Re: [PATCH v1 1/2] perf maps: Avoid RC_CHK use after free

Next message: Namhyung Kim: "Re: [PATCH v1 1/3] perf header: Switch &quot;cpu&quot; for find_core_pmu in caps feature writing"
Previous message: Sergey Matyukevich: "Re: [PATCH v4 1/9] selftests: riscv: test ptrace vector interface"
In reply to: James Clark: "Re: [PATCH v1 1/2] perf maps: Avoid RC_CHK use after free"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Namhyung Kim

Date: Thu Nov 20 2025 - 14:02:29 EST

On Tue, 18 Nov 2025 21:05:54 -0800, Ian Rogers wrote:
> The case of __maps__fixup_overlap_and_insert where the "new" maps
> covers existing mappings can create a use-after-free with reference
> count checking enabled. The issue is that "pos" holds a map pointer
> from maps_by_address that is put from maps_by_address but then used to
> look for a map in maps_by_name (the compared map is now a
> use-after-free). The issue stems from using maps__remove which redoes
> some of the searches already done by __maps__fixup_overlap_and_insert,
> so optimize the code (by avoiding repeated searches) and avoid the
> use-after-free by inlining the appropriate removal code.
>
> [...]
Applied to perf-tools-next, thanks!

Best regards,
Namhyung