From: Jiri Olsa <jolsa@redhat.com>
To: He Zhe <zhe.he@windriver.com>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>,
Andi Kleen <ak@linux.intel.com>,
jolsa@kernel.org, meyerk@hpe.com, linux-kernel@vger.kernel.org,
acme@kernel.org
Subject: Re: [PATCH] perf: Fix crash due to null pointer dereference when iterating cpu map
Date: Fri, 6 Mar 2020 09:30:00 +0100 [thread overview]
Message-ID: <20200306083000.GB248782@krava> (raw)
In-Reply-To: <f5a7ff48-659a-bce1-2ad0-54f334c27379@windriver.com>
On Fri, Mar 06, 2020 at 03:20:55PM +0800, He Zhe wrote:
>
>
> On 3/6/20 3:58 AM, Arnaldo Carvalho de Melo wrote:
> > Em Thu, Mar 05, 2020 at 10:32:06AM -0800, Andi Kleen escreveu:
> >> On Thu, Mar 05, 2020 at 12:27:55PM -0300, Arnaldo Carvalho de Melo wrote:
> >>> Em Thu, Mar 05, 2020 at 06:47:19PM +0800, zhe.he@windriver.com escreveu:
> >>>> From: He Zhe <zhe.he@windriver.com>
> >>>>
> >>>> NULL pointer may be passed to perf_cpu_map__cpu and then cause the
> >>>> following crash.
> >>>>
> >>>> perf ftrace -G start_kernel ls
> >>>> failed to set tracing filters
> >>>> [ 208.710716] perf[341]: segfault at 4 ip 00000000567c7c98
> >>>> sp 00000000ff937ae0 error 4 in perf[56630000+1b2000]
> >>>> [ 208.724778] Code: fc ff ff e8 aa 9b 01 00 8d b4 26 00 00 00 00 8d
> >>>> 76 00 55 89 e5 83 ec 18 65 8b 0d 14 00 00 00 89
> >>>> 4d f4 31 c9 8b 45 08 8b9
> >>>> Segmentation fault
> >>> I'm not being able to repro this here, what is the tree you are using?
> >> I believe that's the same bug that Jann Horn reported recently for perf trace.
> >> I thought the patch for that went in.
> > Ok, Zhe, that patch is at the end of this message, and it is in:
> >
> > [acme@five perf]$ git tag --contains cb71f7d43ece3d5a4f400f510c61b2ec7c9ce9a1 | grep ^v
> > v5.6-rc1
> > v5.6-rc2
> > v5.6-rc3
> > v5.6-rc4
> > [acme@five perf]$
> >
> > Can you try with that?
>
> Thanks, that does fix the issue I met.
>
> BTW, my change in perf_cpu_map__cpu can be used as a preventive check
> and the "1" in perf_cpu_map__cpu should be "0", and assigning a NULL in
I agree, can't see why we had 1 in here.. must be connected to the dummy
map.. could you please double check with all the perf_cpu_map__nr usages
that the 0 will work as expected?
> perf_evlist__exit makes the clearing complete. So are they worth a new patch?
the rest of the hunks looks good as preventive checks
thanks,
jirka
next prev parent reply other threads:[~2020-03-06 8:30 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-05 10:47 [PATCH] perf: Fix crash due to null pointer dereference when iterating cpu map zhe.he
2020-03-05 15:27 ` Arnaldo Carvalho de Melo
2020-03-05 18:32 ` Andi Kleen
2020-03-05 19:58 ` Arnaldo Carvalho de Melo
2020-03-06 7:20 ` He Zhe
2020-03-06 8:30 ` Jiri Olsa [this message]
2020-03-08 10:23 ` He Zhe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200306083000.GB248782@krava \
--to=jolsa@redhat.com \
--cc=acme@kernel.org \
--cc=acme@redhat.com \
--cc=ak@linux.intel.com \
--cc=jolsa@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=meyerk@hpe.com \
--cc=zhe.he@windriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.