Message ID | 20240119040304.3708522-1-yangjihong1@huawei.com |
---|---|
Headers |
Return-Path: <linux-kernel+bounces-30757-ouuuleilei=gmail.com@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:2bc4:b0:101:a8e8:374 with SMTP id hx4csp783634dyb; Thu, 18 Jan 2024 20:08:53 -0800 (PST) X-Google-Smtp-Source: AGHT+IGW4YlrjXzpDcGFAvKJBqDfzJH8Uhi4arxk3ix1ysk7FQValA3WurW2AQOsVotPtJniEPyf X-Received: by 2002:a17:90a:ff15:b0:290:bb4:531f with SMTP id ce21-20020a17090aff1500b002900bb4531fmr1713848pjb.62.1705637332808; Thu, 18 Jan 2024 20:08:52 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1705637332; cv=pass; d=google.com; s=arc-20160816; b=ugm8GqNmFujU1Zyc98KTL/2ZMwfCxjtygWN0fpOY+J7OPLxo0l/PEIAiTUOvwxBha9 sgEQkVwC+D3sv8ZsXvL3S/gLhPsxO12QlPB8tdDlLZF3kbUtjJdqMCrgQyWHhz0nB3kW Z3VrgPVyO7mIFmUNNOn1XnreJOTI6DebYhl9DT1oKxA7xXBucDTgL45iIKyCenri0mMQ 1UGdqzgbpWtMYpJKYhE4VzDp5IifpWr7HnZC1e5qn4pxBjR8I9rF/Ck20t3twMXZY1cO +4ShemdTNR2ZO2WSGy6cH0O9YN+cz81cmG1vwW8Sil8baYk1/zLHfRU3yuPqyIe+xDq/ gFFw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from; bh=fJuoFbqpB3BxyKkLUIREOq/1ERSw0t31h7h1T9xvSBg=; fh=Bniw+6GSTGRfFyC55GB3Thz1GNqaKHZWIdADbDjMDXE=; b=ebSqCY/quiLppWFpXA95bVw6+dsLQOOgf02fOnOfSUGbHq4p9p9u4LJaoP5rtzEABy owGZLvL3Vmz+RS556PuBqKgYapjp1qdLRNmE8YkQKRAP7JCe7JKseJD5vN4YLIkoxbDf AdmnXkWf1toiWE3vkL6m9zeV767R4akUhhO6plmCC0Dw47fxcL6NDL8wh6v5s4L+Nzwe W75cZewrct5QkGDedZ4loZpybhSfFhw2wEW+UdPhycNTESrPdVKhNWNSM/W1flgq68mc 55/mETAq8SBGd9dy6raez18oJN/WpRKFLSeqt64XCCo7IuL9XfVv/4ffd2ZRlAJe/cqr vT7g== ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=huawei.com dmarc=pass fromdomain=huawei.com); spf=pass (google.com: domain of linux-kernel+bounces-30757-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-30757-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id mt3-20020a17090b230300b0028b2a3f210esi2595380pjb.20.2024.01.18.20.08.52 for <ouuuleilei@gmail.com> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jan 2024 20:08:52 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-30757-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=huawei.com dmarc=pass fromdomain=huawei.com); spf=pass (google.com: domain of linux-kernel+bounces-30757-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-30757-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 155B8B228EE for <ouuuleilei@gmail.com>; Fri, 19 Jan 2024 04:08:23 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id DD577C2D6; Fri, 19 Jan 2024 04:07:38 +0000 (UTC) Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 664091870; Fri, 19 Jan 2024 04:07:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=45.249.212.188 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705637257; cv=none; b=YdB9b3yZYgzaksNytYxWU7eQUuaDm3Sw09MVTy6XYgyC0d+i10UNSknFQQKVbVk28zsB27pazJTrvPVCHVlPLfj8Rwic+cq4s7JEEGo2sAgHCak9/gvWQhohwNRUBX08lutRmFX/uA+U0NmHuIDEizVp49F1ssuUaWCHElZz9Hs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705637257; c=relaxed/simple; bh=EMVJzS2xUAq0Tked9+lQE9avM8FS5zcClqksRKRtOb8=; h=From:To:CC:Subject:Date:Message-ID:MIME-Version:Content-Type; b=N6T4x1KiWpXLPo0Rjl38ASuUpkby3JQfJvhwYG+S9G3chKHN/25rYrWd0jdJ8XhQuHclyAFhhcDuCvyrXlcm6d6YmZKnWoOElKnjw7Kp/spExp63b2GlWRmvNd73YRYbE+ncwujKzYg7wWy6U23c4t+aZL8qj9uf53m4O+AIAHk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com; spf=pass smtp.mailfrom=huawei.com; arc=none smtp.client-ip=45.249.212.188 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huawei.com Received: from mail.maildlp.com (unknown [172.19.163.48]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4TGQzz43gzzGpq4; Fri, 19 Jan 2024 12:07:11 +0800 (CST) Received: from kwepemm600003.china.huawei.com (unknown [7.193.23.202]) by mail.maildlp.com (Postfix) with ESMTPS id 2E37218005D; Fri, 19 Jan 2024 12:07:32 +0800 (CST) Received: from ubuntu2204.huawei.com (10.67.174.22) by kwepemm600003.china.huawei.com (7.193.23.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Fri, 19 Jan 2024 12:07:31 +0800 From: Yang Jihong <yangjihong1@huawei.com> To: <peterz@infradead.org>, <mingo@redhat.com>, <acme@kernel.org>, <namhyung@kernel.org>, <mark.rutland@arm.com>, <alexander.shishkin@linux.intel.com>, <jolsa@kernel.org>, <irogers@google.com>, <adrian.hunter@intel.com>, <linux-perf-users@vger.kernel.org>, <linux-kernel@vger.kernel.org> CC: <yangjihong1@huawei.com> Subject: [PATCH 0/3] perf record: Fix segfault with '--timestamp-filename' option and pipe mode Date: Fri, 19 Jan 2024 04:03:01 +0000 Message-ID: <20240119040304.3708522-1-yangjihong1@huawei.com> X-Mailer: git-send-email 2.34.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: <linux-kernel.vger.kernel.org> List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org> List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: dggems704-chm.china.huawei.com (10.3.19.181) To kwepemm600003.china.huawei.com (7.193.23.202) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1788490371568198430 X-GMAIL-MSGID: 1788490371568198430 |
Series |
perf record: Fix segfault with '--timestamp-filename' option and pipe mode
|
|
Message
Yang Jihong
Jan. 19, 2024, 4:03 a.m. UTC
When perf record uses '--timestamp-filename' option and pipe mode, will occur segfault: # perf record --timestamp-filename -o- true 1>/dev/null [ perf record: Woken up 1 times to write data ] [ perf record: Dump -.2024011813361681 ] perf: Segmentation fault Segmentation fault (core dumped) Debug the core file by using the gdb: # gdb perf core.3706841 <SNIP> [New LWP 3706841] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `perf record --timestamp-filename -o- true'. Program terminated with signal SIGSEGV, Segmentation fault. #0 evsel__free_stat_priv (evsel=0x555ea56197af) at util/stat.c:145 145 struct perf_stat_evsel *ps = evsel->stats; (gdb) bt #0 evsel__free_stat_priv (evsel=0x555ea56197af) at util/stat.c:145 #1 evlist__free_stats (evlist=evlist@entry=0x555bf0dad1b0) at util/stat.c:215 #2 0x0000555befd425e8 in evlist__delete (evlist=0x555bf0dad1b0) at util/evlist.c:175 #3 0x0000555befd42785 in evlist__delete (evlist=<optimized out>) at util/evlist.c:181 #4 0x0000555befc7f547 in cmd_record (argc=<optimized out>, argv=<optimized out>) at builtin-record.c:4252 #5 0x0000555befd27700 in run_builtin (p=p@entry=0x555bf05acf88 <commands+264>, argc=argc@entry=4, argv=argv@entry=0x7ffc2696a920) at perf.c:349 #6 0x0000555befc68751 in handle_internal_command (argv=0x7ffc2696a920, argc=4) at perf.c:402 #7 run_argv (argv=<synthetic pointer>, argcp=<synthetic pointer>) at perf.c:446 #8 main (argc=4, argv=0x7ffc2696a920) at perf.c:562 It is found that the memory of the evsel is modified. The reason is that perf_data__switch() not initialized 'new_filename', as a result, it uses the on-stack variable. It happens that the evsel address is stored here. 'new_filename' is freed later when uses '--timestamp-filename' option. Therefore, segfault occurs in the evsel_delete(). 1. patch1 fixes this problem. 2. patch2 to optimize the process, check conflict between '--timestamp-filename' option and the pipe mode before recording to avoid switch perf data. 3. patch3 fixes the code style problem by the way. Yang Jihong (3): perf record: Fix possible incorrect free in record__switch_output() perf record: Check conflict between '--timestamp-filename' option and pipe mode before recording perf data: Minor code style alignment cleanup tools/perf/builtin-record.c | 14 ++++++++++---- tools/perf/util/data.c | 10 ++++------ tools/perf/util/data.h | 6 +++--- 3 files changed, 17 insertions(+), 13 deletions(-)
Comments
Hello, On Thu, Jan 18, 2024 at 8:07 PM Yang Jihong <yangjihong1@huawei.com> wrote: > > When perf record uses '--timestamp-filename' option and pipe mode, > will occur segfault: > > # perf record --timestamp-filename -o- true 1>/dev/null > [ perf record: Woken up 1 times to write data ] > [ perf record: Dump -.2024011813361681 ] > perf: Segmentation fault > Segmentation fault (core dumped) > > Debug the core file by using the gdb: > > # gdb perf core.3706841 > <SNIP> > [New LWP 3706841] > [Thread debugging using libthread_db enabled] > Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". > Core was generated by `perf record --timestamp-filename -o- true'. > Program terminated with signal SIGSEGV, Segmentation fault. > #0 evsel__free_stat_priv (evsel=0x555ea56197af) at util/stat.c:145 > 145 struct perf_stat_evsel *ps = evsel->stats; > (gdb) bt > #0 evsel__free_stat_priv (evsel=0x555ea56197af) at util/stat.c:145 > #1 evlist__free_stats (evlist=evlist@entry=0x555bf0dad1b0) at util/stat.c:215 > #2 0x0000555befd425e8 in evlist__delete (evlist=0x555bf0dad1b0) at util/evlist.c:175 > #3 0x0000555befd42785 in evlist__delete (evlist=<optimized out>) at util/evlist.c:181 > #4 0x0000555befc7f547 in cmd_record (argc=<optimized out>, argv=<optimized out>) at builtin-record.c:4252 > #5 0x0000555befd27700 in run_builtin (p=p@entry=0x555bf05acf88 <commands+264>, argc=argc@entry=4, argv=argv@entry=0x7ffc2696a920) at perf.c:349 > #6 0x0000555befc68751 in handle_internal_command (argv=0x7ffc2696a920, argc=4) at perf.c:402 > #7 run_argv (argv=<synthetic pointer>, argcp=<synthetic pointer>) at perf.c:446 > #8 main (argc=4, argv=0x7ffc2696a920) at perf.c:562 > > It is found that the memory of the evsel is modified. > The reason is that perf_data__switch() not initialized 'new_filename', > as a result, it uses the on-stack variable. It happens that the evsel > address is stored here. 'new_filename' is freed later when uses > '--timestamp-filename' option. Therefore, segfault occurs in the evsel_delete(). > > > 1. patch1 fixes this problem. > 2. patch2 to optimize the process, check conflict between > '--timestamp-filename' option and the pipe mode before recording to > avoid switch perf data. > 3. patch3 fixes the code style problem by the way. > > > Yang Jihong (3): > perf record: Fix possible incorrect free in record__switch_output() > perf record: Check conflict between '--timestamp-filename' option and > pipe mode before recording > perf data: Minor code style alignment cleanup Acked-by: Namhyung Kim <namhyung@kernel.org> Thanks, Namhyung > > tools/perf/builtin-record.c | 14 ++++++++++---- > tools/perf/util/data.c | 10 ++++------ > tools/perf/util/data.h | 6 +++--- > 3 files changed, 17 insertions(+), 13 deletions(-) > > -- > 2.34.1 >
On Fri, 19 Jan 2024 04:03:01 +0000, Yang Jihong wrote: > When perf record uses '--timestamp-filename' option and pipe mode, > will occur segfault: > > # perf record --timestamp-filename -o- true 1>/dev/null > [ perf record: Woken up 1 times to write data ] > [ perf record: Dump -.2024011813361681 ] > perf: Segmentation fault > Segmentation fault (core dumped) > > [...] Applied to perf-tools-next, thanks! Namhyung