From: Philippe Elie <phil.el@wanadoo.fr>
To: Dave Hansen <haveblue@us.ibm.com>
Cc: oprofile-list@lists.sourceforge.net,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
John Levon <levon@movementarian.org>
Subject: Re: Oops running oprofile in 2.5.62
Date: Wed, 05 Mar 2003 20:15:19 +0000 [thread overview]
Message-ID: <3E665AD7.5030600@wanadoo.fr> (raw)
In-Reply-To: 3E5DB057.60503@us.ibm.com
Dave Hansen wrote:
> This happened while running dbench on 2.5.62. I haven't seen it before,
> but I thought I'd report it anyway. I'm using the 0.5 version of the
> userspace tools.
>
> I'm pretty sure it happened on this line in oprofile_add_sample():
> cpu_buf->buffer[cpu_buf->pos].eip = eip;
yes, in the last chunk of code in oprofile_add_sample()
> Unable to handle kernel paging request at virtual address f8c3c000
> c0212022
> *pde = 00000000
> Oops: 0002
> CPU: 13
> EIP: 0060:[<c0212022>] Not tainted
> Using defaults from ksymoops -t elf32-i386 -a i386
> EFLAGS: 00010046
> eax: 40082d94 ebx: 00000340 ecx: 00002000 edx: f8c2c000
^^^^^^^^
buffer overrrun by one entry (8192 entry by default of 8 bytes
each on x86), potentially oprofile_add_sample() add 3 events
in buffer but the protection at begin of code protect against
two addition not three
The bug is rare because add_sample use three entry in rare case,
and thing are wrong only when cpu_buf->pos == buffer_size - 2
the code is not fixed in 2.5.64, John if you have not already
a patch pending for this can you push it in your tree ?
void oprofile_add_sample(unsigned long eip, unsigned int is_kernel,
unsigned long event, int cpu)
.....
- if (cpu_buf->pos > buffer_size - 2) {
+
if (cpu_buf->pos > buffer_size - 3) {
cpu_buf->sample_lost_overflow++;
goto out;
}
>>>EIP; c0212022 <oprofile_add_sample+102/128> <=====
>>
>
>>>edi; c0310f00 <cpu_buffer+340/800>
>>
>
> Trace; c02139f0 <ppro_check_ctrs+4c/80>
> Trace; c0213291 <nmi_callback+21/28>
> Trace; c010a1eb <do_nmi+2b/48>
> Trace; c010962e <nmi+1e/30>
>
> Code; c0212022 <oprofile_add_sample+102/128>
> 00000000 <_EIP>:
> Code; c0212022 <oprofile_add_sample+102/128> <=====
> 0: 89 04 ca mov %eax,(%edx,%ecx,8) <=====
ecx == cpu_bufffer->pos == buffer_size ... boom ...
regards,
Philippe Elie
prev parent reply other threads:[~2003-03-05 19:01 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-02-27 6:29 Oops running oprofile in 2.5.62 Dave Hansen
2003-02-27 17:37 ` John Levon
2003-02-27 17:54 ` Dave Hansen
2003-03-05 20:15 ` Philippe Elie [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3E665AD7.5030600@wanadoo.fr \
--to=phil.el@wanadoo.fr \
--cc=haveblue@us.ibm.com \
--cc=levon@movementarian.org \
--cc=linux-kernel@vger.kernel.org \
--cc=oprofile-list@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.