Re: [PATCH v2 1/4] trace-cmd: Fix trace-cmd report crash while displaying trace.dat in specific use case

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon,  4 May 2020 09:27:08 +0300
"Tzvetomir Stoyanov (VMware)" <tz.stoyanov@xxxxxxxxx> wrote:

> The trace-cmd report command crashes while displaying a file recorded with "--proc-map" and "-B" options:
> #trace-cmd record --proc-map  -B test -e sched -F sleep 1
> The "--proc-map" options saves the address map of "sleep" into the trace.dat file. This
> information is used by KernelShark. The "-B" options traces the specified events into a
> ftrace instance "test".
> When such file is opened using libtracecmd APIs, the proc-map is parsed and saved into
> a tracecmd_input handler, as linked list "pid_maps". Later, when the ftrace instance
> "test" is parsed, a copy of this handler is used to fill it with the instance's trace data.
> Both tracecmd_input handlers share the same "pid_maps" list, thus leads to a double
> free of the list, when  handlers are destroyed.
> As this "pid_maps" is not used in ftrace buffers, the "pid_maps" list of the copy can be
> initialized to NULL.
> 
> Signed-off-by: Tzvetomir Stoyanov (VMware) <tz.stoyanov@xxxxxxxxx>


FYI, I changed the subject and body to this:

trace-cmd: Fix trace-cmd report crash while displaying trace.dat with --proc-map and -B options
  
The trace-cmd report command crashes while displaying a file recorded with
"--proc-map" and "-B" options:

 # trace-cmd record --proc-map  -B test -e sched -F sleep 1

The "--proc-map" options saves the address map of "sleep" into the trace.dat
file. This information is used by KernelShark. The "-B" option traces the
specified events into a ftrace instance "test".

When such a file is opened using libtracecmd APIs, the proc-map is parsed and
saved into a tracecmd_input handler, as linked list "pid_maps". Later, when
the ftrace instance "test" is parsed, a copy of this handler is used to fill
it with the instance's trace data.  Both tracecmd_input handlers share the
same "pid_maps" list, thus leads to a double free of the list when the
handlers are destroyed.  As this "pid_maps" is not used in ftrace buffers,
the "pid_maps" list of the copy can be initialized to NULL.

-- Steve
[Index of Archives]     [Linux USB Development]     [Linux USB Development]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux