forked from Minki/linux
d5962fb7d6
In 'perf report', entering a recursive function from inside of itself
(either directly of indirectly through some other function) results in
calling symbol__annotate2 multiple() times, and freeing the whole
disassembly when exiting from the innermost instance.
The first issue causes the function's disassembly to be duplicated, and
the latter a heap use-after-free (and crash) when trying to access the
disassembly again.
I reproduced the bug on perf 5.11.22 (Ubuntu 20.04.3 LTS) and 5.16.rc8
with the following testcase (compile with gcc recursive.c -o recursive).
To reproduce:
- perf record ./recursive
- perf report
- enter fibonacci and annotate it
- move the cursor on one of the "callq fibonacci" instructions and press enter
- at this point there will be two copies of the function in the disassembly
- go back by pressing q, and perf will crash
#include <stdio.h>
int fibonacci(int n)
{
if(n <= 2) return 1;
return fibonacci(n-1) + fibonacci(n-2);
}
int main()
{
printf("%d\n", fibonacci(40));
}
This patch addresses the issue by annotating a function and freeing the
associated memory on exit only if no annotation is already present, so
that a recursive function is only annotated on entry.
Signed-off-by: Dario Petrillo <dario.pk1@gmail.com>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: stable@kernel.org
Link: http://lore.kernel.org/lkml/20220109234441.325106-1-dario.pk1@gmail.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
|
||
|---|---|---|
| .. | ||
| arch | ||
| bench | ||
| dlfilters | ||
| Documentation | ||
| examples/bpf | ||
| include | ||
| jvmti | ||
| pmu-events | ||
| python | ||
| scripts | ||
| tests | ||
| trace | ||
| ui | ||
| util | ||
| .gitignore | ||
| Build | ||
| builtin-annotate.c | ||
| builtin-bench.c | ||
| builtin-buildid-cache.c | ||
| builtin-buildid-list.c | ||
| builtin-c2c.c | ||
| builtin-config.c | ||
| builtin-daemon.c | ||
| builtin-data.c | ||
| builtin-diff.c | ||
| builtin-evlist.c | ||
| builtin-ftrace.c | ||
| builtin-help.c | ||
| builtin-inject.c | ||
| builtin-kallsyms.c | ||
| builtin-kmem.c | ||
| builtin-kvm.c | ||
| builtin-list.c | ||
| builtin-lock.c | ||
| builtin-mem.c | ||
| builtin-probe.c | ||
| builtin-record.c | ||
| builtin-report.c | ||
| builtin-sched.c | ||
| builtin-script.c | ||
| builtin-stat.c | ||
| builtin-timechart.c | ||
| builtin-top.c | ||
| builtin-trace.c | ||
| builtin-version.c | ||
| builtin.h | ||
| check-headers.sh | ||
| command-list.txt | ||
| CREDITS | ||
| design.txt | ||
| Makefile | ||
| Makefile.config | ||
| Makefile.perf | ||
| MANIFEST | ||
| perf-archive.sh | ||
| perf-completion.sh | ||
| perf-iostat.sh | ||
| perf-read-vdso.c | ||
| perf-sys.h | ||
| perf-with-kcore.sh | ||
| perf.c | ||
| perf.h | ||