On Thu, Mar 09, 2017 at 09:57:20AM -0800, Krister Johansen wrote:
> commit aa33b9b9a2ebb00d33c83a5312d4fbf2d5aeba36 upstream.
>
> If dso__load_kcore frees all of the existing maps, but one has already
> been attached to a callchain cursor node, then we can get a SIGSEGV in
> any function that happens to try to use this invalid cursor. Use the
> existing map refcount mechanism to forestall cleanup of a map until the
> cursor iterates past the node.
>
> Signed-off-by: Krister Johansen <kjlx@xxxxxxxxxxxxxxxxxx>
> Tested-by: Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>
> Cc: Frederic Weisbecker <fweisbec@xxxxxxxxx>
> Cc: Masami Hiramatsu <mhiramat@xxxxxxxxxx>
> Cc: Namhyung Kim <namhyung@xxxxxxxxxx>
> Cc: stable@xxxxxxxxxx
> Fixes: 84c2cafa2889 ("perf tools: Reference count struct map")
> Link: http://lkml.kernel.org/r/20170106062331.GB2707@xxxxxxxxxxxxxxxxxx
> Signed-off-by: Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>
> ---
> tools/perf/util/callchain.c | 11 +++++++++--
> tools/perf/util/callchain.h | 6 ++++++
> tools/perf/util/hist.c | 7 +++++++
> 3 files changed, 22 insertions(+), 2 deletions(-)
>
> Apologies for the long lead time on this. This is the backport that
> I've been using to debug issues on 4.9 kernels in my production
> environment.
Not a problem, thanks for this, now applied.
greg k-h