From: Ingo Molnar <mingo@kernel.org>
To: Namhyung Kim <namhyung@kernel.org>
Cc: Arnaldo Carvalho de Melo <acme@infradead.org>,
linux-kernel@vger.kernel.org, Arun Sharma <asharma@fb.com>,
Corey Ashford <cjashfor@linux.vnet.ibm.com>,
David Ahern <dsahern@gmail.com>,
Dong Hao <haodong@linux.vnet.ibm.com>,
Frederic Weisbecker <fweisbec@gmail.com>,
Irina Tirdea <irina.tirdea@gmail.com>,
Irina Tirdea <irina.tirdea@intel.com>,
Jiri Olsa <jolsa@redhat.com>, Mike Galbraith <efault@gmx.de>,
Paul Mackerras <paulus@samba.org>,
Peter Zijlstra <peterz@infradead.org>,
Runzhen Wang <runzhen@linux.vnet.ibm.com>,
Stephane Eranian <eranian@google.com>,
Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com>,
arnaldo.melo@gmail.com,
Arnaldo Carvalho de Melo <acme@redhat.com>
Subject: Re: [GIT PULL 00/42] perf/core improvements and fixes
Date: Fri, 5 Oct 2012 12:22:09 +0200 [thread overview]
Message-ID: <20121005102208.GA8211@gmail.com> (raw)
In-Reply-To: <87d30xjo7n.fsf@sejong.aot.lge.com>
* Namhyung Kim <namhyung@kernel.org> wrote:
> Hi Ingo,
>
> On Fri, 5 Oct 2012 10:18:04 +0200, Ingo Molnar wrote:
> > I also noticed a 'perf trace' bug, after running 'perf trace' it
> > outputs lines but then gets hung:
> >
> > PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
> > 6081 mingo 20 0 18.2g 14g 3544 D 18.6 91.2 0:20.28 perf
> >
> > and then after half a minute it gets active again, outputting
> > lines and then segfaulting:
> >
> > LOST 1 events!
> > 31082 ) = 375
> > 31082 write(fd: 3, buf: 140030569454096, count: 48LOST 1 events!
> > 31082 select(n: 13, inp: 140030569376688, outp: 140030569376656, exp: 0, tvp: 031082 ) = 2
> > Segmentation fault
> >
> > It's a 16-way box running:
> >
> > Linux comet 3.5.4-1.fc17.x86_64 #1 SMP Mon Sep 17 15:03:59 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
> >
> > Note how much the RSS is, 14 GB of RAM with less of 1 minute
> > running. The segfault might be related to a failed allocation
> > not being handled correctly perhaps.
>
> I also hit the segfault but it was due to a broken sample data:
>
> Core was generated by `./perf trace'.
> Program terminated with signal 11, Segmentation fault.
> #0 perf_evsel__intval (evsel=evsel@entry=0xeae8c0, sample=sample@entry=0x7fff42278130, name=name@entry=0x55034d "id")
> at util/evsel.c:1148
> 1148 value = *(u64 *)ptr;
>
> (gdb) bt
> #0 perf_evsel__intval (evsel=evsel@entry=0xeae8c0, sample=sample@entry=0x7fff42278130, name=name@entry=0x55034d "id")
> at util/evsel.c:1148
> #1 0x0000000000446987 in trace__syscall_info (sample=0x7fff42278130, evsel=0xeae8c0, trace=0x7fff422781b0)
> at builtin-trace.c:147
> #2 trace__sys_exit (trace=0x7fff422781b0, evsel=0xeae8c0, sample=0x7fff42278130) at builtin-trace.c:193
> #3 0x00000000004470c1 in trace__run (argv=<optimized out>, argc=<optimized out>, trace=0x7fff422781b0) at builtin-trace.c:310
> #4 cmd_trace (argc=<optimized out>, argv=<optimized out>, prefix=<optimized out>) at builtin-trace.c:396
> #5 0x0000000000418c93 in run_builtin (p=p@entry=0x7b19d8, argc=argc@entry=1, argv=argv@entry=0x7fff4227a7a0) at perf.c:312
> #6 0x000000000041846e in handle_internal_command (argv=0x7fff4227a7a0, argc=1) at perf.c:360
> #7 run_argv (argv=0x7fff4227a590, argcp=0x7fff4227a59c) at perf.c:404
> #8 main (argc=1, argv=0x7fff4227a7a0) at perf.c:502
> (gdb) list
> 1143 break;
> 1144 case 4:
> 1145 value = *(u32 *)ptr;
> 1146 break;
> 1147 case 8:
> 1148 value = *(u64 *)ptr;
> 1149 break;
> 1150 default:
> 1151 return 0;
> 1152 }
> (gdb) p ptr
> $1 = (void *) 0x10
> (gdb) p *sample
> $2 = {ip = 0, pid = 0, tid = 0, time = 15762598695796738, addr = 0, id = 315, stream_id = 18446744073709551615, period = 1,
> cpu = 143, raw_size = 0, raw_data = 0x0, callchain = 0x0, branch_stack = 0x0, user_regs = {regs = 0x0}, user_stack = {
> offset = 0, size = 0, data = 0x0}}
>
>
> In this case 'sample->raw_data' was NULL and other fields
> seemed invalid as well. I guess we need some kind of
> protection?
Yeah, the code should assume the perf.data to be 100% untrusted,
i.e. it can be random input and should never crash, lock up or
misbehave.
Thanks,
Ingo
prev parent reply other threads:[~2012-10-05 10:22 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-04 18:08 [GIT PULL 00/42] perf/core improvements and fixes Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 01/42] perf tools: Move libdw availability check before arch Makefile Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 02/42] perf tools: Remove unused PYRF_OBJS variable on Makefile Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 03/42] perf tools: Convert to LIBELF_SUPPORT Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 04/42] perf tools: Convert to LIBUNWIND_SUPPORT Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 05/42] perf tools: Convert to LIBAUDIT_SUPPORT Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 06/42] perf tools: Convert to NEWT_SUPPORT Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 07/42] perf tools: Convert to GTK2_SUPPORT Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 08/42] perf tools: Convert to HAVE_STRLCPY Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 09/42] perf trace: Use evsel->handler.func Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 10/42] perf inject: Remove unused 'input_name' static var Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 11/42] perf inject: Remove static variables Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 12/42] perf sched: Look up thread using tid instead of pid Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 13/42] perf stat: Don't use globals where not needed to Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 14/42] perf script: " Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 15/42] perf help: " Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 16/42] perf kmem: " Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 17/42] perf lock: " Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 18/42] perf timechart: " Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 19/42] perf buildid-cache: " Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 20/42] perf buildid-list: " Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 21/42] perf probe: " Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 22/42] perf top: " Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 23/42] perf evlist: " Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 24/42] perf record: " Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 25/42] perf inject: " Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 26/42] perf tools: Check existence of _get_comp_words_by_ref when bash completing Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 27/42] perf tools: Complete long option names of perf command Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 28/42] perf tools: Long option completion support for each subcommands Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 29/42] perf tools: Convert to BACKTRACE_SUPPORT Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 30/42] perf kvm: Move global variables into a perf_kvm struct Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 31/42] perf evlist: Introduce add_newtp method Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 32/42] perf evlist: Remove some unused methods Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 33/42] perf tools: Complete tracepoint event names Arnaldo Carvalho de Melo
2012-10-05 12:39 ` Frederic Weisbecker
2012-10-04 18:08 ` [PATCH 34/42] perf hists: Add struct hists pointer to struct hist_entry Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 35/42] perf diff: Refactor diff displacement possition info Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 36/42] perf hists: Separate overhead and baseline columns Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 37/42] perf tools: Removing hists pair argument from output path Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 38/42] perf tool: Add hpp interface to enable/disable hpp column Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 39/42] perf diff: Removing the total_period argument from output code Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 40/42] perf hists: Introduce struct he_stat Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 41/42] perf hists: Move he->stat.nr_events initialization to a template Arnaldo Carvalho de Melo
2012-10-04 18:08 ` [PATCH 42/42] perf hists: Add more helpers for hist entry stat Arnaldo Carvalho de Melo
2012-10-05 8:18 ` [GIT PULL 00/42] perf/core improvements and fixes Ingo Molnar
2012-10-05 8:35 ` [PATCH] tools lib traceevent: Do not generate dependency for system header files Namhyung Kim
2012-10-05 8:51 ` [GIT PULL 00/42] perf/core improvements and fixes Namhyung Kim
2012-10-05 10:22 ` Ingo Molnar [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121005102208.GA8211@gmail.com \
--to=mingo@kernel.org \
--cc=acme@infradead.org \
--cc=acme@redhat.com \
--cc=arnaldo.melo@gmail.com \
--cc=asharma@fb.com \
--cc=cjashfor@linux.vnet.ibm.com \
--cc=dsahern@gmail.com \
--cc=efault@gmx.de \
--cc=eranian@google.com \
--cc=fweisbec@gmail.com \
--cc=haodong@linux.vnet.ibm.com \
--cc=irina.tirdea@gmail.com \
--cc=irina.tirdea@intel.com \
--cc=jolsa@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=namhyung@kernel.org \
--cc=paulus@samba.org \
--cc=peterz@infradead.org \
--cc=runzhen@linux.vnet.ibm.com \
--cc=xiaoguangrong@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).