From: Jiri Olsa <jo...@kernel.org>
Du Changbin reported crash [1] when calling perf_hpp__reset_output_field()
after unregistering field via perf_hpp__column_unregister().
This ends up in calling following list_del* sequence on
the same format:
perf_hpp__column_unregister:
list_del(&format->list);
perf_hpp__reset_output_field:
list_del_init(&fmt->list);
where the later list_del_init might touch already freed formats.
Fixing this by replacing list_del() with list_del_init() in
perf_hpp__column_unregister().
[1] http://marc.info/?l=linux-kernel&m=149059595826019&w=2
Reported-by: Changbin Du <changbin...@intel.com>
Signed-off-by: Jiri Olsa <jo...@kernel.org>
Cc: Andi Kleen <a...@firstfloor.org>
Cc: David Ahern <dsah...@gmail.com>
Cc: Jin Yao <yao....@linux.intel.com>
Cc: Namhyung Kim <namhy...@kernel.org>
Cc: Peter Zijlstra <pet...@infradead.org>
Cc: Wang Nan <wangn...@huawei.com>
Link: http://lkml.kernel.org/r/20171013083736.15037-2-jo...@kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <a...@redhat.com>
---
tools/perf/ui/hist.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/perf/ui/hist.c b/tools/perf/ui/hist.c
index ddb2c6fbdf91..6ee6b36bbc76 100644
--- a/tools/perf/ui/hist.c
+++ b/tools/perf/ui/hist.c
@@ -532,7 +532,7 @@ void perf_hpp_list__prepend_sort_field(struct perf_hpp_list
*list,
void perf_hpp__column_unregister(struct perf_hpp_fmt *format)
{
- list_del(&format->list);
+ list_del_init(&format->list);
}
void perf_hpp__cancel_cumulate(void)
--
2.13.6
