Re: [PATCH 1/2] perf tools: Fix fault in error patch of intel_pt_process_auxtrace_info()

[Adrian Hunter <adrian.hunter@intel.com>]

On 01/02/16 05:21, Wang Nan wrote:
> In error processing path of intel_pt_process_auxtrace_info() it calls
> thread__zput() to clean and free pt->unknown_thread which is created by
> thread__new(). However, when error raise, a segfault happen:
> 
>  # perf script -F event,comm,pid,tid,time,addr,ip,sym,dso,iregs
>  Samples for 'instructions:u' event do not have IREGS attribute set. Cannot print 'iregs' field.
>  intel_pt_synth_events: failed to synthesize 'instructions' event type
>  Segmentation fault (core dumped)
> 
> The problem is: there's a union in 'struct thread' combines a list_head
> and a rb_node. The standard life cycle of a thread is: init rb_node during
> creating, inserted into machine->threads rbtree uses rb_node, move to
> machine->dead_threads using list_head, clean by thread__put:
> list_del_init(&thread->node).

I sent a different patch for this:

	http://marc.info/?l=linux-kernel&m=145381014011697


> 
> In the above command, it clean a thread before adding it into list,
> causes the above segfault.
> 
> This patch gives a fake list_head and link the thread into it before
> calling thread__zput(), get rid of the segfault.
> 
> After this patch:
>  # perf script -F event,comm,pid,tid,time,addr,ip,sym,dso,iregs
>  Samples for 'instructions:u' event do not have IREGS attribute set. Cannot print 'iregs' field.
>  intel_pt_synth_events: failed to synthesize 'instructions' event type
>  0x248 [0x88]: failed to process type: 70
> 
> Reported-by: Tong Zhang <ztong@vt.edu>
> Signed-off-by: Wang Nan <wangnan0@huawei.com>
> Cc: Adrian Hunter <adrian.hunter@intel.com>
> Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
> Cc: Josh Poimboeuf <jpoimboe@redhat.com>
> ---
>  tools/perf/util/intel-pt.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/tools/perf/util/intel-pt.c b/tools/perf/util/intel-pt.c
> index 81a2eb7..e2add63 100644
> --- a/tools/perf/util/intel-pt.c
> +++ b/tools/perf/util/intel-pt.c
> @@ -2013,6 +2013,7 @@ int intel_pt_process_auxtrace_info(union perf_event *event,
>  	struct auxtrace_info_event *auxtrace_info = &event->auxtrace_info;
>  	size_t min_sz = sizeof(u64) * INTEL_PT_PER_CPU_MMAPS;
>  	struct intel_pt *pt;
> +	struct list_head dead_thread;
>  	int err;
>  
>  	if (auxtrace_info->header.size < sizeof(struct auxtrace_info_event) +
> @@ -2153,6 +2154,9 @@ int intel_pt_process_auxtrace_info(union perf_event *event,
>  	return 0;
>  
>  err_delete_thread:
> +	RB_CLEAR_NODE(&pt->unknown_thread->rb_node);
> +	INIT_LIST_HEAD(&dead_thread);
> +	list_add(&pt->unknown_thread->node, &dead_thread);
>  	thread__zput(pt->unknown_thread);
>  err_free_queues:
>  	intel_pt_log_disable();
>