From: Frederic Weisbecker <fweisbec@gmail.com>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Ingo Molnar <mingo@elte.hu>, LKML <linux-kernel@vger.kernel.org>,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
Arnaldo Carvalho de Melo <acme@redhat.com>,
Paul Mackerras <paulus@samba.org>,
David Miller <davem@davemloft.net>,
Archs <linux-arch@vger.kernel.org>
Subject: Re: [BUG perf] perf_fetch_caller_regs / rewind_frame_pointer can panic
Date: Thu, 8 Apr 2010 12:59:16 +0200 [thread overview]
Message-ID: <20100408105913.GE5247@nowhere> (raw)
In-Reply-To: <1270720640.2215.43.camel@edumazet-laptop>
On Thu, Apr 08, 2010 at 11:57:20AM +0200, Eric Dumazet wrote:
> Hello
>
> Current linux-2.6 tree panics on my dev machine
>
> 64 bit kernel, 32bit user land
> CONFIG_FRAME_POINTER=y
>
> perf timechart record &
>
> Instant crash
>
> Call Trace:
> perf_trace_sched_switch+0xd5/0x120
> schedule+0x6b5/0x860
> retint_careful+0xd/0x21
>
> RIP ffffffff81010955 perf_arch_fetch_caller_regs+0x15/0x40
> CR2: 00000000d21f1422
>
>
> rewind_frame_pointer() is probably wrong.
>
> No test performed to check frame is in current stack, or
> that (!user_mode_vm(regs))
user_mode_vm() can not work here as we are actually filling
regs from scratch.
But we indeed need to have a safe dereference to avoid such
crashes. A simple probe_kernel_address() should do the trick.
This API is going to change for the next cycle as it won't need
to rewind further than the first caller. So I'm going to do a
rough probe_kernel_address() fix for the current version. The next
one won't have this problem.
>
>
> static inline unsigned long rewind_frame_pointer(int n)
> {
> struct stack_frame *frame;
>
> get_bp(frame);
>
> #ifdef CONFIG_FRAME_POINTER
> while (n--)
> frame = frame->next_frame;
> #endif
>
> return (unsigned long)frame;
> }
>
>
>
next prev parent reply other threads:[~2010-04-08 10:59 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-26 1:52 [PATCH 0/7] perf updates and fixes Frederic Weisbecker
2010-03-26 1:52 ` [PATCH 1/7] perf: Drop the frame reliablity check Frederic Weisbecker
2010-03-26 1:52 ` [PATCH 2/7] perf: Fetch hot regs from the template caller Frederic Weisbecker
2010-03-26 1:52 ` [PATCH 3/7] x86: Unify dumpstack.h and stacktrace.h Frederic Weisbecker
2010-03-26 1:52 ` [PATCH 4/7] perf: Move perf_arch_fetch_caller_regs into a macro Frederic Weisbecker
2010-03-26 1:52 ` Frederic Weisbecker
2010-03-26 1:52 ` Frederic Weisbecker
2010-03-26 1:52 ` [PATCH 5/7] perf: Make perf_fetch_caller_regs rewind to the first caller only Frederic Weisbecker
2010-03-26 1:52 ` Frederic Weisbecker
2010-03-26 1:52 ` Frederic Weisbecker
2010-04-08 9:57 ` [BUG perf] perf_fetch_caller_regs / rewind_frame_pointer can panic Eric Dumazet
2010-04-08 10:59 ` Frederic Weisbecker [this message]
2010-04-08 12:32 ` [PATCH] perf: Fix unsafe frame rewinding with hot regs fetching Frederic Weisbecker
2010-04-08 12:32 ` Frederic Weisbecker
2010-04-08 13:52 ` Eric Dumazet
2010-04-08 17:31 ` [GIT PULL] perf fix Frederic Weisbecker
2010-04-13 22:51 ` Ingo Molnar
2010-03-26 1:52 ` [PATCH 6/7] perf: Use hot regs with software sched/migrate events Frederic Weisbecker
2010-03-26 1:52 ` [PATCH 7/7] perf: Correctly align perf event tracing buffer Frederic Weisbecker
2010-03-26 6:02 ` [PATCH 0/7] perf updates and fixes Paul Mackerras
2010-03-26 7:58 ` Ingo Molnar
2010-03-26 17:38 ` Frederic Weisbecker
2010-03-26 17:45 ` Frederic Weisbecker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100408105913.GE5247@nowhere \
--to=fweisbec@gmail.com \
--cc=a.p.zijlstra@chello.nl \
--cc=acme@redhat.com \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=paulus@samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.