6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kan Liang kan.liang@linux.intel.com
[ Upstream commit 4f3affe0abf5d5910dc469a1f63257629605d3c3 ]
Perf crashes as below when applying --no-group
# perf record -e "{cache-misses,branches"} -b sleep 1 # perf report --stdio --no-group free(): invalid next size (fast) Aborted (core dumped) #
In the __hpp__fmt(), only 1 hpp_fmt_value is allocated for the current event when --no-group is applied.
However, the current implementation tries to assign the hists from all members to the hpp_fmt_value, which exceeds the allocated memory.
Fixes: 8f6071a3dce40e69 ("perf hist: Simplify __hpp_fmt() using hpp_fmt_data") Signed-off-by: Kan Liang kan.liang@linux.intel.com Acked-by: Namhyung Kim namhyung@kernel.org Cc: Ian Rogers irogers@google.com Cc: Ingo Molnar mingo@kernel.org Cc: Namhyung Kim namhyung@kernel.org Cc: Peter Zijlstra peterz@infradead.org Link: https://lore.kernel.org/r/20240820183202.3174323-1-kan.liang@linux.intel.com Signed-off-by: Arnaldo Carvalho de Melo acme@redhat.com Signed-off-by: Sasha Levin sashal@kernel.org --- tools/perf/ui/hist.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/tools/perf/ui/hist.c b/tools/perf/ui/hist.c index 5d1f04f66a5a1..e5491995adf08 100644 --- a/tools/perf/ui/hist.c +++ b/tools/perf/ui/hist.c @@ -62,7 +62,7 @@ static int __hpp__fmt(struct perf_hpp *hpp, struct hist_entry *he, struct evsel *pos; char *buf = hpp->buf; size_t size = hpp->size; - int i, nr_members = 1; + int i = 0, nr_members = 1; struct hpp_fmt_value *values;
if (evsel__is_group_event(evsel)) @@ -72,16 +72,16 @@ static int __hpp__fmt(struct perf_hpp *hpp, struct hist_entry *he, if (values == NULL) return 0;
- i = 0; - for_each_group_evsel(pos, evsel) - values[i++].hists = evsel__hists(pos); - + values[0].hists = evsel__hists(evsel); values[0].val = get_field(he); values[0].samples = he->stat.nr_events;
if (evsel__is_group_event(evsel)) { struct hist_entry *pair;
+ for_each_group_member(pos, evsel) + values[++i].hists = evsel__hists(pos); + list_for_each_entry(pair, &he->pairs.head, pairs.node) { for (i = 0; i < nr_members; i++) { if (values[i].hists != pair->hists)