Re: [PATCH v4] perf sched stats: Fix segmentation faults, memory leaks, and stale pointers in diff mode

[Ian Rogers]

On Wed, May 6, 2026 at 6:03 AM Arnaldo Carvalho de Melo <acme@xxxxxxxxxx> wrote:
>
> On Tue, May 05, 2026 at 11:45:56PM -0700, Ian Rogers wrote:
> > On Tue, May 5, 2026 at 9:10 PM Ian Rogers <irogers@xxxxxxxxxx> wrote:
> > >
> > > The patch addresses multiple segmentation fault vectors, out-of-bounds
> > > reads, and memory leaks in perf sched stats by adding bounds checks,
> > > NULL checks, proper error propagation, and robust memory cleanup.
> > >
> > > 1. In get_all_cpu_stats(), added assert(!list_empty(head)) to prevent
> > >    unsafe list_first_entry() calls on empty lists, added a missing NULL
> > >    check for summary_head->cpu_data allocation, and implemented a cleanup
> > >    ladder using a temporary list to prevent memory leaks on error paths.
> > > 2. In free_schedstat(), fixed memory leaks by ensuring internal domain_data
> > >    and cpu_data pointers are freed.
> > > 3. In show_schedstat_data(), fixed a stale pointer issue where ds2 retained
> > >    its value from a previous iteration when dptr2 became NULL, and added
> > >    proper propagation of errors from get_all_cpu_stats().
> > > 4. Propagated show_schedstat_data() errors up to perf_sched__schedstat_diff()
> > >    and perf_sched__schedstat_live() to prevent output corruption on failure.
> > > 5. In show_schedstat_data(), added NULL checks for cd_map1 and cd_map2
> > >    to gracefully handle invalid or empty data files.
> > > 6. Added parallel iteration termination checks using list_is_last() in
> > >    show_schedstat_data() for both domain and CPU lists to safely terminate
> > >    at the end of each list when files contain a different number of CPUs
> > >    or domains.
> > > 7. Added CPU bounds checks (cs1->cpu >= nr1 and cs2->cpu >= nr2) in
> > >    show_schedstat_data() to prevent out-of-bounds reads from cd_map1 and
> > >    cd_map2 when comparing files from machines with different CPU counts.
> > > 8. Added NULL checks for cd_info1 and cd_info2 to prevent crashes when
> > >    a CPU has data samples but no corresponding domain info in the header.
> > > 9. Added domain bounds checks (ds1->domain >= cd_info1->nr_domains and
> > >    ds2->domain >= cd_info2->nr_domains) to prevent out-of-bounds array
> > >    accesses in the domains array.
> > > 10. Added NULL checks for dinfo1 and dinfo2 in show_schedstat_data()
> > >     to prevent crashes when a domain has no corresponding domain info.
> > > 11. Zero-initialized the perf_data array in perf_sched__schedstat_diff()
> > >     to prevent stack garbage from causing perf_data_file__fd() to attempt
> > >     to use a NULL fptr when use_stdio happened to be non-zero.
> > >
> > > Assisted-by: Gemini:gemini-3.1-pro-preview
> > > Signed-off-by: Ian Rogers <irogers@xxxxxxxxxx>
> >
> > This version passes sashiko's scrutiny:
> > https://sashiko.dev/#/patchset/20260506041004.3196084-1-irogers%40google.com
>
> Thanks, applied to perf-tools-next, for v7.2.

Thanks Arnaldo! I don't see this in:
https://web.git.kernel.org/pub/scm/linux/kernel/git/perf/perf-tools-next.git/log/?h=perf-tools-next
just wanted to make sure it didn't accidentally get lost.

Thanks,
Ian

> - Arnaldo