* [PATCH] perf: check if address is in range @ 2012-01-12 20:39 Sorin Dumitru 2012-01-12 20:49 ` Daniel Baluta ` (2 more replies) 0 siblings, 3 replies; 7+ messages in thread From: Sorin Dumitru @ 2012-01-12 20:39 UTC (permalink / raw) To: linux-kernel, a.p.zijlstra, acme; +Cc: Sorin Dumitru When addr isn't in the [sym->start,sym->end] range offset will be a very big value, giving us a segfault when we do: h->addr[offset]++ Fix this by checking that addr is in the correct range. Signed-off-by: Sorin Dumitru <dumitru.sorin87@gmail.com> --- tools/perf/util/annotate.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c index 011ed26..4ddc55f 100644 --- a/tools/perf/util/annotate.c +++ b/tools/perf/util/annotate.c @@ -64,7 +64,7 @@ int symbol__inc_addr_samples(struct symbol *sym, struct map *map, pr_debug3("%s: addr=%#" PRIx64 "\n", __func__, map->unmap_ip(map, addr)); - if (addr >= sym->end) + if (addr <= sym->start || addr >= sym->end) return 0; offset = addr - sym->start; -- 1.7.8.3 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] perf: check if address is in range 2012-01-12 20:39 [PATCH] perf: check if address is in range Sorin Dumitru @ 2012-01-12 20:49 ` Daniel Baluta 2012-01-12 20:59 ` Sorin Dumitru 2012-01-12 20:55 ` Sorin Dumitru 2012-01-13 12:25 ` Arnaldo Carvalho de Melo 2 siblings, 1 reply; 7+ messages in thread From: Daniel Baluta @ 2012-01-12 20:49 UTC (permalink / raw) To: Sorin Dumitru; +Cc: linux-kernel, a.p.zijlstra, acme On Thu, Jan 12, 2012 at 10:39 PM, Sorin Dumitru <dumitru.sorin87@gmail.com> wrote: > When addr isn't in the [sym->start,sym->end] range offset > will be a very big value, giving us a segfault when we do: > h->addr[offset]++ > Fix this by checking that addr is in the correct range. > > Signed-off-by: Sorin Dumitru <dumitru.sorin87@gmail.com> > --- > tools/perf/util/annotate.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c > index 011ed26..4ddc55f 100644 > --- a/tools/perf/util/annotate.c > +++ b/tools/perf/util/annotate.c > @@ -64,7 +64,7 @@ int symbol__inc_addr_samples(struct symbol *sym, struct map *map, > > pr_debug3("%s: addr=%#" PRIx64 "\n", __func__, map->unmap_ip(map, addr)); > > - if (addr >= sym->end) > + if (addr <= sym->start || addr >= sym->end) > return 0; Shouldn't this be addr < sym->start ? thanks, Daniel. ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] perf: check if address is in range 2012-01-12 20:49 ` Daniel Baluta @ 2012-01-12 20:59 ` Sorin Dumitru 0 siblings, 0 replies; 7+ messages in thread From: Sorin Dumitru @ 2012-01-12 20:59 UTC (permalink / raw) To: Daniel Baluta; +Cc: linux-kernel, a.p.zijlstra, acme On Thu, Jan 12, 2012 at 10:49 PM, Daniel Baluta <dbaluta@ixiacom.com> wrote: > On Thu, Jan 12, 2012 at 10:39 PM, Sorin Dumitru > <dumitru.sorin87@gmail.com> wrote: >> When addr isn't in the [sym->start,sym->end] range offset >> will be a very big value, giving us a segfault when we do: >> h->addr[offset]++ >> Fix this by checking that addr is in the correct range. >> >> Signed-off-by: Sorin Dumitru <dumitru.sorin87@gmail.com> >> --- >> tools/perf/util/annotate.c | 2 +- >> 1 files changed, 1 insertions(+), 1 deletions(-) >> >> diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c >> index 011ed26..4ddc55f 100644 >> --- a/tools/perf/util/annotate.c >> +++ b/tools/perf/util/annotate.c >> @@ -64,7 +64,7 @@ int symbol__inc_addr_samples(struct symbol *sym, struct map *map, >> >> pr_debug3("%s: addr=%#" PRIx64 "\n", __func__, map->unmap_ip(map, addr)); >> >> - if (addr >= sym->end) >> + if (addr <= sym->start || addr >= sym->end) >> return 0; > > Shouldn't this be addr < sym->start ? > > thanks, > Daniel. You're right, i resent the patch. Thanks, Sorin ^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH] perf: check if address is in range 2012-01-12 20:39 [PATCH] perf: check if address is in range Sorin Dumitru 2012-01-12 20:49 ` Daniel Baluta @ 2012-01-12 20:55 ` Sorin Dumitru 2012-01-13 12:25 ` Arnaldo Carvalho de Melo 2 siblings, 0 replies; 7+ messages in thread From: Sorin Dumitru @ 2012-01-12 20:55 UTC (permalink / raw) To: linux-kernel, a.p.zijlstra, acme; +Cc: Sorin Dumitru When addr isn't in the [sym->start,sym->end] range offset will be a very big value, giving us a segfault when we do: h->addr[offset]++ Fix this by checking that addr is in the correct range. Signed-off-by: Sorin Dumitru <dumitru.sorin87@gmail.com> --- tools/perf/util/annotate.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c index 011ed26..59aa456 100644 --- a/tools/perf/util/annotate.c +++ b/tools/perf/util/annotate.c @@ -64,7 +64,7 @@ int symbol__inc_addr_samples(struct symbol *sym, struct map *map, pr_debug3("%s: addr=%#" PRIx64 "\n", __func__, map->unmap_ip(map, addr)); - if (addr >= sym->end) + if (addr < sym->start || addr >= sym->end) return 0; offset = addr - sym->start; -- 1.7.8.3 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] perf: check if address is in range 2012-01-12 20:39 [PATCH] perf: check if address is in range Sorin Dumitru 2012-01-12 20:49 ` Daniel Baluta 2012-01-12 20:55 ` Sorin Dumitru @ 2012-01-13 12:25 ` Arnaldo Carvalho de Melo 2012-01-13 16:35 ` Sorin Dumitru 2 siblings, 1 reply; 7+ messages in thread From: Arnaldo Carvalho de Melo @ 2012-01-13 12:25 UTC (permalink / raw) To: Sorin Dumitru; +Cc: linux-kernel, a.p.zijlstra Em Thu, Jan 12, 2012 at 10:39:38PM +0200, Sorin Dumitru escreveu: > When addr isn't in the [sym->start,sym->end] range offset > will be a very big value, giving us a segfault when we do: > h->addr[offset]++ > Fix this by checking that addr is in the correct range. Is this against what tree? Can you please provide a backtrace of when this happens? I ask this because this is a kind of BUG_ON() situation, one shouldn't get to this point if the address is not within that symbol. - Arnaldo > Signed-off-by: Sorin Dumitru <dumitru.sorin87@gmail.com> > --- > tools/perf/util/annotate.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c > index 011ed26..4ddc55f 100644 > --- a/tools/perf/util/annotate.c > +++ b/tools/perf/util/annotate.c > @@ -64,7 +64,7 @@ int symbol__inc_addr_samples(struct symbol *sym, struct map *map, > > pr_debug3("%s: addr=%#" PRIx64 "\n", __func__, map->unmap_ip(map, addr)); > > - if (addr >= sym->end) > + if (addr <= sym->start || addr >= sym->end) > return 0; > > offset = addr - sym->start; > -- > 1.7.8.3 ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] perf: check if address is in range 2012-01-13 12:25 ` Arnaldo Carvalho de Melo @ 2012-01-13 16:35 ` Sorin Dumitru 2012-01-29 18:04 ` Sorin Dumitru 0 siblings, 1 reply; 7+ messages in thread From: Sorin Dumitru @ 2012-01-13 16:35 UTC (permalink / raw) To: Arnaldo Carvalho de Melo; +Cc: linux-kernel, a.p.zijlstra, Daniel Baluta On Fri, Jan 13, 2012 at 2:25 PM, Arnaldo Carvalho de Melo <acme@ghostprotocols.net> wrote: > Em Thu, Jan 12, 2012 at 10:39:38PM +0200, Sorin Dumitru escreveu: >> When addr isn't in the [sym->start,sym->end] range offset >> will be a very big value, giving us a segfault when we do: >> h->addr[offset]++ >> Fix this by checking that addr is in the correct range. > > Is this against what tree? Can you please provide a backtrace of when > this happens? This is against mainline from kernel.org. I'm using 3.1.8 under arch linux. Backtrace of crash: #0 symbol__inc_addr_samples (sym=0x8b863e0, map=0x8299930, evidx=0, addr=1376452) at util/annotate.c:73 #1 0x08066593 in record_precise_ip (ip=<optimized out>, counter=0, he=<optimized out>) at builtin-top.c:223 #2 perf_event__process_sample (session=0x824db88, sample=0xbffff9d4, evsel=<optimized out>, event=<optimized out>) at builtin-top.c:801 #3 perf_session__mmap_read_idx (self=0x824db88, idx=1) at builtin-top.c:825 #4 0x08068489 in perf_session__mmap_read (self=0x824db88) at builtin-top.c:839 #5 __cmd_top () at builtin-top.c:1003 #6 cmd_top (argc=<optimized out>, argv=0xbffffd18, prefix=0x0) at builtin-top.c:1274 #7 0x08055e90 in run_builtin (p=0x80f2624, argc=1, argv=0xbffffd18) at perf.c:286 #8 0x08055651 in handle_internal_command (argv=0xbffffd18, argc=1) at perf.c:358 #9 run_argv (argv=0xbffffbb8, argcp=0xbffffbbc) at perf.c:402 #10 main (argc=1, argv=0xbffffd18) at perf.c:512 > I ask this because this is a kind of BUG_ON() situation, one shouldn't > get to this point if the address is not within that symbol. That's what i thought too at first. But i'm not very familiar with the perf code so i thought that since we have this check for sym->end, which seems like a similar situation, a check for sym->start might be needed. > - Arnaldo > >> Signed-off-by: Sorin Dumitru <dumitru.sorin87@gmail.com> >> --- >> tools/perf/util/annotate.c | 2 +- >> 1 files changed, 1 insertions(+), 1 deletions(-) >> >> diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c >> index 011ed26..4ddc55f 100644 >> --- a/tools/perf/util/annotate.c >> +++ b/tools/perf/util/annotate.c >> @@ -64,7 +64,7 @@ int symbol__inc_addr_samples(struct symbol *sym, struct map *map, >> >> pr_debug3("%s: addr=%#" PRIx64 "\n", __func__, map->unmap_ip(map, addr)); >> >> - if (addr >= sym->end) >> + if (addr <= sym->start || addr >= sym->end) >> return 0; >> >> offset = addr - sym->start; >> -- >> 1.7.8.3 ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] perf: check if address is in range 2012-01-13 16:35 ` Sorin Dumitru @ 2012-01-29 18:04 ` Sorin Dumitru 0 siblings, 0 replies; 7+ messages in thread From: Sorin Dumitru @ 2012-01-29 18:04 UTC (permalink / raw) To: Arnaldo Carvalho de Melo; +Cc: linux-kernel, a.p.zijlstra, Daniel Baluta On Fri, Jan 13, 2012 at 6:35 PM, Sorin Dumitru <dumitru.sorin87@gmail.com> wrote: > On Fri, Jan 13, 2012 at 2:25 PM, Arnaldo Carvalho de Melo > <acme@ghostprotocols.net> wrote: >> Em Thu, Jan 12, 2012 at 10:39:38PM +0200, Sorin Dumitru escreveu: >>> When addr isn't in the [sym->start,sym->end] range offset >>> will be a very big value, giving us a segfault when we do: >>> h->addr[offset]++ >>> Fix this by checking that addr is in the correct range. >> >> Is this against what tree? Can you please provide a backtrace of when >> this happens? > > This is against mainline from kernel.org. I'm using 3.1.8 under arch linux. > Backtrace of crash: > > #0 symbol__inc_addr_samples (sym=0x8b863e0, map=0x8299930, evidx=0, > addr=1376452) at util/annotate.c:73 > #1 0x08066593 in record_precise_ip (ip=<optimized out>, counter=0, > he=<optimized out>) at builtin-top.c:223 > #2 perf_event__process_sample (session=0x824db88, sample=0xbffff9d4, > evsel=<optimized out>, event=<optimized out>) at builtin-top.c:801 > #3 perf_session__mmap_read_idx (self=0x824db88, idx=1) at > builtin-top.c:825 > #4 0x08068489 in perf_session__mmap_read (self=0x824db88) at > builtin-top.c:839 > #5 __cmd_top () at builtin-top.c:1003 > #6 cmd_top (argc=<optimized out>, argv=0xbffffd18, prefix=0x0) at > builtin-top.c:1274 > #7 0x08055e90 in run_builtin (p=0x80f2624, argc=1, argv=0xbffffd18) > at perf.c:286 > #8 0x08055651 in handle_internal_command (argv=0xbffffd18, argc=1) at > perf.c:358 > #9 run_argv (argv=0xbffffbb8, argcp=0xbffffbbc) at perf.c:402 > #10 main (argc=1, argv=0xbffffd18) at perf.c:512 > >> I ask this because this is a kind of BUG_ON() situation, one shouldn't >> get to this point if the address is not within that symbol. > > That's what i thought too at first. But i'm not very familiar with the perf code > so i thought that since we have this check for sym->end, which seems > like a similar situation, a check for sym->start might be needed. > >> - Arnaldo >> >>> Signed-off-by: Sorin Dumitru <dumitru.sorin87@gmail.com> >>> --- >>> tools/perf/util/annotate.c | 2 +- >>> 1 files changed, 1 insertions(+), 1 deletions(-) >>> >>> diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c >>> index 011ed26..4ddc55f 100644 >>> --- a/tools/perf/util/annotate.c >>> +++ b/tools/perf/util/annotate.c >>> @@ -64,7 +64,7 @@ int symbol__inc_addr_samples(struct symbol *sym, struct map *map, >>> >>> pr_debug3("%s: addr=%#" PRIx64 "\n", __func__, map->unmap_ip(map, addr)); >>> >>> - if (addr >= sym->end) >>> + if (addr <= sym->start || addr >= sym->end) >>> return 0; >>> >>> offset = addr - sym->start; >>> -- >>> 1.7.8.3 The problem seems to be that the symbol is found using al.addr but we pass event->ip.ip to perf_top__record_precise_ip. al.addr comes from event->ip.ip but can be modified by map_ip function pointer before we find the symbol. If this isn't the right approch, can you give me some pointers where something might go wrong, because this bug is really bugging me. diff --git a/tools/perf/builtin-top.c b/tools/perf/builtin-top.c index e8b033c..3946dcb 100644 --- a/tools/perf/builtin-top.c +++ b/tools/perf/builtin-top.c @@ -660,7 +660,6 @@ static void perf_event__process_sample(struct perf_tool *tool, { struct perf_top *top = container_of(tool, struct perf_top, tool); struct symbol *parent = NULL; - u64 ip = event->ip.ip; struct addr_location al; int err; @@ -747,7 +746,7 @@ static void perf_event__process_sample(struct perf_tool *tool, } if (top->sort_has_symbols) - perf_top__record_precise_ip(top, he, evsel->idx, ip); + perf_top__record_precise_ip(top, he, evsel->idx, al.addr); } return; ^ permalink raw reply related [flat|nested] 7+ messages in thread
end of thread, other threads:[~2012-01-29 18:05 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2012-01-12 20:39 [PATCH] perf: check if address is in range Sorin Dumitru 2012-01-12 20:49 ` Daniel Baluta 2012-01-12 20:59 ` Sorin Dumitru 2012-01-12 20:55 ` Sorin Dumitru 2012-01-13 12:25 ` Arnaldo Carvalho de Melo 2012-01-13 16:35 ` Sorin Dumitru 2012-01-29 18:04 ` Sorin Dumitru
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).