From: Philippe Elie <phil.el@wanadoo.fr>
To: Dave Hansen <haveblue@us.ibm.com>
Cc: oprofile-list@lists.sourceforge.net,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
John Levon <levon@movementarian.org>
Subject: Re: Oops running oprofile in 2.5.62
Date: Wed, 05 Mar 2003 20:15:19 +0000 [thread overview]
Message-ID: <3E665AD7.5030600@wanadoo.fr> (raw)
In-Reply-To: 3E5DB057.60503@us.ibm.com
Dave Hansen wrote:
> This happened while running dbench on 2.5.62. I haven't seen it before,
> but I thought I'd report it anyway. I'm using the 0.5 version of the
> userspace tools.
>
> I'm pretty sure it happened on this line in oprofile_add_sample():
> cpu_buf->buffer[cpu_buf->pos].eip = eip;
yes, in the last chunk of code in oprofile_add_sample()
> Unable to handle kernel paging request at virtual address f8c3c000
> c0212022
> *pde = 00000000
> Oops: 0002
> CPU: 13
> EIP: 0060:[<c0212022>] Not tainted
> Using defaults from ksymoops -t elf32-i386 -a i386
> EFLAGS: 00010046
> eax: 40082d94 ebx: 00000340 ecx: 00002000 edx: f8c2c000
^^^^^^^^
buffer overrrun by one entry (8192 entry by default of 8 bytes
each on x86), potentially oprofile_add_sample() add 3 events
in buffer but the protection at begin of code protect against
two addition not three
The bug is rare because add_sample use three entry in rare case,
and thing are wrong only when cpu_buf->pos == buffer_size - 2
the code is not fixed in 2.5.64, John if you have not already
a patch pending for this can you push it in your tree ?
void oprofile_add_sample(unsigned long eip, unsigned int is_kernel,
unsigned long event, int cpu)
.....
- if (cpu_buf->pos > buffer_size - 2) {
+
if (cpu_buf->pos > buffer_size - 3) {
cpu_buf->sample_lost_overflow++;
goto out;
}
>>>EIP; c0212022 <oprofile_add_sample+102/128> <=====
>>
>
>>>edi; c0310f00 <cpu_buffer+340/800>
>>
>
> Trace; c02139f0 <ppro_check_ctrs+4c/80>
> Trace; c0213291 <nmi_callback+21/28>
> Trace; c010a1eb <do_nmi+2b/48>
> Trace; c010962e <nmi+1e/30>
>
> Code; c0212022 <oprofile_add_sample+102/128>
> 00000000 <_EIP>:
> Code; c0212022 <oprofile_add_sample+102/128> <=====
> 0: 89 04 ca mov %eax,(%edx,%ecx,8) <=====
ecx == cpu_bufffer->pos == buffer_size ... boom ...
regards,
Philippe Elie
prev parent reply other threads:[~2003-03-05 19:01 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-02-27 6:29 Oops running oprofile in 2.5.62 Dave Hansen
2003-02-27 17:37 ` John Levon
2003-02-27 17:54 ` Dave Hansen
2003-03-05 20:15 ` Philippe Elie [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3E665AD7.5030600@wanadoo.fr \
--to=phil.el@wanadoo.fr \
--cc=haveblue@us.ibm.com \
--cc=levon@movementarian.org \
--cc=linux-kernel@vger.kernel.org \
--cc=oprofile-list@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox