[PATCH v6 01/10] perf tools: Check 'base' pointer before checking refcnt when put a mmap
From: Wang Nan
Date: Wed May 25 2016 - 09:51:36 EST
evlist->mmap[i]->refcnt could be 0 if an evlist has no evsel or all
evsels don't match the evlist during mmap. For example, when all evsels
are overwritable but the evlist itself is normal. To avoid crashing,
perf should check 'base' pointer before checking refcnt, and raise bug
only when base is not NULL.
Signed-off-by: Wang Nan <wangnan0@xxxxxxxxxx>
Cc: He Kuang <hekuang@xxxxxxxxxx>
Cc: Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>
Cc: Jiri Olsa <jolsa@xxxxxxxxxx>
Cc: Masami Hiramatsu <masami.hiramatsu.pt@xxxxxxxxxxx>
Cc: Namhyung Kim <namhyung@xxxxxxxxxx>
Cc: Zefan Li <lizefan@xxxxxxxxxx>
Cc: pi3orama@xxxxxxx
---
tools/perf/util/evlist.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/tools/perf/util/evlist.c b/tools/perf/util/evlist.c
index fbd0d47..f916d25 100644
--- a/tools/perf/util/evlist.c
+++ b/tools/perf/util/evlist.c
@@ -857,9 +857,11 @@ static void perf_evlist__mmap_get(struct perf_evlist *evlist, int idx)
static void perf_evlist__mmap_put(struct perf_evlist *evlist, int idx)
{
- BUG_ON(atomic_read(&evlist->mmap[idx].refcnt) == 0);
+ struct perf_mmap *mmap = &evlist->mmap[idx];
- if (atomic_dec_and_test(&evlist->mmap[idx].refcnt))
+ BUG_ON(mmap->base && atomic_read(&mmap->refcnt) == 0);
+
+ if (atomic_dec_and_test(&mmap->refcnt))
__perf_evlist__munmap(evlist, idx);
}
--
1.8.3.4