[PATCH 2/2] perf tools: Fix fault in error patch of intel_pt_process_auxtrace_info()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Arnaldo Carvalho de Melo <acme@kernel.org>
To: Ingo Molnar <mingo@kernel.org>
Cc: linux-kernel@vger.kernel.org, Wang Nan <wangnan0@huawei.com>,
	Adrian Hunter <adrian.hunter@intel.com>,
	Josh Poimboeuf <jpoimboe@redhat.com>,
	Arnaldo Carvalho de Melo <acme@redhat.com>
Subject: [PATCH 2/2] perf tools: Fix fault in error patch of intel_pt_process_auxtrace_info()
Date: Mon,  1 Feb 2016 14:13:12 -0300	[thread overview]
Message-ID: <1454346792-24419-3-git-send-email-acme@kernel.org> (raw)
In-Reply-To: <1454346792-24419-1-git-send-email-acme@kernel.org>

From: Wang Nan <wangnan0@huawei.com>

In error processing path of intel_pt_process_auxtrace_info() it calls
thread__zput() to clean and free pt->unknown_thread which is created by
thread__new(). However, when error raise, a segfault happen:

  # perf record -I -e intel_pt/tsc=1,noretcomp=1/u /bin/ls
  0  a  anaconda-ks.cfg  bin   perf.data	perf.data.old  perf-f23-bringup.todo
  [ perf record: Woken up 1 times to write data ]
  [ perf record: Captured and wrote 0.217 MB perf.data ]
  #
  # perf script -F event,comm,pid,tid,time,addr,ip,sym,dso,iregs
  Samples for 'instructions:u' event do not have IREGS attribute set. Cannot print 'iregs' field.
  intel_pt_synth_events: failed to synthesize 'instructions' event type
  Segmentation fault (core dumped)
  #

The problem is: there's a union in 'struct thread' combines a list_head
and a rb_node. The standard life cycle of a thread is: init rb_node during
creating, inserted into machine->threads rbtree uses rb_node, move to
machine->dead_threads using list_head, clean by thread__put:
list_del_init(&thread->node).

In the above command, it clean a thread before adding it into list,
causes the above segfault.

This patch gives a fake list_head and link the thread into it before
calling thread__zput(), get rid of the segfault.

After this patch:

  # perf script -F event,comm,pid,tid,time,addr,ip,sym,dso,iregs
  Samples for 'instructions:u' event do not have IREGS attribute set. Cannot print 'iregs' field.
  intel_pt_synth_events: failed to synthesize 'instructions' event type
  0x248 [0x88]: failed to process type: 70
  #

Reported-by: Tong Zhang <ztong@vt.edu>
Signed-off-by: Wang Nan <wangnan0@huawei.com>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Link: http://lkml.kernel.org/r/1454296865-19749-1-git-send-email-wangnan0@huawei.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
---
 tools/perf/util/intel-pt.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tools/perf/util/intel-pt.c b/tools/perf/util/intel-pt.c
index 81a2eb77ba7f..e2add6376fec 100644
--- a/tools/perf/util/intel-pt.c
+++ b/tools/perf/util/intel-pt.c
@@ -2013,6 +2013,7 @@ int intel_pt_process_auxtrace_info(union perf_event *event,
 	struct auxtrace_info_event *auxtrace_info = &event->auxtrace_info;
 	size_t min_sz = sizeof(u64) * INTEL_PT_PER_CPU_MMAPS;
 	struct intel_pt *pt;
+	struct list_head dead_thread;
 	int err;

 	if (auxtrace_info->header.size < sizeof(struct auxtrace_info_event) +
@@ -2153,6 +2154,9 @@ int intel_pt_process_auxtrace_info(union perf_event *event,
 	return 0;

 err_delete_thread:
+	RB_CLEAR_NODE(&pt->unknown_thread->rb_node);
+	INIT_LIST_HEAD(&dead_thread);
+	list_add(&pt->unknown_thread->node, &dead_thread);
 	thread__zput(pt->unknown_thread);
 err_free_queues:
 	intel_pt_log_disable();
-- 
2.5.0

next prev parent reply	other threads:[~2016-02-01 17:13 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-02-01 17:13 [GIT PULL 0/2] perf/urgent fixes Arnaldo Carvalho de Melo
2016-02-01 17:13 ` [PATCH 1/2] perf tools: tracepoint_error() can receive e=NULL, robustify it Arnaldo Carvalho de Melo
2016-02-01 17:13 ` Arnaldo Carvalho de Melo [this message]
2016-02-02 10:24   ` [PATCH 2/2] perf tools: Fix fault in error patch of intel_pt_process_auxtrace_info() Adrian Hunter
2016-02-02 14:08     ` Arnaldo Carvalho de Melo
2016-02-02 15:52     ` Arnaldo Carvalho de Melo
2016-02-02 20:38       ` Arnaldo Carvalho de Melo
2016-02-03  2:06       ` Wangnan (F)
2016-02-03  7:09       ` Adrian Hunter

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:81a2eb77ba7 dfblob:e2add6376fe )
 OR (
bs:"[PATCH 2/2] perf tools: Fix fault in error patch of intel_pt_process_auxtrace_info()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1454346792-24419-3-git-send-email-acme@kernel.org \
    --to=acme@kernel.org \
    --cc=acme@redhat.com \
    --cc=adrian.hunter@intel.com \
    --cc=jpoimboe@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@kernel.org \
    --cc=wangnan0@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.