From: Jiri Olsa <jolsa@redhat.com>
To: Peter Zijlstra <peterz@infradead.org>
Cc: Jiri Olsa <jolsa@kernel.org>,
Vince Weaver <vincent.weaver@maine.edu>,
lkml <linux-kernel@vger.kernel.org>,
Ingo Molnar <mingo@kernel.org>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Andi Kleen <ak@linux.intel.com>
Subject: Re: [PATCH] perf/x86/intel: Init early callchain for bts event
Date: Mon, 12 Nov 2018 09:32:13 +0100 [thread overview]
Message-ID: <20181112083213.GD30042@krava> (raw)
In-Reply-To: <20181112002637.GD3056@worktop>
On Mon, Nov 12, 2018 at 01:26:37AM +0100, Peter Zijlstra wrote:
> On Sun, Nov 11, 2018 at 07:16:50PM +0100, Jiri Olsa wrote:
> > Vince reported crash in bts flush code when touching the
> > callchain data, which was supposed to be initialized
> > as an 'early' callchain data.
> >
> > BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
> > ...
>
> > It was triggered by fuzzer by can be easilt reproduced by:
> > # perf record -e cpu/branch-instructions/p -g -c 1
> >
> > The problem is that bts drain code does not initialize sample's
> > early callchain data and calls perf_prepare_sample with NULL
> > sample->callchain, even if it's expected to exist via
> > __PERF_SAMPLE_CALLCHAIN_EARLY sample type bit.
>
> Not sure that is the actual problem, nor that this:
>
> > @@ -612,6 +614,9 @@ int intel_pmu_drain_bts_buffer(void)
> >
> > perf_sample_data_init(&data, 0, event->hw.last_period);
> >
> > + if (event->attr.sample_type & __PERF_SAMPLE_CALLCHAIN_EARLY)
> > + data.callchain = &__empty_callchain;
> > +
> > /*
> > * BTS leaks kernel addresses in branches across the cpl boundary,
> > * such as traps or system calls, so unless the user is asking for
>
> is the right fix.
>
> If you look at commit:
>
> 6cbc304f2f36 ("perf/x86/intel: Fix unwind errors from PEBS entries (mk-II)")
>
> Then the right fix would be to do perf_callchain() from the BTS drain
> code -- if '/p'.
>
> Because prior to that commit, we would do a perf_callchain() in
> intel_pmu_drain_bts_buffer()'s call to perf_prepare_sample(), which
> would do an actual stack unwind for a branch entry.
>
> With your patch, we get an empty stack for every entry.
>
> Which is a change in behaviour...
I thought there's no callchain anyway, because we use zero-ed regs
>
> Now arguably, this is really stupid behaviour. Who in his right mind
> wants callchain output on BTS entries. And even if they do, BTS +
> precise_ip is nonsensical.
>
> So in my mind disallowing precise_ip on BTS would be the simplest fix.
>
> Hmm?
sounds ok, will post it
thanks,
jirka
prev parent reply other threads:[~2018-11-12 8:32 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-11 18:16 [PATCH] perf/x86/intel: Init early callchain for bts event Jiri Olsa
2018-11-12 0:26 ` Peter Zijlstra
2018-11-12 3:28 ` Andi Kleen
2018-11-12 8:32 ` Jiri Olsa [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181112083213.GD30042@krava \
--to=jolsa@redhat.com \
--cc=acme@kernel.org \
--cc=ak@linux.intel.com \
--cc=alexander.shishkin@linux.intel.com \
--cc=jolsa@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=peterz@infradead.org \
--cc=vincent.weaver@maine.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.