[PATCH 1/1] broken perf tool on 4.4-rc1

[PATCH 1/1] broken perf tool on 4.4-rc1

[Tong Zhang]

reproduce:
  lzto@objd ~ $ ~/linux/tools/perf/perf record -I -e intel_pt/tsc=1,noretcomp=1/u /bin/ls
  lzto@objd ~ $ ~/linux/tools/perf/perf script  -F event,comm,pid,tid,time,addr,ip,sym,dso,iregs
  Segmentation fault
  lzto@objd ~ $

Upon further investigation, it seems that
commit 747a9b0a08ae ("Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip")
breaks perf tool.

__list_del(): tools/include/linux/list.h does not check null pointer dereference

Signed-off-by: Tong Zhang <ztong@vt.edu>
---
 tools/include/linux/list.h | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/tools/include/linux/list.h b/tools/include/linux/list.h
index 1da4238..1d644a0 100644
--- a/tools/include/linux/list.h
+++ b/tools/include/linux/list.h
@@ -85,8 +85,10 @@ static inline void list_add_tail(struct list_head *new, struct list_head *head)
  */
 static inline void __list_del(struct list_head * prev, struct list_head * next)
 {
-	next->prev = prev;
-	WRITE_ONCE(prev->next, next);
+	if (next)
+		next->prev = prev;
+	if (prev)
+		WRITE_ONCE(prev->next, next);
 }
 
 /**
-- 
2.4.10

[PATCH 1/1] broken perf tool on 4.4-rc1

[Tong Zhang]

reproduce:
  lzto@objd ~ $ ~/linux/tools/perf/perf record -I -e intel_pt/tsc=1,noretcomp=1/u /bin/ls
  lzto@objd ~ $ ~/linux/tools/perf/perf script  -F event,comm,pid,tid,time,addr,ip,sym,dso,iregs
  Segmentation fault
  lzto@objd ~ $

Upon further investigation, it seems that
commit 747a9b0a08ae ("Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip")
breaks perf tool.

__list_del(): tools/include/linux/list.h does not check null pointer dereference

Signed-off-by: Tong Zhang <ztong@vt.edu>
---
 tools/include/linux/list.h | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/tools/include/linux/list.h b/tools/include/linux/list.h
index 1da4238..1d644a0 100644
--- a/tools/include/linux/list.h
+++ b/tools/include/linux/list.h
@@ -85,8 +85,10 @@ static inline void list_add_tail(struct list_head *new, struct list_head *head)
  */
 static inline void __list_del(struct list_head * prev, struct list_head * next)
 {
-	next->prev = prev;
-	WRITE_ONCE(prev->next, next);
+	if (next)
+		next->prev = prev;
+	if (prev)
+		WRITE_ONCE(prev->next, next);
 }
 
 /**
-- 
2.4.10

Re: [PATCH 1/1] broken perf tool on 4.4-rc1

[TongZhang]

 It’s v4.5-rc1, not 4.4-rc1. never mind the version in the title.

Re: [PATCH 1/1] broken perf tool on 4.4-rc1

[Wangnan (F)]

On 2016/1/31 5:02, Tong Zhang wrote:
> reproduce:
>    lzto@objd ~ $ ~/linux/tools/perf/perf record -I -e intel_pt/tsc=1,noretcomp=1/u /bin/ls
>    lzto@objd ~ $ ~/linux/tools/perf/perf script  -F event,comm,pid,tid,time,addr,ip,sym,dso,iregs
>    Segmentation fault
>    lzto@objd ~ $
>
> Upon further investigation, it seems that
> commit 747a9b0a08ae ("Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip")
> breaks perf tool.
>
> __list_del(): tools/include/linux/list.h does not check null pointer dereference

I don't have a Boradwell system, unable to reproduce the fault.

Could you please give the output of gdb's bt command?

We should try to fix the inappropriate list operation.

Thank you.

Re: [PATCH 1/1] broken perf tool on 4.4-rc1

[Wangnan (F)]

On 2016/2/1 10:17, Wangnan (F) wrote:
>
>
> On 2016/1/31 5:02, Tong Zhang wrote:
>> reproduce:
>>    lzto@objd ~ $ ~/linux/tools/perf/perf record -I -e 
>> intel_pt/tsc=1,noretcomp=1/u /bin/ls
>>    lzto@objd ~ $ ~/linux/tools/perf/perf script  -F 
>> event,comm,pid,tid,time,addr,ip,sym,dso,iregs
>>    Segmentation fault
>>    lzto@objd ~ $
>>
>> Upon further investigation, it seems that
>> commit 747a9b0a08ae ("Merge branch 'perf-urgent-for-linus' of 
>> git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip")
>> breaks perf tool.
>>
>> __list_del(): tools/include/linux/list.h does not check null pointer 
>> dereference
>
> I don't have a Boradwell system, unable to reproduce the fault.
>

Now I find one. The stack is:

#0  __list_del (next=0x1a12440, prev=0x0) at 
/home/w00229757/kernel-hydrogen/tools/include/linux/list.h:89
#1  __list_del_entry (entry=0x1a12440) at 
/home/w00229757/kernel-hydrogen/tools/include/linux/list.h:101
#2  list_del_init (entry=0x1a12440) at 
/home/w00229757/kernel-hydrogen/tools/include/linux/list.h:144
#3  thread__put (thread=0x1a12440) at util/thread.c:104
#4  0x0000000000502e99 in __thread__zput (thread=0x1a12330) at 
util/thread.h:49
#5  intel_pt_process_auxtrace_info (event=<optimized out>, 
session=0x19f88d0) at util/intel-pt.c:2156
#6  0x00000000004c75a0 in perf_session__process_user_event 
(file_offset=584, event=0x7ffff7fa6248, session=0x19f88d0)
     at util/session.c:1353
#7  perf_session__process_event (session=session@entry=0x19f88d0, 
event=event@entry=0x7ffff7fa6248,
     file_offset=file_offset@entry=584) at util/session.c:1472
#8  0x00000000004c9907 in __perf_session__process_events 
(file_size=273984, data_size=<optimized out>,
     data_offset=<optimized out>, session=0x19f88d0) at util/session.c:1825
#9  perf_session__process_events (session=0x19f88d0) at util/session.c:1875
#10 0x00000000004554b0 in __cmd_script (script=0x7fffffffd440) at 
builtin-script.c:1049
#11 cmd_script (argc=<optimized out>, argv=<optimized out>, 
prefix=<optimized out>) at builtin-script.c:2226
#12 0x0000000000482ed1 in run_builtin (p=p@entry=0x907cc8 
<commands+360>, argc=argc@entry=3, argv=argv@entry=0x7fffffffe5c0)
     at perf.c:390
#13 0x0000000000433a96 in handle_internal_command (argv=0x7fffffffe5c0, 
argc=3) at perf.c:451
#14 run_argv (argv=0x7fffffffe340, argcp=0x7fffffffe34c) at perf.c:495
#15 main (argc=3, argv=0x7fffffffe5c0) at perf.c:618

Please have a look at patch:

http://lkml.kernel.org/g/1454296865-19749-1-git-send-email-wangnan0@huawei.com

You should have in the cc-list.

Thank you.