perf timechart: Fix memory leaks

Resolve a major execution-time leak of backtrace strings in the timechart tool.

- Modify cat_backtrace() to return dynamically allocated memory via
  open_memstream(), transferring ownership to the caller.
- Free the returned backtrace string inside process_sample_event() immediately
  after invoking the tracepoint handler.
- In handlers like pid_put_sample() and sched_wakeup(), make a separate copy of
  the backtrace using strdup() if it needs to be persisted in the sample struct,
  preventing lifetime issues and double-free vulnerabilities.

Signed-off-by: Ian Rogers <irogers@google.com>
Acked-by: Namhyung Kim <namhyung@kernel.org>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Albert Ou <aou@eecs.berkeley.edu>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Alexandre Ghiti <alex@ghiti.fr>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Andrew Jones <ajones@ventanamicro.com>
Cc: Anup Patel <anup@brainfault.org>
Cc: Athira Rajeev <atrajeev@linux.ibm.com>
Cc: Blake Jones <blakejones@google.com>
Cc: Chen Ni <nichen@iscas.ac.cn>
Cc: Chun-Tse Shao <ctshao@google.com>
Cc: Dapeng Mi <dapeng1.mi@linux.intel.com>
Cc: Derek Foreman <derek.foreman@collabora.com>
Cc: Dmitriy Vyukov <dvyukov@google.com>
Cc: Dr. David Alan Gilbert <linux@treblig.org>
Cc: Howard Chu <howardchu95@gmail.com>
Cc: Hrishikesh Suresh <hrishikesh123s@gmail.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: James Clark <james.clark@linaro.org>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Krzysztof Łopatowski <krzysztof.m.lopatowski@gmail.com>
Cc: Leo Yan <leo.yan@arm.com>
Cc: Palmer Dabbelt <palmer@dabbelt.com>
Cc: Paul Walmsley <pjw@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Quan Zhou <zhouquan@iscas.ac.cn>
Cc: Ravi Bangoria <ravi.bangoria@amd.com>
Cc: Swapnil Sapkal <swapnil.sapkal@amd.com>
Cc: Thomas Falcon <thomas.falcon@intel.com>
Cc: Tianyou Li <tianyou.li@intel.com>
Cc: Yujie Liu <yujie.liu@intel.com>
Cc: tanze <tanze@kylinos.cn>
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>

diff --git a/tools/perf/builtin-timechart.c b/tools/perf/builtin-timechart.c
index 1d24d8738519e4c85086e5a30577ece73e627dd8..d2e15d02304ea1ab154065104db64cca4146ff07 100644 (file)
--- a/tools/perf/builtin-timechart.c
+++ b/tools/perf/builtin-timechart.c
@@ -299,7 +299,7 @@ static void pid_put_sample(struct timechart *tchart, int pid, int type,
        sample->type = type;
        sample->next = c->samples;
        sample->cpu = cpu;
-       sample->backtrace = backtrace;
+       sample->backtrace = backtrace ? strdup(backtrace) : NULL;
        c->samples = sample;
 
        if (sample->type == TYPE_RUNNING && end > start && start > 0) {
@@ -433,7 +433,7 @@ static void sched_wakeup(struct timechart *tchart, int cpu, u64 timestamp,
 
        we->time = timestamp;
        we->waker = waker;
-       we->backtrace = backtrace;
+       we->backtrace = backtrace ? strdup(backtrace) : NULL;
 
        if ((flags & TRACE_FLAG_HARDIRQ) || (flags & TRACE_FLAG_SOFTIRQ))
                we->waker = -1;
@@ -489,9 +489,9 @@ static void sched_switch(struct timechart *tchart, int cpu, u64 timestamp,
        }
 }
 
-static const char *cat_backtrace(union perf_event *event,
-                                struct perf_sample *sample,
-                                struct machine *machine)
+static char *cat_backtrace(union perf_event *event,
+                          struct perf_sample *sample,
+                          struct machine *machine)
 {
        struct addr_location al;
        unsigned int i;
@@ -577,6 +577,7 @@ static int process_sample_event(const struct perf_tool *tool,
 {
        struct timechart *tchart = container_of(tool, struct timechart, tool);
        struct evsel *evsel = sample->evsel;
+       int ret = 0;
 
        if (evsel->core.attr.sample_type & PERF_SAMPLE_TIME) {
                if (!tchart->first_time || tchart->first_time > sample->time)
@@ -587,11 +588,13 @@ static int process_sample_event(const struct perf_tool *tool,
 
        if (evsel->handler != NULL) {
                tracepoint_handler f = evsel->handler;
+               char *backtrace = cat_backtrace(event, sample, machine);
 
-               return f(tchart, sample, cat_backtrace(event, sample, machine));
+               ret = f(tchart, sample, backtrace);
+               free(backtrace);
        }
 
-       return 0;
+       return ret;
 }
 
 static int