From: Jiri Olsa <jolsa@redhat.com>
To: He Zhe <zhe.he@windriver.com>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>,
Andi Kleen <ak@linux.intel.com>,
jolsa@kernel.org, meyerk@hpe.com, linux-kernel@vger.kernel.org,
acme@kernel.org
Subject: Re: [PATCH] perf: Fix crash due to null pointer dereference when iterating cpu map
Date: Fri, 6 Mar 2020 09:30:00 +0100 [thread overview]
Message-ID: <20200306083000.GB248782@krava> (raw)
In-Reply-To: <f5a7ff48-659a-bce1-2ad0-54f334c27379@windriver.com>
On Fri, Mar 06, 2020 at 03:20:55PM +0800, He Zhe wrote:
>
>
> On 3/6/20 3:58 AM, Arnaldo Carvalho de Melo wrote:
> > Em Thu, Mar 05, 2020 at 10:32:06AM -0800, Andi Kleen escreveu:
> >> On Thu, Mar 05, 2020 at 12:27:55PM -0300, Arnaldo Carvalho de Melo wrote:
> >>> Em Thu, Mar 05, 2020 at 06:47:19PM +0800, zhe.he@windriver.com escreveu:
> >>>> From: He Zhe <zhe.he@windriver.com>
> >>>>
> >>>> NULL pointer may be passed to perf_cpu_map__cpu and then cause the
> >>>> following crash.
> >>>>
> >>>> perf ftrace -G start_kernel ls
> >>>> failed to set tracing filters
> >>>> [ 208.710716] perf[341]: segfault at 4 ip 00000000567c7c98
> >>>> sp 00000000ff937ae0 error 4 in perf[56630000+1b2000]
> >>>> [ 208.724778] Code: fc ff ff e8 aa 9b 01 00 8d b4 26 00 00 00 00 8d
> >>>> 76 00 55 89 e5 83 ec 18 65 8b 0d 14 00 00 00 89
> >>>> 4d f4 31 c9 8b 45 08 8b9
> >>>> Segmentation fault
> >>> I'm not being able to repro this here, what is the tree you are using?
> >> I believe that's the same bug that Jann Horn reported recently for perf trace.
> >> I thought the patch for that went in.
> > Ok, Zhe, that patch is at the end of this message, and it is in:
> >
> > [acme@five perf]$ git tag --contains cb71f7d43ece3d5a4f400f510c61b2ec7c9ce9a1 | grep ^v
> > v5.6-rc1
> > v5.6-rc2
> > v5.6-rc3
> > v5.6-rc4
> > [acme@five perf]$
> >
> > Can you try with that?
>
> Thanks, that does fix the issue I met.
>
> BTW, my change in perf_cpu_map__cpu can be used as a preventive check
> and the "1" in perf_cpu_map__cpu should be "0", and assigning a NULL in
I agree, can't see why we had 1 in here.. must be connected to the dummy
map.. could you please double check with all the perf_cpu_map__nr usages
that the 0 will work as expected?
> perf_evlist__exit makes the clearing complete. So are they worth a new patch?
the rest of the hunks looks good as preventive checks
thanks,
jirka
next prev parent reply other threads:[~2020-03-06 8:30 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-05 10:47 [PATCH] perf: Fix crash due to null pointer dereference when iterating cpu map zhe.he
2020-03-05 15:27 ` Arnaldo Carvalho de Melo
2020-03-05 18:32 ` Andi Kleen
2020-03-05 19:58 ` Arnaldo Carvalho de Melo
2020-03-06 7:20 ` He Zhe
2020-03-06 8:30 ` Jiri Olsa [this message]
2020-03-08 10:23 ` He Zhe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200306083000.GB248782@krava \
--to=jolsa@redhat.com \
--cc=acme@kernel.org \
--cc=acme@redhat.com \
--cc=ak@linux.intel.com \
--cc=jolsa@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=meyerk@hpe.com \
--cc=zhe.he@windriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox