* [PATCH] perf mmap: Fix accessing unmapped mmap in perf_mmap__read_done()
@ 2018-03-26 13:42 kan.liang
2018-03-26 14:26 ` Arnaldo Carvalho de Melo
2018-03-29 13:58 ` [tip:perf/core] perf mmap: Fix accessing unmapped mmap in perf_mmap__read_done() tip-bot for Kan Liang
0 siblings, 2 replies; 6+ messages in thread
From: kan.liang @ 2018-03-26 13:42 UTC (permalink / raw)
To: acme, mingo, linux-kernel; +Cc: jolsa, namhyung, wangnan0, Kan Liang
From: Kan Liang <kan.liang@linux.intel.com>
There is segmentation fault when running perf trace. For example,
[root@jouet e]# perf trace -e *chdir -o /tmp/bla perf report
--ignore-vmlinux -i ../perf.data
The perf_mmap__consume() could unmap the mmap. It needs to check the
refcnt in perf_mmap__read_done().
Fixes: ee023de05f35 ("perf mmap: Introduce perf_mmap__read_done()")
Reported-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Kan Liang <kan.liang@linux.intel.com>
---
tools/perf/util/mmap.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/tools/perf/util/mmap.c b/tools/perf/util/mmap.c
index 38ca3ff..f6cfc52 100644
--- a/tools/perf/util/mmap.c
+++ b/tools/perf/util/mmap.c
@@ -317,5 +317,11 @@ int perf_mmap__push(struct perf_mmap *md, void *to,
*/
void perf_mmap__read_done(struct perf_mmap *map)
{
+ /*
+ * Check if event was unmapped due to a POLLHUP/POLLERR.
+ */
+ if (!refcount_read(&map->refcnt))
+ return;
+
map->prev = perf_mmap__read_head(map);
}
--
2.4.11
^ permalink raw reply related [flat|nested] 6+ messages in thread* Re: [PATCH] perf mmap: Fix accessing unmapped mmap in perf_mmap__read_done() 2018-03-26 13:42 [PATCH] perf mmap: Fix accessing unmapped mmap in perf_mmap__read_done() kan.liang @ 2018-03-26 14:26 ` Arnaldo Carvalho de Melo 2018-03-26 14:41 ` Arnaldo Carvalho de Melo 2018-03-29 13:58 ` [tip:perf/core] perf mmap: Fix accessing unmapped mmap in perf_mmap__read_done() tip-bot for Kan Liang 1 sibling, 1 reply; 6+ messages in thread From: Arnaldo Carvalho de Melo @ 2018-03-26 14:26 UTC (permalink / raw) To: kan.liang; +Cc: mingo, linux-kernel, jolsa, namhyung, wangnan0 Em Mon, Mar 26, 2018 at 09:42:09AM -0400, kan.liang@linux.intel.com escreveu: > From: Kan Liang <kan.liang@linux.intel.com> > > There is segmentation fault when running perf trace. For example, > [root@jouet e]# perf trace -e *chdir -o /tmp/bla perf report > --ignore-vmlinux -i ../perf.data > > The perf_mmap__consume() could unmap the mmap. It needs to check the > refcnt in perf_mmap__read_done(). > > Fixes: ee023de05f35 ("perf mmap: Introduce perf_mmap__read_done()") > Reported-by: Arnaldo Carvalho de Melo <acme@redhat.com> > Signed-off-by: Kan Liang <kan.liang@linux.intel.com> Seems insuficient: [root@jouet ~]# perf trace -e *chdir -o /tmp/bla perf report --ignore-vmlinux perf: Segmentation fault Obtained 9 stack frames. perf(sighandler_dump_stack+0x3e) [0x4fe31e] /lib64/libc.so.6(+0x346df) [0x7fc0c3ced6df] perf(perf_mmap__read_init+0x26) [0x4ccd06] perf(cmd_trace+0x1bf6) [0x47bb76] perf() [0x4a824e] perf() [0x4a8550] perf(main+0x331) [0x42bef1] /lib64/libc.so.6(__libc_start_main+0xe9) [0x7fc0c3cd9f29] perf(_start+0x29) [0x42c319] Segmentation fault (core dumped) [root@jouet ~]# - Arnaldo ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] perf mmap: Fix accessing unmapped mmap in perf_mmap__read_done() 2018-03-26 14:26 ` Arnaldo Carvalho de Melo @ 2018-03-26 14:41 ` Arnaldo Carvalho de Melo 2018-03-26 14:51 ` Liang, Kan 2018-03-29 13:58 ` [tip:perf/core] perf mmap: Be consistent when checking for an unmaped ring buffer tip-bot for Arnaldo Carvalho de Melo 0 siblings, 2 replies; 6+ messages in thread From: Arnaldo Carvalho de Melo @ 2018-03-26 14:41 UTC (permalink / raw) To: kan.liang; +Cc: mingo, linux-kernel, jolsa, namhyung, wangnan0 Em Mon, Mar 26, 2018 at 11:26:04AM -0300, Arnaldo Carvalho de Melo escreveu: > Em Mon, Mar 26, 2018 at 09:42:09AM -0400, kan.liang@linux.intel.com escreveu: > > From: Kan Liang <kan.liang@linux.intel.com> > > > > There is segmentation fault when running perf trace. For example, > > [root@jouet e]# perf trace -e *chdir -o /tmp/bla perf report > > --ignore-vmlinux -i ../perf.data > > > > The perf_mmap__consume() could unmap the mmap. It needs to check the > > refcnt in perf_mmap__read_done(). > > > > Fixes: ee023de05f35 ("perf mmap: Introduce perf_mmap__read_done()") > > Reported-by: Arnaldo Carvalho de Melo <acme@redhat.com> > > Signed-off-by: Kan Liang <kan.liang@linux.intel.com> > > Seems insuficient: > > [root@jouet ~]# perf trace -e *chdir -o /tmp/bla perf report --ignore-vmlinux > perf: Segmentation fault > Obtained 9 stack frames. > perf(sighandler_dump_stack+0x3e) [0x4fe31e] > /lib64/libc.so.6(+0x346df) [0x7fc0c3ced6df] > perf(perf_mmap__read_init+0x26) [0x4ccd06] > perf(cmd_trace+0x1bf6) [0x47bb76] > perf() [0x4a824e] > perf() [0x4a8550] > perf(main+0x331) [0x42bef1] > /lib64/libc.so.6(__libc_start_main+0xe9) [0x7fc0c3cd9f29] > perf(_start+0x29) [0x42c319] > Segmentation fault (core dumped) > [root@jouet ~]# I'm adding this as a separate patch, with yours and this one, the segfault is gone. - Arnaldo diff --git a/tools/perf/util/mmap.c b/tools/perf/util/mmap.c index f6cfc52ff1fe..fc832676a798 100644 --- a/tools/perf/util/mmap.c +++ b/tools/perf/util/mmap.c @@ -234,7 +234,7 @@ static int overwrite_rb_find_range(void *buf, int mask, u64 *start, u64 *end) /* * Report the start and end of the available data in ringbuffer */ -int perf_mmap__read_init(struct perf_mmap *md) +static int __perf_mmap__read_init(struct perf_mmap *md) { u64 head = perf_mmap__read_head(md); u64 old = md->prev; @@ -268,6 +268,17 @@ int perf_mmap__read_init(struct perf_mmap *md) return 0; } +int perf_mmap__read_init(struct perf_mmap *map) +{ + /* + * Check if event was unmapped due to a POLLHUP/POLLERR. + */ + if (!refcount_read(&map->refcnt)) + return -ENOENT; + + return __perf_mmap__read_init(map); +} + int perf_mmap__push(struct perf_mmap *md, void *to, int push(void *to, void *buf, size_t size)) { ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] perf mmap: Fix accessing unmapped mmap in perf_mmap__read_done() 2018-03-26 14:41 ` Arnaldo Carvalho de Melo @ 2018-03-26 14:51 ` Liang, Kan 2018-03-29 13:58 ` [tip:perf/core] perf mmap: Be consistent when checking for an unmaped ring buffer tip-bot for Arnaldo Carvalho de Melo 1 sibling, 0 replies; 6+ messages in thread From: Liang, Kan @ 2018-03-26 14:51 UTC (permalink / raw) To: Arnaldo Carvalho de Melo; +Cc: mingo, linux-kernel, jolsa, namhyung, wangnan0 On 3/26/2018 10:41 AM, Arnaldo Carvalho de Melo wrote: > Em Mon, Mar 26, 2018 at 11:26:04AM -0300, Arnaldo Carvalho de Melo escreveu: >> Em Mon, Mar 26, 2018 at 09:42:09AM -0400, kan.liang@linux.intel.com escreveu: >>> From: Kan Liang <kan.liang@linux.intel.com> >>> >>> There is segmentation fault when running perf trace. For example, >>> [root@jouet e]# perf trace -e *chdir -o /tmp/bla perf report >>> --ignore-vmlinux -i ../perf.data >>> >>> The perf_mmap__consume() could unmap the mmap. It needs to check the >>> refcnt in perf_mmap__read_done(). >>> >>> Fixes: ee023de05f35 ("perf mmap: Introduce perf_mmap__read_done()") >>> Reported-by: Arnaldo Carvalho de Melo <acme@redhat.com> >>> Signed-off-by: Kan Liang <kan.liang@linux.intel.com> >> >> Seems insuficient: >> >> [root@jouet ~]# perf trace -e *chdir -o /tmp/bla perf report --ignore-vmlinux >> perf: Segmentation fault >> Obtained 9 stack frames. >> perf(sighandler_dump_stack+0x3e) [0x4fe31e] >> /lib64/libc.so.6(+0x346df) [0x7fc0c3ced6df] >> perf(perf_mmap__read_init+0x26) [0x4ccd06] >> perf(cmd_trace+0x1bf6) [0x47bb76] >> perf() [0x4a824e] >> perf() [0x4a8550] >> perf(main+0x331) [0x42bef1] >> /lib64/libc.so.6(__libc_start_main+0xe9) [0x7fc0c3cd9f29] >> perf(_start+0x29) [0x42c319] >> Segmentation fault (core dumped) >> [root@jouet ~]# > > I'm adding this as a separate patch, with yours and this one, the > segfault is gone. > Thanks. Yes, we should check the mmap before using it for all new interfaces. Thanks, Kan > - Arnaldo > > diff --git a/tools/perf/util/mmap.c b/tools/perf/util/mmap.c > index f6cfc52ff1fe..fc832676a798 100644 > --- a/tools/perf/util/mmap.c > +++ b/tools/perf/util/mmap.c > @@ -234,7 +234,7 @@ static int overwrite_rb_find_range(void *buf, int mask, u64 *start, u64 *end) > /* > * Report the start and end of the available data in ringbuffer > */ > -int perf_mmap__read_init(struct perf_mmap *md) > +static int __perf_mmap__read_init(struct perf_mmap *md) > { > u64 head = perf_mmap__read_head(md); > u64 old = md->prev; > @@ -268,6 +268,17 @@ int perf_mmap__read_init(struct perf_mmap *md) > return 0; > } > > +int perf_mmap__read_init(struct perf_mmap *map) > +{ > + /* > + * Check if event was unmapped due to a POLLHUP/POLLERR. > + */ > + if (!refcount_read(&map->refcnt)) > + return -ENOENT; > + > + return __perf_mmap__read_init(map); > +} > + > int perf_mmap__push(struct perf_mmap *md, void *to, > int push(void *to, void *buf, size_t size)) > { > ^ permalink raw reply [flat|nested] 6+ messages in thread
* [tip:perf/core] perf mmap: Be consistent when checking for an unmaped ring buffer 2018-03-26 14:41 ` Arnaldo Carvalho de Melo 2018-03-26 14:51 ` Liang, Kan @ 2018-03-29 13:58 ` tip-bot for Arnaldo Carvalho de Melo 1 sibling, 0 replies; 6+ messages in thread From: tip-bot for Arnaldo Carvalho de Melo @ 2018-03-29 13:58 UTC (permalink / raw) To: linux-tip-commits Cc: dsahern, hpa, wangnan0, kan.liang, acme, tglx, jolsa, namhyung, linux-kernel, adrian.hunter, mingo Commit-ID: 895e3b06fc2ce438adc62cb13d31ea001dcfda16 Gitweb: https://git.kernel.org/tip/895e3b06fc2ce438adc62cb13d31ea001dcfda16 Author: Arnaldo Carvalho de Melo <acme@redhat.com> AuthorDate: Mon, 26 Mar 2018 11:42:15 -0300 Committer: Arnaldo Carvalho de Melo <acme@redhat.com> CommitDate: Tue, 27 Mar 2018 13:13:38 -0300 perf mmap: Be consistent when checking for an unmaped ring buffer The previous patch is insufficient to cure the reported 'perf trace' segfault, as it only cures the perf_mmap__read_done() case, moving the segfault to perf_mmap__read_init() functio, fix it by doing the same refcount check. Cc: Adrian Hunter <adrian.hunter@intel.com> Cc: Arnaldo Carvalho de Melo <acme@redhat.com> Cc: David Ahern <dsahern@gmail.com> Cc: Jiri Olsa <jolsa@kernel.org> Cc: Kan Liang <kan.liang@intel.com> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Wang Nan <wangnan0@huawei.com> Fixes: 8872481bd048 ("perf mmap: Introduce perf_mmap__read_init()") Link: https://lkml.kernel.org/r/20180326144127.GF18897@kernel.org Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> --- tools/perf/util/mmap.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/tools/perf/util/mmap.c b/tools/perf/util/mmap.c index f6cfc52ff1fe..fc832676a798 100644 --- a/tools/perf/util/mmap.c +++ b/tools/perf/util/mmap.c @@ -234,7 +234,7 @@ static int overwrite_rb_find_range(void *buf, int mask, u64 *start, u64 *end) /* * Report the start and end of the available data in ringbuffer */ -int perf_mmap__read_init(struct perf_mmap *md) +static int __perf_mmap__read_init(struct perf_mmap *md) { u64 head = perf_mmap__read_head(md); u64 old = md->prev; @@ -268,6 +268,17 @@ int perf_mmap__read_init(struct perf_mmap *md) return 0; } +int perf_mmap__read_init(struct perf_mmap *map) +{ + /* + * Check if event was unmapped due to a POLLHUP/POLLERR. + */ + if (!refcount_read(&map->refcnt)) + return -ENOENT; + + return __perf_mmap__read_init(map); +} + int perf_mmap__push(struct perf_mmap *md, void *to, int push(void *to, void *buf, size_t size)) { ^ permalink raw reply related [flat|nested] 6+ messages in thread
* [tip:perf/core] perf mmap: Fix accessing unmapped mmap in perf_mmap__read_done() 2018-03-26 13:42 [PATCH] perf mmap: Fix accessing unmapped mmap in perf_mmap__read_done() kan.liang 2018-03-26 14:26 ` Arnaldo Carvalho de Melo @ 2018-03-29 13:58 ` tip-bot for Kan Liang 1 sibling, 0 replies; 6+ messages in thread From: tip-bot for Kan Liang @ 2018-03-29 13:58 UTC (permalink / raw) To: linux-tip-commits Cc: jolsa, kan.liang, tglx, acme, hpa, linux-kernel, wangnan0, namhyung, mingo Commit-ID: f58385f629c87a9e210108b39c1f4950d0363ad2 Gitweb: https://git.kernel.org/tip/f58385f629c87a9e210108b39c1f4950d0363ad2 Author: Kan Liang <kan.liang@linux.intel.com> AuthorDate: Mon, 26 Mar 2018 09:42:09 -0400 Committer: Arnaldo Carvalho de Melo <acme@redhat.com> CommitDate: Tue, 27 Mar 2018 13:13:38 -0300 perf mmap: Fix accessing unmapped mmap in perf_mmap__read_done() There is a segmentation fault when running 'perf trace'. For example: [root@jouet e]# perf trace -e *chdir -o /tmp/bla perf report --ignore-vmlinux -i ../perf.data The perf_mmap__consume() could unmap the mmap. It needs to check the refcnt in perf_mmap__read_done(). Reported-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: Kan Liang <kan.liang@linux.intel.com> Cc: Jiri Olsa <jolsa@kernel.org> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Wang Nan <wangnan0@huawei.com> Fixes: ee023de05f35 ("perf mmap: Introduce perf_mmap__read_done()") Link: http://lkml.kernel.org/r/1522071729-16776-1-git-send-email-kan.liang@linux.intel.com Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> --- tools/perf/util/mmap.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tools/perf/util/mmap.c b/tools/perf/util/mmap.c index 38ca3ffb9d61..f6cfc52ff1fe 100644 --- a/tools/perf/util/mmap.c +++ b/tools/perf/util/mmap.c @@ -317,5 +317,11 @@ out: */ void perf_mmap__read_done(struct perf_mmap *map) { + /* + * Check if event was unmapped due to a POLLHUP/POLLERR. + */ + if (!refcount_read(&map->refcnt)) + return; + map->prev = perf_mmap__read_head(map); } ^ permalink raw reply related [flat|nested] 6+ messages in thread
end of thread, other threads:[~2018-03-29 13:59 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2018-03-26 13:42 [PATCH] perf mmap: Fix accessing unmapped mmap in perf_mmap__read_done() kan.liang 2018-03-26 14:26 ` Arnaldo Carvalho de Melo 2018-03-26 14:41 ` Arnaldo Carvalho de Melo 2018-03-26 14:51 ` Liang, Kan 2018-03-29 13:58 ` [tip:perf/core] perf mmap: Be consistent when checking for an unmaped ring buffer tip-bot for Arnaldo Carvalho de Melo 2018-03-29 13:58 ` [tip:perf/core] perf mmap: Fix accessing unmapped mmap in perf_mmap__read_done() tip-bot for Kan Liang
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox