Re: [RESEND PATCH] perf: top: fix a segfault when kernel map is restricted.

[Arnaldo Carvalho de Melo <acme@kernel.org>]

Em Sat, Apr 25, 2015 at 07:25:03AM +0000, Wang Nan escreveu:
> Perf top raise a warning if a kernel sample is collected but kernel map
> is restricted. The warning message needs to dereference al.map->dso...
> However, previous perf_event__preprocess_sample() doesn't always
> guarantee al.map != NULL, for example, when kernel map is restricted.
> 
> This patch validates al.map before dereferencing, avoid the segfault.
> 
> Before this patch:
> 
>  $ cat /proc/sys/kernel/kptr_restrict
>  1
>  $ perf top -p  120183
>  perf: Segmentation fault
>  -------- backtrace --------
>  /path/to/perf[0x509868]
>  /lib64/libc.so.6(+0x3545f)[0x7f9a1540045f]
>  /path/to/perf[0x448820]
>  /path/to/perf(cmd_top+0xe3c)[0x44a5dc]
>  /path/to/perf[0x4766a2]
>  /path/to/perf(main+0x5f5)[0x42e545]
>  /lib64/libc.so.6(__libc_start_main+0xf4)[0x7f9a153ecbd4]
>  /path/to/perf[0x42e674]

Thanks for the detailed report, I reproduced the problem here and I am
applying the patch.

- Arnaldo
 
> And gdb call trace:
> 
>  Program received signal SIGSEGV, Segmentation fault.
>  perf_event__process_sample (machine=0xa44030, sample=0x7fffffffa4c0, evsel=0xa43b00, event=0x7ffff41c3000, tool=0x7fffffffa8a0)
>     at builtin-top.c:736
>  736				  !RB_EMPTY_ROOT(&al.map->dso->symbols[MAP__FUNCTION]) ?
>  (gdb) bt
>  #0  perf_event__process_sample (machine=0xa44030, sample=0x7fffffffa4c0, evsel=0xa43b00, event=0x7ffff41c3000, tool=0x7fffffffa8a0)
>      at builtin-top.c:736
>  #1  perf_top__mmap_read_idx (top=top@entry=0x7fffffffa8a0, idx=idx@entry=0) at builtin-top.c:855
>  #2  0x000000000044a5dd in perf_top__mmap_read (top=0x7fffffffa8a0) at builtin-top.c:872
>  #3  __cmd_top (top=0x7fffffffa8a0) at builtin-top.c:997
>  #4  cmd_top (argc=<optimized out>, argv=<optimized out>, prefix=<optimized out>) at builtin-top.c:1267
>  #5  0x00000000004766a3 in run_builtin (p=p@entry=0x8a6ce8 <commands+264>, argc=argc@entry=3, argv=argv@entry=0x7fffffffdf70)
>       at perf.c:371
>  #6  0x000000000042e546 in handle_internal_command (argv=0x7fffffffdf70, argc=3) at perf.c:430
>  #7  run_argv (argv=0x7fffffffdcf0, argcp=0x7fffffffdcfc) at perf.c:474
>  #8  main (argc=3, argv=0x7fffffffdf70) at perf.c:589
>  (gdb)
> 
> Signed-off-by: Wang Nan <wangnan0@huawei.com>
> ---
> 
> I don't receive previous mail from the list so send it again.
> 
> ---
> 
>  tools/perf/builtin-top.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/tools/perf/builtin-top.c b/tools/perf/builtin-top.c
> index 1cb3436..6a4d5d4 100644
> --- a/tools/perf/builtin-top.c
> +++ b/tools/perf/builtin-top.c
> @@ -733,7 +733,7 @@ static void perf_event__process_sample(struct perf_tool *tool,
>  "Kernel address maps (/proc/{kallsyms,modules}) are restricted.\n\n"
>  "Check /proc/sys/kernel/kptr_restrict.\n\n"
>  "Kernel%s samples will not be resolved.\n",
> -			  !RB_EMPTY_ROOT(&al.map->dso->symbols[MAP__FUNCTION]) ?
> +			  al.map && !RB_EMPTY_ROOT(&al.map->dso->symbols[MAP__FUNCTION]) ?
>  			  " modules" : "");
>  		if (use_browser <= 0)
>  			sleep(5);
> -- 
> 1.8.3.4