Re: [PATCH 04/11] perf tools: NULL bitmap pointers after bitmap_free()

[Ian Rogers]

On Mon, Jun 8, 2026 at 1:18 PM Arnaldo Carvalho de Melo <acme@xxxxxxxxxx> wrote:
>
> From: Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>
>
> Two call sites free bitmaps without NULLing the pointer, risking
> double-free if the structure is reused or cleanup is called twice:
>
>  - mmap__munmap():                 map->affinity_mask.bits
>  - record__mmap_cpu_mask_free():   mask->bits
>
> Set each pointer to NULL after bitmap_free().
>
> Fixes: 8384a2600c7ddfc8 ("perf record: Adapt affinity to machines with #CPUs > 1K")
> Fixes: f466e5ed6c356d1d ("perf record: Extend --threads command line option")
> Reported-by: sashiko-bot <sashiko-bot@xxxxxxxxxx>
> Cc: Alexey Budankov <alexey.budankov@xxxxxxxxxxxxxxx>
> Cc: Alexey Bayduraev <alexey.v.bayduraev@xxxxxxxxxxxxxxx>
> Cc: Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>
> Assisted-by: Claude Opus 4.6 <noreply@xxxxxxxxxxxxx>
> Signed-off-by: Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>

Reviewed-by: Ian Rogers <irogers@xxxxxxxxxx>

Perhaps there's a need for bitmap_zfree.

Thanks,
Ian

> ---
>  tools/perf/builtin-record.c | 1 +
>  tools/perf/util/mmap.c      | 1 +
>  2 files changed, 2 insertions(+)
>
> diff --git a/tools/perf/builtin-record.c b/tools/perf/builtin-record.c
> index a33c78f030d91012..e915390556752b9e 100644
> --- a/tools/perf/builtin-record.c
> +++ b/tools/perf/builtin-record.c
> @@ -3084,6 +3084,7 @@ static int record__mmap_cpu_mask_alloc(struct mmap_cpu_mask *mask, int nr_bits)
>  static void record__mmap_cpu_mask_free(struct mmap_cpu_mask *mask)
>  {
>         bitmap_free(mask->bits);
> +       mask->bits = NULL;
>         mask->nbits = 0;
>  }
>
> diff --git a/tools/perf/util/mmap.c b/tools/perf/util/mmap.c
> index d64aec6c7c843e81..c6bd4c37d50ee57e 100644
> --- a/tools/perf/util/mmap.c
> +++ b/tools/perf/util/mmap.c
> @@ -238,6 +238,7 @@ static void perf_mmap__aio_munmap(struct mmap *map __maybe_unused)
>  void mmap__munmap(struct mmap *map)
>  {
>         bitmap_free(map->affinity_mask.bits);
> +       map->affinity_mask.bits = NULL;
>
>         zstd_fini(&map->zstd_data);
>
> --
> 2.54.0
>