03:00
perf-sys.h	Drop a bunch of metag references	2018-02-23 14:29:59 +00:00
perf-with-kcore.sh
perf.c	perf tools: Remove dead quote.[ch] code	2018-06-04 10:28:50 -03:00
perf.h	perf record: Allocate affinity masks	2019-02-06 10:00:39 -03:00