From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932157AbcDTDFE (ORCPT ); Tue, 19 Apr 2016 23:05:04 -0400 Received: from mail.kernel.org ([198.145.29.136]:56820 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753212AbcDTDFD (ORCPT ); Tue, 19 Apr 2016 23:05:03 -0400 Date: Wed, 20 Apr 2016 00:04:56 -0300 From: Arnaldo Carvalho de Melo To: Chris Phlipot Cc: mingo@redhat.com, peterz@infradead.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] perf script: fix segfault when printing callchains using builtin-script Message-ID: <20160420030456.GJ3677@kernel.org> References: <1461119531-2529-1-git-send-email-cphlipot0@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1461119531-2529-1-git-send-email-cphlipot0@gmail.com> X-Url: http://acmel.wordpress.com User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Em Tue, Apr 19, 2016 at 07:32:11PM -0700, Chris Phlipot escreveu: > This fixes a bug caused by an unitialized callchain cursor. The crash > frist appeared in: > 6f736735e30f ("perf evsel: Require that callchains be resolved before > calling fprintf_{sym,callchain}") > > The callchain cursor is a struct that contains pointers, that when > uninitialized will cause unpredictable behavior (usually a crash) > when trying to append to the callchain. > > The existing implementation has the following issues: > 1. The callchain cursor used is not initialized, resulting in > unpredictable behavior when used. > 2. The cursor is declared on the stack. Even if it is properly initalized, > the implmentation will leak memory when the function returns, > since all the references to the callchain_nodes allocated by > callchain_cursor_append will be lost when the cursor goes out of > scope. > 3. Storing the cursor on the stack is inefficient. Even if memory is > properly freed when it goes out of scope, a performance penalty > will be incurred due to reallocation of callchain nodes. > callchain_cursor_append is designed to avoid these reallocations > when an existing cursor is reused. > > This patch fixes the crash by replacing cursor_callchain with a reference > to the global callchain_cursor which also resolves all 3 issues mentioned > above. > > How to reproduce the crash: > $ perf record --call-graph=dwarf stress -t 1 -c 1 > $ perf script > /dev/null > Segfault My bad, applying the patch, thanks! - Arnaldo