]> git.ipfire.org Git - thirdparty/kernel/linux.git/commit
perf sched: Replace (void*)1 sentinel with proper runtime allocation
authorArnaldo Carvalho de Melo <acme@redhat.com>
Thu, 11 Jun 2026 00:00:11 +0000 (21:00 -0300)
committerArnaldo Carvalho de Melo <acme@redhat.com>
Wed, 17 Jun 2026 11:28:50 +0000 (08:28 -0300)
commit500f5dd0a8b6f7bd174102587c7dff5a7d2fecbf
treee2852db36240daa1647e55d3faa51b98e41fe857
parentcfafef390ca9c753b34c7e97b5abee4cab0ce270
perf sched: Replace (void*)1 sentinel with proper runtime allocation

map__findnew_thread() marks color-pid threads by storing (void*)1 as
the thread private data via thread__set_priv().  This sentinel value
causes two problems:

1. thread__get_runtime() returns (void*)1 as a struct thread_runtime
   pointer.  Any field access (e.g. tr->shortname) dereferences address
   1, which is an unmapped page — immediate segfault.

2. cmd_sched() registers free() as the thread priv destructor, so thread
   cleanup calls free((void*)1) — undefined behavior that corrupts the
   heap on many allocators.

Fix by adding a 'color' flag to struct thread_runtime and allocating a
real runtime struct for color-pid threads.  thread__has_color() now
checks the flag instead of relying on priv being non-NULL.

Reported-by: sashiko-bot <sashiko-bot@kernel.org>
Fixes: 58a606149c60d5da ("perf sched: Avoid union type punning undefined behavior")
Reviewed-by: Ian Rogers <irogers@google.com>
Cc: Ian Rogers <irogers@google.com>
Assisted-by: Claude:claude-opus-4.6
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
tools/perf/builtin-sched.c