From: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
To: Ingo Molnar <mingo@elte.hu>,
Arnaldo Carvalho de Melo <acme@infradead.org>,
LKML <linux-kernel@vger.kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>
Cc: Alexei Starovoitov <ast@kernel.org>,
"David S. Miller" <davem@davemloft.net>,
Anshuman Khandual <khandual@linux.vnet.ibm.com>
Subject: perf list segfaults on the v4.4-rc8 (bisect log added)
Date: Sat, 9 Jan 2016 02:09:41 +0530 [thread overview]
Message-ID: <20160108203941.GA17012@linux.vnet.ibm.com> (raw)
With latest mainline perf, perf list results in a Segmentation fault on
a powerpc machine.
$ ./perf list
Segmentation fault (core dumped)
$
git bisect start
# bad: [02006f7a7a715af10974a30b7ad8e6ee340f954c] Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux
git bisect bad 02006f7a7a715af10974a30b7ad8e6ee340f954c
# good: [9fb4765451f22c5e782c1590747717550bff34b2] perf tools: Fix build break on powerpc due to sample_reg_masks
git bisect good 9fb4765451f22c5e782c1590747717550bff34b2
# bad: [e880e87488d5bbf630dd716e6de8a53585614568] Merge tag 'driver-core-4.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
git bisect bad e880e87488d5bbf630dd716e6de8a53585614568
# bad: [b0f85fa11aefc4f3e03306b4cd47f113bd57dcba] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
git bisect bad b0f85fa11aefc4f3e03306b4cd47f113bd57dcba
# good: [c0859e2f4ca530c0bf6a333ca3eb8430008e62c9] Bluetooth: btmrvl: add missing of_node_put
git bisect good c0859e2f4ca530c0bf6a333ca3eb8430008e62c9
# good: [105ff3cbf225036b75a6a46c96d1ddce8e7bdc66] atomic: remove all traces of READ_ONCE_CTRL() and atomic*_read_ctrl()
git bisect good 105ff3cbf225036b75a6a46c96d1ddce8e7bdc66
# good: [ccc9d4a6d640cbde05d519edeb727881646cf71b] Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
git bisect good ccc9d4a6d640cbde05d519edeb727881646cf71b
# bad: [371e59adcebf9953385bf46d5325ac39a53c5520] switchdev: Make flood to CPU optional
git bisect bad 371e59adcebf9953385bf46d5325ac39a53c5520
# bad: [c1ab3f1dea3df566ad38caf98baf69c656679090] tipc: make struct tipc_link generic to support broadcast
git bisect bad c1ab3f1dea3df566ad38caf98baf69c656679090
# bad: [c7fc9eb79a89049214f9870a6cf978050aaea43a] net: hisilicon: deals with the sub ctrl by syscon
git bisect bad c7fc9eb79a89049214f9870a6cf978050aaea43a
# good: [eb9fae328faff9807a4ab5c1834b19f34dd155d4] Merge branch 'tcp-rack'
git bisect good eb9fae328faff9807a4ab5c1834b19f34dd155d4
# bad: [721daebbdb9ba44756a9695878ecca8aad38009b] Merge branch 'bpf-perf'
git bisect bad 721daebbdb9ba44756a9695878ecca8aad38009b
# good: [844338e5a46f5d80566fa853c6168a78cdadab01] ARM: gemini: remove unnecessary mdio-gpio includes
git bisect good 844338e5a46f5d80566fa853c6168a78cdadab01
# good: [63b11e757d6dae570bc22450ec58a5b68cdf5c3c] ipvlan: read direct ifindex instead of iflink
git bisect good 63b11e757d6dae570bc22450ec58a5b68cdf5c3c
# bad: [a43eec304259a6c637f4014a6d4767159b6a3aa3] bpf: introduce bpf_perf_event_output() helper
git bisect bad a43eec304259a6c637f4014a6d4767159b6a3aa3
# good: [fa128e6a148a0a58355bd6814c6283515bbd028a] perf: pad raw data samples automatically
git bisect good fa128e6a148a0a58355bd6814c6283515bbd028a
# first bad commit: [a43eec304259a6c637f4014a6d4767159b6a3aa3] bpf: introduce bpf_perf_event_output() helper
I have done a clean build with fa128e6a148a0a58355bd6814c6283515bbd028a
(which is a43eec304259a6c637f4014a6d4767159b6a3aa3's parent) to verify
that the problem indeed occurs with this patch.
Attached is the patch that causes this issue for quick reference.
>From a43eec304259a6c637f4014a6d4767159b6a3aa3 Mon Sep 17 00:00:00 2001
From: Alexei Starovoitov <ast@plumgrid.com>
Date: Tue, 20 Oct 2015 20:02:34 -0700
Subject: [PATCH] bpf: introduce bpf_perf_event_output() helper
This helper is used to send raw data from eBPF program into
special PERF_TYPE_SOFTWARE/PERF_COUNT_SW_BPF_OUTPUT perf_event.
User space needs to perf_event_open() it (either for one or all cpus) and
store FD into perf_event_array (similar to bpf_perf_event_read() helper)
before eBPF program can send data into it.
Today the programs triggered by kprobe collect the data and either store
it into the maps or print it via bpf_trace_printk() where latter is the debug
facility and not suitable to stream the data. This new helper replaces
such bpf_trace_printk() usage and allows programs to have dedicated
channel into user space for post-processing of the raw data collected.
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index 564f1f0..2e03242 100644
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -287,6 +287,17 @@ enum bpf_func_id {
* Return: realm if != 0
*/
BPF_FUNC_get_route_realm,
+
+ /**
+ * bpf_perf_event_output(ctx, map, index, data, size) - output perf raw sample
+ * @ctx: struct pt_regs*
+ * @map: pointer to perf_event_array map
+ * @index: index of event in the map
+ * @data: data on stack to be output as raw data
+ * @size: size of data
+ * Return: 0 on success
+ */
+ BPF_FUNC_perf_event_output,
__BPF_FUNC_MAX_ID,
};
diff --git a/include/uapi/linux/perf_event.h b/include/uapi/linux/perf_event.h
index 2881145..d3c4176 100644
--- a/include/uapi/linux/perf_event.h
+++ b/include/uapi/linux/perf_event.h
@@ -110,6 +110,7 @@ enum perf_sw_ids {
PERF_COUNT_SW_ALIGNMENT_FAULTS = 7,
PERF_COUNT_SW_EMULATION_FAULTS = 8,
PERF_COUNT_SW_DUMMY = 9,
+ PERF_COUNT_SW_BPF_OUTPUT = 10,
PERF_COUNT_SW_MAX, /* non-ABI */
};
diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c
index f2d9e69..e3cfe46 100644
--- a/kernel/bpf/arraymap.c
+++ b/kernel/bpf/arraymap.c
@@ -295,6 +295,8 @@ static void *perf_event_fd_array_get_ptr(struct bpf_map *map, int fd)
return (void *)attr;
if (attr->type != PERF_TYPE_RAW &&
+ !(attr->type == PERF_TYPE_SOFTWARE &&
+ attr->config == PERF_COUNT_SW_BPF_OUTPUT) &&
attr->type != PERF_TYPE_HARDWARE) {
perf_event_release_kernel(event);
return ERR_PTR(-EINVAL);
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 1d6b97b..b56cf51 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -245,6 +245,7 @@ static const struct {
} func_limit[] = {
{BPF_MAP_TYPE_PROG_ARRAY, BPF_FUNC_tail_call},
{BPF_MAP_TYPE_PERF_EVENT_ARRAY, BPF_FUNC_perf_event_read},
+ {BPF_MAP_TYPE_PERF_EVENT_ARRAY, BPF_FUNC_perf_event_output},
};
static void print_verifier_state(struct verifier_env *env)
@@ -910,7 +911,7 @@ static int check_map_func_compatibility(struct bpf_map *map, int func_id)
* don't allow any other map type to be passed into
* the special func;
*/
- if (bool_map != bool_func)
+ if (bool_func && bool_map != bool_func)
return -EINVAL;
}
diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index 0fe96c7..47febbe 100644
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -215,6 +215,50 @@ const struct bpf_func_proto bpf_perf_event_read_proto = {
.arg2_type = ARG_ANYTHING,
};
+static u64 bpf_perf_event_output(u64 r1, u64 r2, u64 index, u64 r4, u64 size)
+{
+ struct pt_regs *regs = (struct pt_regs *) (long) r1;
+ struct bpf_map *map = (struct bpf_map *) (long) r2;
+ struct bpf_array *array = container_of(map, struct bpf_array, map);
+ void *data = (void *) (long) r4;
+ struct perf_sample_data sample_data;
+ struct perf_event *event;
+ struct perf_raw_record raw = {
+ .size = size,
+ .data = data,
+ };
+
+ if (unlikely(index >= array->map.max_entries))
+ return -E2BIG;
+
+ event = (struct perf_event *)array->ptrs[index];
+ if (unlikely(!event))
+ return -ENOENT;
+
+ if (unlikely(event->attr.type != PERF_TYPE_SOFTWARE ||
+ event->attr.config != PERF_COUNT_SW_BPF_OUTPUT))
+ return -EINVAL;
+
+ if (unlikely(event->oncpu != smp_processor_id()))
+ return -EOPNOTSUPP;
+
+ perf_sample_data_init(&sample_data, 0, 0);
+ sample_data.raw = &raw;
+ perf_event_output(event, &sample_data, regs);
+ return 0;
+}
+
+static const struct bpf_func_proto bpf_perf_event_output_proto = {
+ .func = bpf_perf_event_output,
+ .gpl_only = false,
+ .ret_type = RET_INTEGER,
+ .arg1_type = ARG_PTR_TO_CTX,
+ .arg2_type = ARG_CONST_MAP_PTR,
+ .arg3_type = ARG_ANYTHING,
+ .arg4_type = ARG_PTR_TO_STACK,
+ .arg5_type = ARG_CONST_STACK_SIZE,
+};
+
static const struct bpf_func_proto *kprobe_prog_func_proto(enum bpf_func_id func_id)
{
switch (func_id) {
@@ -242,6 +286,8 @@ static const struct bpf_func_proto *kprobe_prog_func_proto(enum bpf_func_id func
return &bpf_get_smp_processor_id_proto;
case BPF_FUNC_perf_event_read:
return &bpf_perf_event_read_proto;
+ case BPF_FUNC_perf_event_output:
+ return &bpf_perf_event_output_proto;
default:
return NULL;
}
--
Thanks and Regards
Srikar Dronamraju
next reply other threads:[~2016-01-08 20:39 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-08 20:39 Srikar Dronamraju [this message]
2016-01-08 21:01 ` perf list segfaults on the v4.4-rc8 (bisect log added) Alexei Starovoitov
2016-01-08 22:01 ` Srikar Dronamraju
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160108203941.GA17012@linux.vnet.ibm.com \
--to=srikar@linux.vnet.ibm.com \
--cc=acme@infradead.org \
--cc=ast@kernel.org \
--cc=davem@davemloft.net \
--cc=khandual@linux.vnet.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.