| Message ID | 20240119040304.3708522-1-yangjihong1@huawei.com |
|---|---|
| Headers |
Return-Path: <linux-kernel+bounces-30757-ouuuleilei=gmail.com@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:7301:2bc4:b0:101:a8e8:374 with SMTP id hx4csp783634dyb;
Thu, 18 Jan 2024 20:08:53 -0800 (PST)
X-Google-Smtp-Source:
AGHT+IGW4YlrjXzpDcGFAvKJBqDfzJH8Uhi4arxk3ix1ysk7FQValA3WurW2AQOsVotPtJniEPyf
X-Received: by 2002:a17:90a:ff15:b0:290:bb4:531f with SMTP id
ce21-20020a17090aff1500b002900bb4531fmr1713848pjb.62.1705637332808;
Thu, 18 Jan 2024 20:08:52 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1705637332; cv=pass;
d=google.com; s=arc-20160816;
b=ugm8GqNmFujU1Zyc98KTL/2ZMwfCxjtygWN0fpOY+J7OPLxo0l/PEIAiTUOvwxBha9
sgEQkVwC+D3sv8ZsXvL3S/gLhPsxO12QlPB8tdDlLZF3kbUtjJdqMCrgQyWHhz0nB3kW
Z3VrgPVyO7mIFmUNNOn1XnreJOTI6DebYhl9DT1oKxA7xXBucDTgL45iIKyCenri0mMQ
1UGdqzgbpWtMYpJKYhE4VzDp5IifpWr7HnZC1e5qn4pxBjR8I9rF/Ck20t3twMXZY1cO
+4ShemdTNR2ZO2WSGy6cH0O9YN+cz81cmG1vwW8Sil8baYk1/zLHfRU3yuPqyIe+xDq/
gFFw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=content-transfer-encoding:mime-version:list-unsubscribe
:list-subscribe:list-id:precedence:message-id:date:subject:cc:to
:from;
bh=fJuoFbqpB3BxyKkLUIREOq/1ERSw0t31h7h1T9xvSBg=;
fh=Bniw+6GSTGRfFyC55GB3Thz1GNqaKHZWIdADbDjMDXE=;
b=ebSqCY/quiLppWFpXA95bVw6+dsLQOOgf02fOnOfSUGbHq4p9p9u4LJaoP5rtzEABy
owGZLvL3Vmz+RS556PuBqKgYapjp1qdLRNmE8YkQKRAP7JCe7JKseJD5vN4YLIkoxbDf
AdmnXkWf1toiWE3vkL6m9zeV767R4akUhhO6plmCC0Dw47fxcL6NDL8wh6v5s4L+Nzwe
W75cZewrct5QkGDedZ4loZpybhSfFhw2wEW+UdPhycNTESrPdVKhNWNSM/W1flgq68mc
55/mETAq8SBGd9dy6raez18oJN/WpRKFLSeqt64XCCo7IuL9XfVv/4ffd2ZRlAJe/cqr
vT7g==
ARC-Authentication-Results: i=2; mx.google.com;
arc=pass (i=1 spf=pass spfdomain=huawei.com dmarc=pass
fromdomain=huawei.com);
spf=pass (google.com: domain of
linux-kernel+bounces-30757-ouuuleilei=gmail.com@vger.kernel.org designates
2604:1380:40f1:3f00::1 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-30757-ouuuleilei=gmail.com@vger.kernel.org";
dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com
Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org.
[2604:1380:40f1:3f00::1])
by mx.google.com with ESMTPS id
mt3-20020a17090b230300b0028b2a3f210esi2595380pjb.20.2024.01.18.20.08.52
for <ouuuleilei@gmail.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Thu, 18 Jan 2024 20:08:52 -0800 (PST)
Received-SPF: pass (google.com: domain of
linux-kernel+bounces-30757-ouuuleilei=gmail.com@vger.kernel.org designates
2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1;
Authentication-Results: mx.google.com;
arc=pass (i=1 spf=pass spfdomain=huawei.com dmarc=pass
fromdomain=huawei.com);
spf=pass (google.com: domain of
linux-kernel+bounces-30757-ouuuleilei=gmail.com@vger.kernel.org designates
2604:1380:40f1:3f00::1 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-30757-ouuuleilei=gmail.com@vger.kernel.org";
dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org
[52.25.139.140])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by sy.mirrors.kernel.org (Postfix) with ESMTPS id 155B8B228EE
for <ouuuleilei@gmail.com>; Fri, 19 Jan 2024 04:08:23 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
by smtp.subspace.kernel.org (Postfix) with ESMTP id DD577C2D6;
Fri, 19 Jan 2024 04:07:38 +0000 (UTC)
Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id 664091870;
Fri, 19 Jan 2024 04:07:35 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
arc=none smtp.client-ip=45.249.212.188
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1705637257; cv=none;
b=YdB9b3yZYgzaksNytYxWU7eQUuaDm3Sw09MVTy6XYgyC0d+i10UNSknFQQKVbVk28zsB27pazJTrvPVCHVlPLfj8Rwic+cq4s7JEEGo2sAgHCak9/gvWQhohwNRUBX08lutRmFX/uA+U0NmHuIDEizVp49F1ssuUaWCHElZz9Hs=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1705637257; c=relaxed/simple;
bh=EMVJzS2xUAq0Tked9+lQE9avM8FS5zcClqksRKRtOb8=;
h=From:To:CC:Subject:Date:Message-ID:MIME-Version:Content-Type;
b=N6T4x1KiWpXLPo0Rjl38ASuUpkby3JQfJvhwYG+S9G3chKHN/25rYrWd0jdJ8XhQuHclyAFhhcDuCvyrXlcm6d6YmZKnWoOElKnjw7Kp/spExp63b2GlWRmvNd73YRYbE+ncwujKzYg7wWy6U23c4t+aZL8qj9uf53m4O+AIAHk=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=huawei.com;
spf=pass smtp.mailfrom=huawei.com; arc=none smtp.client-ip=45.249.212.188
Authentication-Results: smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=huawei.com
Authentication-Results: smtp.subspace.kernel.org;
spf=pass smtp.mailfrom=huawei.com
Received: from mail.maildlp.com (unknown [172.19.163.48])
by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4TGQzz43gzzGpq4;
Fri, 19 Jan 2024 12:07:11 +0800 (CST)
Received: from kwepemm600003.china.huawei.com (unknown [7.193.23.202])
by mail.maildlp.com (Postfix) with ESMTPS id 2E37218005D;
Fri, 19 Jan 2024 12:07:32 +0800 (CST)
Received: from ubuntu2204.huawei.com (10.67.174.22) by
kwepemm600003.china.huawei.com (7.193.23.202) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.2507.35; Fri, 19 Jan 2024 12:07:31 +0800
From: Yang Jihong <yangjihong1@huawei.com>
To: <peterz@infradead.org>, <mingo@redhat.com>, <acme@kernel.org>,
<namhyung@kernel.org>, <mark.rutland@arm.com>,
<alexander.shishkin@linux.intel.com>, <jolsa@kernel.org>,
<irogers@google.com>, <adrian.hunter@intel.com>,
<linux-perf-users@vger.kernel.org>, <linux-kernel@vger.kernel.org>
CC: <yangjihong1@huawei.com>
Subject: [PATCH 0/3] perf record: Fix segfault with '--timestamp-filename'
option and pipe mode
Date: Fri, 19 Jan 2024 04:03:01 +0000
Message-ID: <20240119040304.3708522-1-yangjihong1@huawei.com>
X-Mailer: git-send-email 2.34.1
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-ClientProxiedBy: dggems704-chm.china.huawei.com (10.3.19.181) To
kwepemm600003.china.huawei.com (7.193.23.202)
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1788490371568198430
X-GMAIL-MSGID: 1788490371568198430
|
| Series |
perf record: Fix segfault with '--timestamp-filename' option and pipe mode
|
|
Message
Yang Jihong
Jan. 19, 2024, 4:03 a.m. UTC
When perf record uses '--timestamp-filename' option and pipe mode,
will occur segfault:
# perf record --timestamp-filename -o- true 1>/dev/null
[ perf record: Woken up 1 times to write data ]
[ perf record: Dump -.2024011813361681 ]
perf: Segmentation fault
Segmentation fault (core dumped)
Debug the core file by using the gdb:
# gdb perf core.3706841
<SNIP>
[New LWP 3706841]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `perf record --timestamp-filename -o- true'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 evsel__free_stat_priv (evsel=0x555ea56197af) at util/stat.c:145
145 struct perf_stat_evsel *ps = evsel->stats;
(gdb) bt
#0 evsel__free_stat_priv (evsel=0x555ea56197af) at util/stat.c:145
#1 evlist__free_stats (evlist=evlist@entry=0x555bf0dad1b0) at util/stat.c:215
#2 0x0000555befd425e8 in evlist__delete (evlist=0x555bf0dad1b0) at util/evlist.c:175
#3 0x0000555befd42785 in evlist__delete (evlist=<optimized out>) at util/evlist.c:181
#4 0x0000555befc7f547 in cmd_record (argc=<optimized out>, argv=<optimized out>) at builtin-record.c:4252
#5 0x0000555befd27700 in run_builtin (p=p@entry=0x555bf05acf88 <commands+264>, argc=argc@entry=4, argv=argv@entry=0x7ffc2696a920) at perf.c:349
#6 0x0000555befc68751 in handle_internal_command (argv=0x7ffc2696a920, argc=4) at perf.c:402
#7 run_argv (argv=<synthetic pointer>, argcp=<synthetic pointer>) at perf.c:446
#8 main (argc=4, argv=0x7ffc2696a920) at perf.c:562
It is found that the memory of the evsel is modified.
The reason is that perf_data__switch() not initialized 'new_filename',
as a result, it uses the on-stack variable. It happens that the evsel
address is stored here. 'new_filename' is freed later when uses
'--timestamp-filename' option. Therefore, segfault occurs in the evsel_delete().
1. patch1 fixes this problem.
2. patch2 to optimize the process, check conflict between
'--timestamp-filename' option and the pipe mode before recording to
avoid switch perf data.
3. patch3 fixes the code style problem by the way.
Yang Jihong (3):
perf record: Fix possible incorrect free in record__switch_output()
perf record: Check conflict between '--timestamp-filename' option and
pipe mode before recording
perf data: Minor code style alignment cleanup
tools/perf/builtin-record.c | 14 ++++++++++----
tools/perf/util/data.c | 10 ++++------
tools/perf/util/data.h | 6 +++---
3 files changed, 17 insertions(+), 13 deletions(-)
Comments
Hello, On Thu, Jan 18, 2024 at 8:07 PM Yang Jihong <yangjihong1@huawei.com> wrote: > > When perf record uses '--timestamp-filename' option and pipe mode, > will occur segfault: > > # perf record --timestamp-filename -o- true 1>/dev/null > [ perf record: Woken up 1 times to write data ] > [ perf record: Dump -.2024011813361681 ] > perf: Segmentation fault > Segmentation fault (core dumped) > > Debug the core file by using the gdb: > > # gdb perf core.3706841 > <SNIP> > [New LWP 3706841] > [Thread debugging using libthread_db enabled] > Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". > Core was generated by `perf record --timestamp-filename -o- true'. > Program terminated with signal SIGSEGV, Segmentation fault. > #0 evsel__free_stat_priv (evsel=0x555ea56197af) at util/stat.c:145 > 145 struct perf_stat_evsel *ps = evsel->stats; > (gdb) bt > #0 evsel__free_stat_priv (evsel=0x555ea56197af) at util/stat.c:145 > #1 evlist__free_stats (evlist=evlist@entry=0x555bf0dad1b0) at util/stat.c:215 > #2 0x0000555befd425e8 in evlist__delete (evlist=0x555bf0dad1b0) at util/evlist.c:175 > #3 0x0000555befd42785 in evlist__delete (evlist=<optimized out>) at util/evlist.c:181 > #4 0x0000555befc7f547 in cmd_record (argc=<optimized out>, argv=<optimized out>) at builtin-record.c:4252 > #5 0x0000555befd27700 in run_builtin (p=p@entry=0x555bf05acf88 <commands+264>, argc=argc@entry=4, argv=argv@entry=0x7ffc2696a920) at perf.c:349 > #6 0x0000555befc68751 in handle_internal_command (argv=0x7ffc2696a920, argc=4) at perf.c:402 > #7 run_argv (argv=<synthetic pointer>, argcp=<synthetic pointer>) at perf.c:446 > #8 main (argc=4, argv=0x7ffc2696a920) at perf.c:562 > > It is found that the memory of the evsel is modified. > The reason is that perf_data__switch() not initialized 'new_filename', > as a result, it uses the on-stack variable. It happens that the evsel > address is stored here. 'new_filename' is freed later when uses > '--timestamp-filename' option. Therefore, segfault occurs in the evsel_delete(). > > > 1. patch1 fixes this problem. > 2. patch2 to optimize the process, check conflict between > '--timestamp-filename' option and the pipe mode before recording to > avoid switch perf data. > 3. patch3 fixes the code style problem by the way. > > > Yang Jihong (3): > perf record: Fix possible incorrect free in record__switch_output() > perf record: Check conflict between '--timestamp-filename' option and > pipe mode before recording > perf data: Minor code style alignment cleanup Acked-by: Namhyung Kim <namhyung@kernel.org> Thanks, Namhyung > > tools/perf/builtin-record.c | 14 ++++++++++---- > tools/perf/util/data.c | 10 ++++------ > tools/perf/util/data.h | 6 +++--- > 3 files changed, 17 insertions(+), 13 deletions(-) > > -- > 2.34.1 >
On Fri, 19 Jan 2024 04:03:01 +0000, Yang Jihong wrote: > When perf record uses '--timestamp-filename' option and pipe mode, > will occur segfault: > > # perf record --timestamp-filename -o- true 1>/dev/null > [ perf record: Woken up 1 times to write data ] > [ perf record: Dump -.2024011813361681 ] > perf: Segmentation fault > Segmentation fault (core dumped) > > [...] Applied to perf-tools-next, thanks! Namhyung