+++ /dev/null
-From 3c09cf395c1a70a32840b9a049402e0c726f0f90 Mon Sep 17 00:00:00 2001
-From: Jiri Olsa <jolsa@kernel.org>
-Date: Fri, 8 Mar 2019 14:47:36 +0100
-Subject: perf data: Don't store auxtrace index for directory data file
-
-[ Upstream commit cd3dd8dd8ff62374d90cb3f2e54b8c94106c7810 ]
-
-We can't store the auxtrace index when we store into multiple files,
-because we keep only offset for it, not the file.
-
-The auxtrace data will be processed correctly in the 'pipe' mode.
-
-Signed-off-by: Jiri Olsa <jolsa@kernel.org>
-Cc: Adrian Hunter <adrian.hunter@intel.com>
-Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
-Cc: Alexey Budankov <alexey.budankov@linux.intel.com>
-Cc: Andi Kleen <ak@linux.intel.com>
-Cc: Namhyung Kim <namhyung@kernel.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Stephane Eranian <eranian@google.com>
-Link: http://lkml.kernel.org/r/20190308134745.5057-3-jolsa@kernel.org
-Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- tools/perf/builtin-record.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tools/perf/builtin-record.c b/tools/perf/builtin-record.c
-index 22ebeb92ac51..f5b438486a64 100644
---- a/tools/perf/builtin-record.c
-+++ b/tools/perf/builtin-record.c
-@@ -178,7 +178,7 @@ static int record__process_auxtrace(struct perf_tool *tool,
- size_t padding;
- u8 pad[8] = {0};
-
-- if (!perf_data__is_pipe(data)) {
-+ if (!perf_data__is_pipe(data) && !perf_data__is_dir(data)) {
- off_t file_offset;
- int fd = perf_data__fd(data);
- int err;
---
-2.19.1
-
--- /dev/null
+From 2992eaf89c2bbe2187a28485bc3160939ce17046 Mon Sep 17 00:00:00 2001
+From: YueHaibing <yuehaibing@huawei.com>
+Date: Fri, 5 Apr 2019 10:14:58 +0800
+Subject: paride/pcd: Fix potential NULL pointer dereference and mem leak
+
+[ Upstream commit f0d1762554014ce0ae347b9f0d088f2c157c8c72 ]
+
+Syzkaller report this:
+
+pcd: pcd version 1.07, major 46, nice 0
+pcd0: Autoprobe failed
+pcd: No CD-ROM drive found
+kasan: CONFIG_KASAN_INLINE enabled
+kasan: GPF could be caused by NULL-ptr deref or user memory access
+general protection fault: 0000 [#1] SMP KASAN PTI
+CPU: 1 PID: 4525 Comm: syz-executor.0 Not tainted 5.1.0-rc3+ #8
+Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
+RIP: 0010:pcd_init+0x95c/0x1000 [pcd]
+Code: c4 ab f7 48 89 d8 48 c1 e8 03 80 3c 28 00 74 08 48 89 df e8 56 a3 da f7 4c 8b 23 49 8d bc 24 80 05 00 00 48 89 f8 48 c1 e8 03 <80> 3c 28 00 74 05 e8 39 a3 da f7 49 8b bc 24 80 05 00 00 e8 cc b2
+RSP: 0018:ffff8881e84df880 EFLAGS: 00010202
+RAX: 00000000000000b0 RBX: ffffffffc155a088 RCX: ffffffffc1508935
+RDX: 0000000000040000 RSI: ffffc900014f0000 RDI: 0000000000000580
+RBP: dffffc0000000000 R08: ffffed103ee658b8 R09: ffffed103ee658b8
+R10: 0000000000000001 R11: ffffed103ee658b7 R12: 0000000000000000
+R13: ffffffffc155a778 R14: ffffffffc155a4a8 R15: 0000000000000003
+FS: 00007fe71bee3700(0000) GS:ffff8881f7300000(0000) knlGS:0000000000000000
+CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 000055a7334441a8 CR3: 00000001e9674003 CR4: 00000000007606e0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+PKRU: 55555554
+Call Trace:
+ ? 0xffffffffc1508000
+ ? 0xffffffffc1508000
+ do_one_initcall+0xbc/0x47d init/main.c:901
+ do_init_module+0x1b5/0x547 kernel/module.c:3456
+ load_module+0x6405/0x8c10 kernel/module.c:3804
+ __do_sys_finit_module+0x162/0x190 kernel/module.c:3898
+ do_syscall_64+0x9f/0x450 arch/x86/entry/common.c:290
+ entry_SYSCALL_64_after_hwframe+0x49/0xbe
+RIP: 0033:0x462e99
+Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
+RSP: 002b:00007fe71bee2c58 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
+RAX: ffffffffffffffda RBX: 000000000073bf00 RCX: 0000000000462e99
+RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003
+RBP: 00007fe71bee2c70 R08: 0000000000000000 R09: 0000000000000000
+R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe71bee36bc
+R13: 00000000004bcefa R14: 00000000006f6fb0 R15: 0000000000000004
+Modules linked in: pcd(+) paride solos_pci atm ts_fsm rtc_mt6397 mac80211 nhc_mobility nhc_udp nhc_ipv6 nhc_hop nhc_dest nhc_fragment nhc_routing 6lowpan rtc_cros_ec memconsole intel_xhci_usb_role_switch roles rtc_wm8350 usbcore industrialio_triggered_buffer kfifo_buf industrialio asc7621 dm_era dm_persistent_data dm_bufio dm_mod tpm gnss_ubx gnss_serial serdev gnss max2165 cpufreq_dt hid_penmount hid menf21bmc_wdt rc_core n_tracesink ide_gd_mod cdns_csi2tx v4l2_fwnode videodev media pinctrl_lewisburg pinctrl_intel iptable_security iptable_raw iptable_mangle iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 iptable_filter bpfilter ip6_vti ip_vti ip_gre ipip sit tunnel4 ip_tunnel hsr veth netdevsim vxcan batman_adv cfg80211 rfkill chnl_net caif nlmon dummy team bonding vcan bridge stp llc ip6_gre gre ip6_tunnel tunnel6 tun joydev mousedev ppdev kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel aesni_intel aes_x86_64 crypto_simd
+ ide_pci_generic piix input_leds cryptd glue_helper psmouse ide_core intel_agp serio_raw intel_gtt ata_generic i2c_piix4 agpgart pata_acpi parport_pc parport floppy rtc_cmos sch_fq_codel ip_tables x_tables sha1_ssse3 sha1_generic ipv6 [last unloaded: bmc150_magn]
+Dumping ftrace buffer:
+ (ftrace buffer empty)
+---[ end trace d873691c3cd69f56 ]---
+
+If alloc_disk fails in pcd_init_units, cd->disk will be
+NULL, however in pcd_detect and pcd_exit, it's not check
+this before free.It may result a NULL pointer dereference.
+
+Also when register_blkdev failed, blk_cleanup_queue() and
+blk_mq_free_tag_set() should be called to free resources.
+
+Reported-by: Hulk Robot <hulkci@huawei.com>
+Fixes: 81b74ac68c28 ("paride/pcd: cleanup queues when detection fails")
+Signed-off-by: YueHaibing <yuehaibing@huawei.com>
+
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/block/paride/pcd.c | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/block/paride/pcd.c b/drivers/block/paride/pcd.c
+index 377a694dc228..6d415b20fb70 100644
+--- a/drivers/block/paride/pcd.c
++++ b/drivers/block/paride/pcd.c
+@@ -314,6 +314,7 @@ static void pcd_init_units(void)
+ disk->queue = blk_mq_init_sq_queue(&cd->tag_set, &pcd_mq_ops,
+ 1, BLK_MQ_F_SHOULD_MERGE);
+ if (IS_ERR(disk->queue)) {
++ put_disk(disk);
+ disk->queue = NULL;
+ continue;
+ }
+@@ -750,6 +751,8 @@ static int pcd_detect(void)
+
+ printk("%s: No CD-ROM drive found\n", name);
+ for (unit = 0, cd = pcd; unit < PCD_UNITS; unit++, cd++) {
++ if (!cd->disk)
++ continue;
+ blk_cleanup_queue(cd->disk->queue);
+ cd->disk->queue = NULL;
+ blk_mq_free_tag_set(&cd->tag_set);
+@@ -1010,8 +1013,14 @@ static int __init pcd_init(void)
+ pcd_probe_capabilities();
+
+ if (register_blkdev(major, name)) {
+- for (unit = 0, cd = pcd; unit < PCD_UNITS; unit++, cd++)
++ for (unit = 0, cd = pcd; unit < PCD_UNITS; unit++, cd++) {
++ if (!cd->disk)
++ continue;
++
++ blk_cleanup_queue(cd->disk->queue);
++ blk_mq_free_tag_set(&cd->tag_set);
+ put_disk(cd->disk);
++ }
+ return -EBUSY;
+ }
+
+@@ -1032,6 +1041,9 @@ static void __exit pcd_exit(void)
+ int unit;
+
+ for (unit = 0, cd = pcd; unit < PCD_UNITS; unit++, cd++) {
++ if (!cd->disk)
++ continue;
++
+ if (cd->present) {
+ del_gendisk(cd->disk);
+ pi_release(cd->pi);
+--
+2.19.1
+
--- /dev/null
+From f82fde9f7120dd528a33b3ca5137336ff18c8ce7 Mon Sep 17 00:00:00 2001
+From: YueHaibing <yuehaibing@huawei.com>
+Date: Wed, 3 Apr 2019 11:37:07 +0800
+Subject: paride/pf: Fix potential NULL pointer dereference
+
+[ Upstream commit 58ccd2d31e502c37e108b285bf3d343eb00c235b ]
+
+Syzkaller report this:
+
+pf: pf version 1.04, major 47, cluster 64, nice 0
+pf: No ATAPI disk detected
+kasan: CONFIG_KASAN_INLINE enabled
+kasan: GPF could be caused by NULL-ptr deref or user memory access
+general protection fault: 0000 [#1] SMP KASAN PTI
+CPU: 0 PID: 9887 Comm: syz-executor.0 Tainted: G C 5.1.0-rc3+ #8
+Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
+RIP: 0010:pf_init+0x7af/0x1000 [pf]
+Code: 46 77 d2 48 89 d8 48 c1 e8 03 80 3c 28 00 74 08 48 89 df e8 03 25 a6 d2 4c 8b 23 49 8d bc 24 80 05 00 00 48 89 f8 48 c1 e8 03 <80> 3c 28 00 74 05 e8 e6 24 a6 d2 49 8b bc 24 80 05 00 00 e8 79 34
+RSP: 0018:ffff8881abcbf998 EFLAGS: 00010202
+RAX: 00000000000000b0 RBX: ffffffffc1e4a8a8 RCX: ffffffffaec50788
+RDX: 0000000000039b10 RSI: ffffc9000153c000 RDI: 0000000000000580
+RBP: dffffc0000000000 R08: ffffed103ee44e59 R09: ffffed103ee44e59
+R10: 0000000000000001 R11: ffffed103ee44e58 R12: 0000000000000000
+R13: ffffffffc1e4b028 R14: 0000000000000000 R15: 0000000000000020
+FS: 00007f1b78a91700(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000
+CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 00007f6d72b207f8 CR3: 00000001d5790004 CR4: 00000000007606f0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+PKRU: 55555554
+Call Trace:
+ ? 0xffffffffc1e50000
+ do_one_initcall+0xbc/0x47d init/main.c:901
+ do_init_module+0x1b5/0x547 kernel/module.c:3456
+ load_module+0x6405/0x8c10 kernel/module.c:3804
+ __do_sys_finit_module+0x162/0x190 kernel/module.c:3898
+ do_syscall_64+0x9f/0x450 arch/x86/entry/common.c:290
+ entry_SYSCALL_64_after_hwframe+0x49/0xbe
+RIP: 0033:0x462e99
+Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
+RSP: 002b:00007f1b78a90c58 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
+RAX: ffffffffffffffda RBX: 000000000073bf00 RCX: 0000000000462e99
+RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003
+RBP: 00007f1b78a90c70 R08: 0000000000000000 R09: 0000000000000000
+R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1b78a916bc
+R13: 00000000004bcefa R14: 00000000006f6fb0 R15: 0000000000000004
+Modules linked in: pf(+) paride gpio_tps65218 tps65218 i2c_cht_wc ati_remote dc395x act_meta_skbtcindex act_ife ife ecdh_generic rc_xbox_dvd sky81452_regulator v4l2_fwnode leds_blinkm snd_usb_hiface comedi(C) aes_ti slhc cfi_cmdset_0020 mtd cfi_util sx8654 mdio_gpio of_mdio fixed_phy mdio_bitbang libphy alcor_pci matrix_keymap hid_uclogic usbhid scsi_transport_fc videobuf2_v4l2 videobuf2_dma_sg snd_soc_pcm179x_spi snd_soc_pcm179x_codec i2c_demux_pinctrl mdev snd_indigodj isl6405 mii enc28j60 cmac adt7316_i2c(C) adt7316(C) fmc_trivial fmc nf_reject_ipv4 authenc rc_dtt200u rtc_ds1672 dvb_usb_dibusb_mc dvb_usb_dibusb_mc_common dib3000mc dibx000_common dvb_usb_dibusb_common dvb_usb dvb_core videobuf2_common videobuf2_vmalloc videobuf2_memops regulator_haptic adf7242 mac802154 ieee802154 s5h1409 da9034_ts snd_intel8x0m wmi cx24120 usbcore sdhci_cadence sdhci_pltfm sdhci mmc_core joydev i2c_algo_bit scsi_transport_iscsi iscsi_boot_sysfs ves1820 lockd grace nfs_acl auth_rpcgss sunrp
+ c
+ ip_vs snd_soc_adau7002 snd_cs4281 snd_rawmidi gameport snd_opl3_lib snd_seq_device snd_hwdep snd_ac97_codec ad7418 hid_primax hid snd_soc_cs4265 snd_soc_core snd_pcm_dmaengine snd_pcm snd_timer ac97_bus snd_compress snd soundcore ti_adc108s102 eeprom_93cx6 i2c_algo_pca mlxreg_hotplug st_pressure st_sensors industrialio_triggered_buffer kfifo_buf industrialio v4l2_common videodev media snd_soc_adau_utils rc_pinnacle_grey rc_core pps_gpio leds_lm3692x nandcore ledtrig_pattern iptable_security iptable_raw iptable_mangle iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 iptable_filter bpfilter ip6_vti ip_vti ip_gre ipip sit tunnel4 ip_tunnel hsr veth netdevsim vxcan batman_adv cfg80211 rfkill chnl_net caif nlmon dummy team bonding vcan bridge stp llc ip6_gre gre ip6_tunnel tunnel6 tun mousedev ppdev tpm kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel aesni_intel ide_pci_generic aes_x86_64 piix crypto_simd input_leds psmouse cryp
+ td
+ glue_helper ide_core intel_agp serio_raw intel_gtt agpgart ata_generic i2c_piix4 pata_acpi parport_pc parport rtc_cmos floppy sch_fq_codel ip_tables x_tables sha1_ssse3 sha1_generic ipv6 [last unloaded: paride]
+Dumping ftrace buffer:
+ (ftrace buffer empty)
+---[ end trace 7a818cf5f210d79e ]---
+
+If alloc_disk fails in pf_init_units, pf->disk will be
+NULL, however in pf_detect and pf_exit, it's not check
+this before free.It may result a NULL pointer dereference.
+
+Also when register_blkdev failed, blk_cleanup_queue() and
+blk_mq_free_tag_set() should be called to free resources.
+
+Reported-by: Hulk Robot <hulkci@huawei.com>
+Fixes: 6ce59025f118 ("paride/pf: cleanup queues when detection fails")
+Signed-off-by: YueHaibing <yuehaibing@huawei.com>
+
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/block/paride/pf.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/block/paride/pf.c b/drivers/block/paride/pf.c
+index 103b617cdc31..35e6e271b219 100644
+--- a/drivers/block/paride/pf.c
++++ b/drivers/block/paride/pf.c
+@@ -762,6 +762,8 @@ static int pf_detect(void)
+
+ printk("%s: No ATAPI disk detected\n", name);
+ for (pf = units, unit = 0; unit < PF_UNITS; pf++, unit++) {
++ if (!pf->disk)
++ continue;
+ blk_cleanup_queue(pf->disk->queue);
+ pf->disk->queue = NULL;
+ blk_mq_free_tag_set(&pf->tag_set);
+@@ -1029,8 +1031,13 @@ static int __init pf_init(void)
+ pf_busy = 0;
+
+ if (register_blkdev(major, name)) {
+- for (pf = units, unit = 0; unit < PF_UNITS; pf++, unit++)
++ for (pf = units, unit = 0; unit < PF_UNITS; pf++, unit++) {
++ if (!pf->disk)
++ continue;
++ blk_cleanup_queue(pf->disk->queue);
++ blk_mq_free_tag_set(&pf->tag_set);
+ put_disk(pf->disk);
++ }
+ return -EBUSY;
+ }
+
+@@ -1051,6 +1058,9 @@ static void __exit pf_exit(void)
+ int unit;
+ unregister_blkdev(major, name);
+ for (pf = units, unit = 0; unit < PF_UNITS; pf++, unit++) {
++ if (!pf->disk)
++ continue;
++
+ if (pf->present)
+ del_gendisk(pf->disk);
+
+--
+2.19.1
+
+++ /dev/null
-From 87892f50188c79b2118388e3dbf7255f09046548 Mon Sep 17 00:00:00 2001
-From: Jiri Olsa <jolsa@kernel.org>
-Date: Fri, 8 Mar 2019 14:47:36 +0100
-Subject: perf data: Don't store auxtrace index for directory data file
-
-[ Upstream commit cd3dd8dd8ff62374d90cb3f2e54b8c94106c7810 ]
-
-We can't store the auxtrace index when we store into multiple files,
-because we keep only offset for it, not the file.
-
-The auxtrace data will be processed correctly in the 'pipe' mode.
-
-Signed-off-by: Jiri Olsa <jolsa@kernel.org>
-Cc: Adrian Hunter <adrian.hunter@intel.com>
-Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
-Cc: Alexey Budankov <alexey.budankov@linux.intel.com>
-Cc: Andi Kleen <ak@linux.intel.com>
-Cc: Namhyung Kim <namhyung@kernel.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Stephane Eranian <eranian@google.com>
-Link: http://lkml.kernel.org/r/20190308134745.5057-3-jolsa@kernel.org
-Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- tools/perf/builtin-record.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tools/perf/builtin-record.c b/tools/perf/builtin-record.c
-index 882285fb9f64..3fd154f1701b 100644
---- a/tools/perf/builtin-record.c
-+++ b/tools/perf/builtin-record.c
-@@ -386,7 +386,7 @@ static int record__process_auxtrace(struct perf_tool *tool,
- size_t padding;
- u8 pad[8] = {0};
-
-- if (!perf_data__is_pipe(data)) {
-+ if (!perf_data__is_pipe(data) && !perf_data__is_dir(data)) {
- off_t file_offset;
- int fd = perf_data__fd(data);
- int err;
---
-2.19.1
-
+++ /dev/null
-From ade81011a8f00f467f324afe868f7585f71893ef Mon Sep 17 00:00:00 2001
-From: Changbin Du <changbin.du@gmail.com>
-Date: Sat, 16 Mar 2019 16:05:47 +0800
-Subject: perf top: Delete the evlist before perf_session, fixing
- heap-use-after-free issue
-
-[ Upstream commit 0dba9e4be95b59e77060645ca8e37ca3231061f5 ]
-
-The evlist should be destroyed before the perf session.
-
-Detected with gcc's ASan:
-
- =================================================================
- ==27350==ERROR: AddressSanitizer: heap-use-after-free on address 0x62b000002e38 at pc 0x5611da276999 bp 0x7ffce8f1d1a0 sp 0x7ffce8f1d190
- WRITE of size 8 at 0x62b000002e38 thread T0
- #0 0x5611da276998 in __list_del /home/work/linux/tools/include/linux/list.h:89
- #1 0x5611da276d4a in __list_del_entry /home/work/linux/tools/include/linux/list.h:102
- #2 0x5611da276e77 in list_del_init /home/work/linux/tools/include/linux/list.h:145
- #3 0x5611da2781cd in thread__put util/thread.c:130
- #4 0x5611da2cc0a8 in __thread__zput util/thread.h:68
- #5 0x5611da2d2dcb in hist_entry__delete util/hist.c:1148
- #6 0x5611da2cdf91 in hists__delete_entry util/hist.c:337
- #7 0x5611da2ce19e in hists__delete_entries util/hist.c:365
- #8 0x5611da2db2ab in hists__delete_all_entries util/hist.c:2639
- #9 0x5611da2db325 in hists_evsel__exit util/hist.c:2651
- #10 0x5611da1c5352 in perf_evsel__exit util/evsel.c:1304
- #11 0x5611da1c5390 in perf_evsel__delete util/evsel.c:1309
- #12 0x5611da1b35f0 in perf_evlist__purge util/evlist.c:124
- #13 0x5611da1b38e2 in perf_evlist__delete util/evlist.c:148
- #14 0x5611da069781 in cmd_top /home/changbin/work/linux/tools/perf/builtin-top.c:1645
- #15 0x5611da17d038 in run_builtin /home/changbin/work/linux/tools/perf/perf.c:302
- #16 0x5611da17d577 in handle_internal_command /home/changbin/work/linux/tools/perf/perf.c:354
- #17 0x5611da17d97b in run_argv /home/changbin/work/linux/tools/perf/perf.c:398
- #18 0x5611da17e0e9 in main /home/changbin/work/linux/tools/perf/perf.c:520
- #19 0x7fdcc970f09a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
- #20 0x5611d9ff35c9 in _start (/home/work/linux/tools/perf/perf+0x3e95c9)
-
- 0x62b000002e38 is located 11320 bytes inside of 27448-byte region [0x62b000000200,0x62b000006d38)
- freed by thread T0 here:
- #0 0x7fdccb04ab70 in free (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xedb70)
- #1 0x5611da260df4 in perf_session__delete util/session.c:201
- #2 0x5611da063de5 in __cmd_top /home/changbin/work/linux/tools/perf/builtin-top.c:1300
- #3 0x5611da06973c in cmd_top /home/changbin/work/linux/tools/perf/builtin-top.c:1642
- #4 0x5611da17d038 in run_builtin /home/changbin/work/linux/tools/perf/perf.c:302
- #5 0x5611da17d577 in handle_internal_command /home/changbin/work/linux/tools/perf/perf.c:354
- #6 0x5611da17d97b in run_argv /home/changbin/work/linux/tools/perf/perf.c:398
- #7 0x5611da17e0e9 in main /home/changbin/work/linux/tools/perf/perf.c:520
- #8 0x7fdcc970f09a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
-
- previously allocated by thread T0 here:
- #0 0x7fdccb04b138 in calloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xee138)
- #1 0x5611da26010c in zalloc util/util.h:23
- #2 0x5611da260824 in perf_session__new util/session.c:118
- #3 0x5611da0633a6 in __cmd_top /home/changbin/work/linux/tools/perf/builtin-top.c:1192
- #4 0x5611da06973c in cmd_top /home/changbin/work/linux/tools/perf/builtin-top.c:1642
- #5 0x5611da17d038 in run_builtin /home/changbin/work/linux/tools/perf/perf.c:302
- #6 0x5611da17d577 in handle_internal_command /home/changbin/work/linux/tools/perf/perf.c:354
- #7 0x5611da17d97b in run_argv /home/changbin/work/linux/tools/perf/perf.c:398
- #8 0x5611da17e0e9 in main /home/changbin/work/linux/tools/perf/perf.c:520
- #9 0x7fdcc970f09a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
-
- SUMMARY: AddressSanitizer: heap-use-after-free /home/work/linux/tools/include/linux/list.h:89 in __list_del
- Shadow bytes around the buggy address:
- 0x0c567fff8570: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
- 0x0c567fff8580: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
- 0x0c567fff8590: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
- 0x0c567fff85a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
- 0x0c567fff85b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
- =>0x0c567fff85c0: fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd
- 0x0c567fff85d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
- 0x0c567fff85e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
- 0x0c567fff85f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
- 0x0c567fff8600: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
- 0x0c567fff8610: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
- Shadow byte legend (one shadow byte represents 8 application bytes):
- Addressable: 00
- Partially addressable: 01 02 03 04 05 06 07
- Heap left redzone: fa
- Freed heap region: fd
- Stack left redzone: f1
- Stack mid redzone: f2
- Stack right redzone: f3
- Stack after return: f5
- Stack use after scope: f8
- Global redzone: f9
- Global init order: f6
- Poisoned by user: f7
- Container overflow: fc
- Array cookie: ac
- Intra object redzone: bb
- ASan internal: fe
- Left alloca redzone: ca
- Right alloca redzone: cb
- ==27350==ABORTING
-
-Signed-off-by: Changbin Du <changbin.du@gmail.com>
-Reviewed-by: Jiri Olsa <jolsa@kernel.org>
-Cc: Alexei Starovoitov <ast@kernel.org>
-Cc: Daniel Borkmann <daniel@iogearbox.net>
-Cc: Namhyung Kim <namhyung@kernel.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Steven Rostedt (VMware) <rostedt@goodmis.org>
-Link: http://lkml.kernel.org/r/20190316080556.3075-8-changbin.du@gmail.com
-Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- tools/perf/builtin-top.c | 42 ++++++++++++++++++----------------------
- 1 file changed, 19 insertions(+), 23 deletions(-)
-
-diff --git a/tools/perf/builtin-top.c b/tools/perf/builtin-top.c
-index f64e312db787..9b215007924b 100644
---- a/tools/perf/builtin-top.c
-+++ b/tools/perf/builtin-top.c
-@@ -1192,23 +1192,19 @@ static int __cmd_top(struct perf_top *top)
- pthread_t thread, thread_process;
- int ret;
-
-- top->session = perf_session__new(NULL, false, NULL);
-- if (top->session == NULL)
-- return -1;
--
- if (!top->annotation_opts.objdump_path) {
- ret = perf_env__lookup_objdump(&top->session->header.env,
- &top->annotation_opts.objdump_path);
- if (ret)
-- goto out_delete;
-+ return ret;
- }
-
- ret = callchain_param__setup_sample_type(&callchain_param);
- if (ret)
-- goto out_delete;
-+ return ret;
-
- if (perf_session__register_idle_thread(top->session) < 0)
-- goto out_delete;
-+ return ret;
-
- if (top->nr_threads_synthesize > 1)
- perf_set_multithreaded();
-@@ -1224,13 +1220,18 @@ static int __cmd_top(struct perf_top *top)
-
- if (perf_hpp_list.socket) {
- ret = perf_env__read_cpu_topology_map(&perf_env);
-- if (ret < 0)
-- goto out_err_cpu_topo;
-+ if (ret < 0) {
-+ char errbuf[BUFSIZ];
-+ const char *err = str_error_r(-ret, errbuf, sizeof(errbuf));
-+
-+ ui__error("Could not read the CPU topology map: %s\n", err);
-+ return ret;
-+ }
- }
-
- ret = perf_top__start_counters(top);
- if (ret)
-- goto out_delete;
-+ return ret;
-
- ret = perf_evlist__apply_drv_configs(evlist, &pos, &err_term);
- if (ret) {
-@@ -1257,7 +1258,7 @@ static int __cmd_top(struct perf_top *top)
- ret = -1;
- if (pthread_create(&thread_process, NULL, process_thread, top)) {
- ui__error("Could not create process thread.\n");
-- goto out_delete;
-+ return ret;
- }
-
- if (pthread_create(&thread, NULL, (use_browser > 0 ? display_thread_tui :
-@@ -1301,19 +1302,7 @@ static int __cmd_top(struct perf_top *top)
- out_join_thread:
- pthread_cond_signal(&top->qe.cond);
- pthread_join(thread_process, NULL);
--out_delete:
-- perf_session__delete(top->session);
-- top->session = NULL;
--
- return ret;
--
--out_err_cpu_topo: {
-- char errbuf[BUFSIZ];
-- const char *err = str_error_r(-ret, errbuf, sizeof(errbuf));
--
-- ui__error("Could not read the CPU topology map: %s\n", err);
-- goto out_delete;
--}
- }
-
- static int
-@@ -1644,10 +1633,17 @@ int cmd_top(int argc, const char **argv)
- signal(SIGWINCH, winch_sig);
- }
-
-+ top.session = perf_session__new(NULL, false, NULL);
-+ if (top.session == NULL) {
-+ status = -1;
-+ goto out_delete_evlist;
-+ }
-+
- status = __cmd_top(&top);
-
- out_delete_evlist:
- perf_evlist__delete(top.evlist);
-+ perf_session__delete(top.session);
-
- return status;
- }
---
-2.19.1
-
arc-hsdk_defconfig-enable-config_blk_dev_ram.patch
inotify-fix-fsnotify_mark-refcount-leak-in-inotify_u.patch
perf-core-restore-mmap-record-type-correctly.patch
-perf-data-don-t-store-auxtrace-index-for-directory-d.patch
mips-bcm47xx-enable-usb-power-on-netgear-wndr3400v2.patch
ext4-avoid-panic-during-forced-reboot.patch
ext4-add-missing-brelse-in-add_new_gdb_meta_bg.patch
perf-config-fix-an-error-in-the-config-template-docu.patch
perf-config-fix-a-memory-leak-in-collect_config.patch
perf-build-id-fix-memory-leak-in-print_sdt_events.patch
-perf-top-delete-the-evlist-before-perf_session-fixin.patch
perf-top-fix-error-handling-in-cmd_top.patch
perf-hist-add-missing-map__put-in-error-case.patch
perf-map-remove-map-from-names-tree-in-__maps__remov.patch
include-linux-swap.h-use-offsetof-instead-of-custom-.patch
bpf-fix-use-after-free-in-bpf_evict_inode.patch
ib-hfi1-failed-to-drain-send-queue-when-qp-is-put-into-error-state.patch
+paride-pf-fix-potential-null-pointer-dereference.patch
+paride-pcd-fix-potential-null-pointer-dereference-an.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
