[PATCH 2/2] perf tools: Fix another seg fault using Intel PT

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Adrian Hunter <adrian.hunter@intel.com>
To: Arnaldo Carvalho de Melo <acme@kernel.org>
Cc: Jiri Olsa <jolsa@redhat.com>, linux-kernel@vger.kernel.org
Subject: [PATCH 2/2] perf tools: Fix another seg fault using Intel PT
Date: Tue, 26 Jan 2016 14:05:21 +0200	[thread overview]
Message-ID: <1453809921-24596-3-git-send-email-adrian.hunter@intel.com> (raw)
In-Reply-To: <1453809921-24596-1-git-send-email-adrian.hunter@intel.com>

Fix segmentation fault using:

	perf record -e intel_pt//u uname
	perf script

Back trace:

  0  __list_del (next=0x1880710, prev=0x0) at /home/ahunter/git/linux/tools/include/linux/list.h:89
  1  __list_del_entry (entry=0x1880710) at /home/ahunter/git/linux/tools/include/linux/list.h:101
  2  list_del_init (entry=0x1880710) at /home/ahunter/git/linux/tools/include/linux/list.h:144
  3  thread__put (thread=0x1880710) at util/thread.c:104
  4  0x00000000004fd699 in intel_pt_free (session=0x186fb90) at util/intel-pt.c:1747
  5  0x00000000004c23cc in auxtrace__free (session=0x186fb90) at util/auxtrace.h:511
  6  perf_session__delete (session=session@entry=0x186fb90) at util/session.c:181
  7  0x0000000000443398 in cmd_script (argc=<optimized out>, argv=<optimized out>, prefix=<optimized out>) at builtin-script.c:2232
  8  0x000000000047cbd3 in run_builtin (p=p@entry=0x7cf3a8 <commands+360>, argc=argc@entry=1, argv=argv@entry=0x7fffffffe210) at perf.c:390
  9  0x00000000004216a7 in handle_internal_command (argv=0x7fffffffe210, argc=1) at perf.c:451
 10 run_argv (argv=0x7fffffffdf90, argcp=0x7fffffffdf9c) at perf.c:495
 11 main (argc=1, argv=0x7fffffffe210) at perf.c:618

The seg fault happens when Intel PT "puts" a "struct thread"
that has been created as a placeholder for unknown threads.
thread__put() assumes that a thread's list node can be deleted,
which is not true in the case above because of:

       commit fdce6a4edaad ("perf tools: Remove redundant initialization of thread linkage members")

which removed the list node initialization.

Expecting the list node to be re-initialized whenever removing a
thread from an rb-tree seems fragile, so fix by taking the list
node out of union, so that list_del_init() can be used on it with
impunity.

Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
---
 tools/perf/util/thread.c | 2 ++
 tools/perf/util/thread.h | 6 ++----
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/tools/perf/util/thread.c b/tools/perf/util/thread.c
index dfd00c6dad6e..e8af90c1e66d 100644
--- a/tools/perf/util/thread.c
+++ b/tools/perf/util/thread.c
@@ -56,6 +56,7 @@ struct thread *thread__new(pid_t pid, pid_t tid)
 
 		list_add(&comm->list, &thread->comm_list);
 		atomic_set(&thread->refcnt, 1);
+		INIT_LIST_HEAD(&thread->node);
 		RB_CLEAR_NODE(&thread->rb_node);
 	}
 
@@ -71,6 +72,7 @@ void thread__delete(struct thread *thread)
 	struct comm *comm, *tmp;
 
 	BUG_ON(!RB_EMPTY_NODE(&thread->rb_node));
+	BUG_ON(!list_empty(&thread->node));
 
 	thread_stack__free(thread);
 
diff --git a/tools/perf/util/thread.h b/tools/perf/util/thread.h
index a0ac0317affb..6430b168a62f 100644
--- a/tools/perf/util/thread.h
+++ b/tools/perf/util/thread.h
@@ -13,10 +13,8 @@
 struct thread_stack;
 
 struct thread {
-	union {
-		struct rb_node	 rb_node;
-		struct list_head node;
-	};
+	struct rb_node		rb_node;
+	struct list_head	node;
 	struct map_groups	*mg;
 	pid_t			pid_; /* Not all tools update this */
 	pid_t			tid;
-- 
1.9.1

     prev parent reply	other threads:[~2016-01-26 12:08 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-01-26 12:05 [PATCH 0/2] perf tools: Fix seg fault with Intel PT Adrian Hunter
2016-01-26 12:05 ` [PATCH 1/2] " Adrian Hunter
2016-01-26 13:23   ` Arnaldo Carvalho de Melo
2016-01-26 13:34     ` Adrian Hunter
2016-01-26 13:54       ` Arnaldo Carvalho de Melo
2016-01-26 14:00         ` Adrian Hunter
2016-01-26 14:30           ` Arnaldo Carvalho de Melo
2016-02-04  7:57   ` [tip:perf/urgent] perf tools: tracepoint_error() can receive e= NULL, robustify it tip-bot for Adrian Hunter
2016-01-26 12:05 ` Adrian Hunter [this message]

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:dfd00c6dad6 dfblob:e8af90c1e66 dfblob:a0ac0317aff
dfblob:6430b168a62 )
 OR (
bs:"[PATCH 2/2] perf tools: Fix another seg fault using Intel PT" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1453809921-24596-3-git-send-email-adrian.hunter@intel.com \
    --to=adrian.hunter@intel.com \
    --cc=acme@kernel.org \
    --cc=jolsa@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.