From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B9B21EB64DD for ; Mon, 24 Jul 2023 21:03:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230346AbjGXVDp (ORCPT ); Mon, 24 Jul 2023 17:03:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44878 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230301AbjGXVDp (ORCPT ); Mon, 24 Jul 2023 17:03:45 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 461AA187 for ; Mon, 24 Jul 2023 14:03:44 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id CA19061263 for ; Mon, 24 Jul 2023 21:03:43 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D6814C433C7; Mon, 24 Jul 2023 21:03:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690232623; bh=kYSEueI+WBIYmfRMFPhQ6AKpNjlY0FqGZ2t/LW3XT2I=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=E5m3HGxIfKlAAVQnBAFY5vLtZKt7ZnRYYHZsszZGFmiAprJU4tInJAFLhC9a84aC4 SzmhGmV8naumS1zchR2tzKDmrtuEvC2YVL8WIDlaLyrHtf6ApcaE99rK20kBendpZR nFaV/f+RJhYi0r+rNN4pCa0m7+ivwil5Mw8UDCu1MIXsgHKrm/66pbvVUUfUQY/+j0 ujYklEejHyHzgZe4Df2Ym4ZDOmU9pwEkHw8dgFqNguHeeB3fc/f11B6WZ/m6o7kUK/ IsgUV5NM8iyR1wifjZ5x+pbCfJYdLWx4o7qqZxdBntqWe5QlDJpKEdKS8ef1wyHNCw Tq5CCQm4EFsoA== Received: by quaco.ghostprotocols.net (Postfix, from userid 1000) id 2F0D240516; Mon, 24 Jul 2023 18:03:40 -0300 (-03) Date: Mon, 24 Jul 2023 18:03:40 -0300 From: Arnaldo Carvalho de Melo To: Athira Rajeev , Adrian Hunter Cc: jolsa@kernel.org, irogers@google.com, namhyung@kernel.org, linux-perf-users@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, maddy@linux.ibm.com, kjain@linux.ibm.com, disgoel@linux.vnet.ibm.com, "Aneesh Kumar K . V" Subject: Re: [PATCH] tools/perf: Fix addr location init during arch_skip_callchain_idx function Message-ID: References: <20230724165815.17810-1-atrajeev@linux.vnet.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230724165815.17810-1-atrajeev@linux.vnet.ibm.com> X-Url: http://acmel.wordpress.com Precedence: bulk List-ID: X-Mailing-List: linux-perf-users@vger.kernel.org Em Mon, Jul 24, 2023 at 10:28:15PM +0530, Athira Rajeev escreveu: > perf record with callchain recording fails as below > in powerpc: > > ./perf record -a -gR sleep 10 > ./perf report > perf: Segmentation fault > > gdb trace points to thread__find_map > > 0 0x00000000101df314 in atomic_cmpxchg (newval=1818846826, oldval=1818846827, v=0x1001a8f3) at /home/athira/linux/tools/include/asm-generic/atomic-gcc.h:70 > 1 refcount_sub_and_test (i=1, r=0x1001a8f3) at /home/athira/linux/tools/include/linux/refcount.h:135 > 2 refcount_dec_and_test (r=0x1001a8f3) at /home/athira/linux/tools/include/linux/refcount.h:148 > 3 map__put (map=0x1001a8b3) at util/map.c:311 > 4 0x000000001016842c in __map__zput (map=0x7fffffffa368) at util/map.h:190 > 5 thread__find_map (thread=0x105b92f0, cpumode=, addr=13835058055283572736, al=al@entry=0x7fffffffa358) at util/event.c:582 > 6 0x000000001016882c in thread__find_symbol (thread=, cpumode=, addr=, al=0x7fffffffa358) at util/event.c:656 > 7 0x00000000102e12b4 in arch_skip_callchain_idx (thread=, chain=) at arch/powerpc/util/skip-callchain-idx.c:255 > 8 0x00000000101d3bf4 in thread__resolve_callchain_sample (thread=0x105b92f0, cursor=0x1053d160, evsel=, sample=0x7fffffffa908, parent=0x7fffffffa778, root_al=0x7fffffffa710, > max_stack=) at util/machine.c:2940 > 9 0x00000000101cd210 in sample__resolve_callchain (sample=, cursor=, parent=, evsel=, al=, max_stack=) > at util/callchain.c:1112 > 10 0x000000001022a9d8 in hist_entry_iter__add (iter=0x7fffffffa750, al=0x7fffffffa710, max_stack_depth=, arg=0x7fffffffbbd0) at util/hist.c:1232 > 11 0x0000000010056d98 in process_sample_event (tool=0x7fffffffbbd0, event=0x7ffff6223c38, sample=0x7fffffffa908, evsel=, machine=0x10524ef8) at builtin-report.c:332 > > Here arch_skip_callchain_idx calls thread__find_symbol and which > invokes thread__find_map with uninitialised "addr_location". > Snippet: > > thread__find_symbol(thread, PERF_RECORD_MISC_USER, ip, &al); > > Recent change with commit 0dd5041c9a0ea ("perf addr_location: > Add init/exit/copy functions"), introduced "maps__zput" in the > function thread__find_map. This could result in segfault while > accessing uninitialised map from "struct addr_location". Fix this > by adding addr_location__init and addr_location__exit in > arch_skip_callchain_idx. Thanks, applied. > Fixes: 0dd5041c9a0ea ("perf addr_location: Add init/exit/copy functions") > Reported-by: Aneesh Kumar K.V > Signed-off-by: Athira Rajeev I'll also do a audit of all calls to thread__find_map() and its callers to check for other such cases :-\ For instance, this one seem buggy as well, Adrian? diff --git a/tools/perf/util/dlfilter.c b/tools/perf/util/dlfilter.c index 46f74b2344dbb34c..798a53d7e6c9dfc5 100644 --- a/tools/perf/util/dlfilter.c +++ b/tools/perf/util/dlfilter.c @@ -166,6 +166,7 @@ static __s32 dlfilter__resolve_address(void *ctx, __u64 address, struct perf_dlf if (!thread) return -1; + addr_location__init(&al); thread__find_symbol_fb(thread, d->sample->cpumode, address, &al); al_to_d_al(&al, &d_al);