From patchwork Mon Feb 1 03:21:04 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Wang Nan X-Patchwork-Id: 60863 Delivered-To: patch@linaro.org Received: by 10.112.130.2 with SMTP id oa2csp2733708lbb; Sun, 31 Jan 2016 19:21:41 -0800 (PST) X-Received: by 10.66.194.230 with SMTP id hz6mr34638195pac.70.1454296901160; Sun, 31 Jan 2016 19:21:41 -0800 (PST) Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h11si35237870pfd.42.2016.01.31.19.21.40; Sun, 31 Jan 2016 19:21:41 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757556AbcBADVh (ORCPT + 30 others); Sun, 31 Jan 2016 22:21:37 -0500 Received: from szxga02-in.huawei.com ([119.145.14.65]:64668 "EHLO szxga02-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752069AbcBADVg (ORCPT ); Sun, 31 Jan 2016 22:21:36 -0500 Received: from 172.24.1.50 (EHLO szxeml427-hub.china.huawei.com) ([172.24.1.50]) by szxrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id DAT03827; Mon, 01 Feb 2016 11:21:22 +0800 (CST) Received: from linux-4hy3.site (10.107.193.248) by szxeml427-hub.china.huawei.com (10.82.67.182) with Microsoft SMTP Server id 14.3.235.1; Mon, 1 Feb 2016 11:21:11 +0800 From: Wang Nan To: CC: , Wang Nan , "Adrian Hunter" , Arnaldo Carvalho de Melo , Josh Poimboeuf Subject: [PATCH 1/2] perf tools: Fix fault in error patch of intel_pt_process_auxtrace_info() Date: Mon, 1 Feb 2016 03:21:04 +0000 Message-ID: <1454296865-19749-1-git-send-email-wangnan0@huawei.com> X-Mailer: git-send-email 1.8.3.4 MIME-Version: 1.0 X-Originating-IP: [10.107.193.248] X-CFilter-Loop: Reflected X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A0B0205.56AECF33.0075, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32 X-Mirapoint-Loop-Id: 22211316eaa0c4d008d1a79f3d0e216f Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In error processing path of intel_pt_process_auxtrace_info() it calls thread__zput() to clean and free pt->unknown_thread which is created by thread__new(). However, when error raise, a segfault happen: # perf script -F event,comm,pid,tid,time,addr,ip,sym,dso,iregs Samples for 'instructions:u' event do not have IREGS attribute set. Cannot print 'iregs' field. intel_pt_synth_events: failed to synthesize 'instructions' event type Segmentation fault (core dumped) The problem is: there's a union in 'struct thread' combines a list_head and a rb_node. The standard life cycle of a thread is: init rb_node during creating, inserted into machine->threads rbtree uses rb_node, move to machine->dead_threads using list_head, clean by thread__put: list_del_init(&thread->node). In the above command, it clean a thread before adding it into list, causes the above segfault. This patch gives a fake list_head and link the thread into it before calling thread__zput(), get rid of the segfault. After this patch: # perf script -F event,comm,pid,tid,time,addr,ip,sym,dso,iregs Samples for 'instructions:u' event do not have IREGS attribute set. Cannot print 'iregs' field. intel_pt_synth_events: failed to synthesize 'instructions' event type 0x248 [0x88]: failed to process type: 70 Reported-by: Tong Zhang Signed-off-by: Wang Nan Cc: Adrian Hunter Cc: Arnaldo Carvalho de Melo Cc: Josh Poimboeuf --- tools/perf/util/intel-pt.c | 4 ++++ 1 file changed, 4 insertions(+) -- 1.8.3.4 diff --git a/tools/perf/util/intel-pt.c b/tools/perf/util/intel-pt.c index 81a2eb7..e2add63 100644 --- a/tools/perf/util/intel-pt.c +++ b/tools/perf/util/intel-pt.c @@ -2013,6 +2013,7 @@ int intel_pt_process_auxtrace_info(union perf_event *event, struct auxtrace_info_event *auxtrace_info = &event->auxtrace_info; size_t min_sz = sizeof(u64) * INTEL_PT_PER_CPU_MMAPS; struct intel_pt *pt; + struct list_head dead_thread; int err; if (auxtrace_info->header.size < sizeof(struct auxtrace_info_event) + @@ -2153,6 +2154,9 @@ int intel_pt_process_auxtrace_info(union perf_event *event, return 0; err_delete_thread: + RB_CLEAR_NODE(&pt->unknown_thread->rb_node); + INIT_LIST_HEAD(&dead_thread); + list_add(&pt->unknown_thread->node, &dead_thread); thread__zput(pt->unknown_thread); err_free_queues: intel_pt_log_disable();