On Mon, Apr 10, 2017 at 01:14:27PM -0700, David Carrillo-Cisneros wrote: > __perf_session__process_pipe_events reuses the same memory buffer to > process all events in the pipe. > > When reordering is needed (e.g. -b option), events are not immediately > flushed, but kept around until reordering is possible, causing > memory corruption. > > The problem is usually observed by a "Unknown sample error" output. It > can easily be reproduced by: > > perf record -o - noploop | perf inject -b > output > > Signed-off-by: David Carrillo-Cisneros <davi...@google.com> > --- > tools/perf/util/ordered-events.c | 3 ++- > tools/perf/util/session.c | 1 + > 2 files changed, 3 insertions(+), 1 deletion(-) > > diff --git a/tools/perf/util/ordered-events.c > b/tools/perf/util/ordered-events.c > index fe84df1875aa..e70e935b1841 100644 > --- a/tools/perf/util/ordered-events.c > +++ b/tools/perf/util/ordered-events.c > @@ -79,7 +79,7 @@ static union perf_event *dup_event(struct ordered_events > *oe, > > static void free_dup_event(struct ordered_events *oe, union perf_event > *event) > { > - if (oe->copy_on_queue) { > + if (event && oe->copy_on_queue) { > oe->cur_alloc_size -= event->header.size; > free(event); > } > @@ -150,6 +150,7 @@ void ordered_events__delete(struct ordered_events *oe, > struct ordered_event *eve > list_move(&event->list, &oe->cache); > oe->nr_events--; > free_dup_event(oe, event->event); > + event->event = NULL;
based on the changelog I understand the need for the change below, but I dont get why do we need this cleanu and check above thanks, jirka > } > > int ordered_events__queue(struct ordered_events *oe, union perf_event *event, > diff --git a/tools/perf/util/session.c b/tools/perf/util/session.c > index 24259bc2c598..a25302bc55a8 100644 > --- a/tools/perf/util/session.c > +++ b/tools/perf/util/session.c > @@ -1656,6 +1656,7 @@ static int __perf_session__process_pipe_events(struct > perf_session *session) > buf = malloc(cur_size); > if (!buf) > return -errno; > + ordered_events__set_copy_on_queue(oe, true); > more: > event = buf; > err = readn(fd, event, sizeof(struct perf_event_header)); > -- > 2.12.2.715.g7642488e1d-goog >