From: Andi Kleen <andi@firstfloor.org>
To: acme@kernel.org
Cc: jolsa@kernel.org, linux-perf-users@vger.kernel.org,
linux-kernel@vger.kernel.org, Andi Kleen <ak@linux.intel.com>
Subject: [PATCH v1 02/10] perf, tools, stat: Avoid memory overrun with -r
Date: Mon, 11 Mar 2019 13:24:38 -0700 [thread overview]
Message-ID: <20190311202446.10210-3-andi@firstfloor.org> (raw)
In-Reply-To: <20190311202446.10210-1-andi@firstfloor.org>
From: Andi Kleen <ak@linux.intel.com>
When -r is used memory would get corrupted because the evsel->id array
would get overrun. evsel->ids is a running counter of the last id.
Normally this works fine, but with -r the same event is initialized
multiple times, but not this counter, so it would keep growing
beyond the array limit and corrupt random memory.
Always reinitialize ->ids, and also add an assert to catch
such overruns in the future.
This fixes a perf segfault when running it from toplev.
Before:
$ valgrind perf stat -r2 -e '{cycles,cycles,cycles,cycles}' true
==27012== Memcheck, a memory error detector
==27012== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==27012== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info
==27012== Command: perf stat -r2 -e {cycles,cycles,cycles,cycles} true
==27012==
==27012== Invalid write of size 8
==27012== at 0x33090F: perf_evlist__id_add_fd (in /usr/bin/perf)
==27012== by 0x33C99B: perf_evsel__store_ids (in /usr/bin/perf)
==27012== by 0x2B7E1D: ??? (in /usr/bin/perf)
==27012== by 0x2B97DE: cmd_stat (in /usr/bin/perf)
==27012== by 0x31BFC0: ??? (in /usr/bin/perf)
==27012== by 0x29C7A9: main (in /usr/bin/perf)
==27012== Address 0x13182be8 is 0 bytes after a block of size 8 alloc'd
==27012== at 0x483AB1A: calloc (vg_replace_malloc.c:762)
==27012== by 0x33C921: perf_evsel__store_ids (in /usr/bin/perf)
==27012== by 0x2B7E1D: ??? (in /usr/bin/perf)
==27012== by 0x2B97DE: cmd_stat (in /usr/bin/perf)
==27012== by 0x31BFC0: ??? (in /usr/bin/perf)
==27012== by 0x29C7A9: main (in /usr/bin/perf)
==27012==
...
After:
$ valgrind ./perf stat -r2 -e '{cycles,cycles,cycles,cycles}' true
==27026== Memcheck, a memory error detector
==27026== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==27026== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info
==27026== Command: ./perf stat -r2 -e {cycles,cycles,cycles,cycles} true
==27026==
Performance counter stats for 'true' (2 runs):
...
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
tools/perf/util/evlist.c | 1 +
tools/perf/util/evsel.c | 2 ++
2 files changed, 3 insertions(+)
diff --git a/tools/perf/util/evlist.c b/tools/perf/util/evlist.c
index ed20f4379956..4f02bccba204 100644
--- a/tools/perf/util/evlist.c
+++ b/tools/perf/util/evlist.c
@@ -529,6 +529,7 @@ void perf_evlist__id_add(struct perf_evlist *evlist, struct perf_evsel *evsel,
int cpu, int thread, u64 id)
{
perf_evlist__id_hash(evlist, evsel, cpu, thread, id);
+ assert(evsel->ids < evsel->sample_id->max_x * evsel->sample_id->max_y);
evsel->id[evsel->ids++] = id;
}
diff --git a/tools/perf/util/evsel.c b/tools/perf/util/evsel.c
index 3bbf73e979c0..686318f69b1d 100644
--- a/tools/perf/util/evsel.c
+++ b/tools/perf/util/evsel.c
@@ -3001,5 +3001,7 @@ int perf_evsel__store_ids(struct perf_evsel *evsel, struct perf_evlist *evlist)
if (perf_evsel__alloc_id(evsel, cpus->nr, threads->nr))
return -ENOMEM;
+ evsel->ids = 0;
+
return store_evsel_ids(evsel, evlist);
}
--
2.20.1
next prev parent reply other threads:[~2019-03-11 20:25 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-11 20:24 Misc improvements and bug fixes for perf Andi Kleen
2019-03-11 20:24 ` [PATCH v1 01/10] perf, tools, list: Filter metrics too Andi Kleen
2019-03-11 20:24 ` Andi Kleen [this message]
2019-03-11 20:28 ` [PATCH v1 02/10] perf, tools, stat: Avoid memory overrun with -r Andi Kleen
2019-03-11 20:24 ` [PATCH v1 03/10] perf, tools, record: Allow to limit number of reported perf.data files Andi Kleen
2019-03-11 20:24 ` [PATCH v1 04/10] perf, tools, record: Clarify help for --switch-output Andi Kleen
2019-03-12 10:30 ` Jiri Olsa
2019-03-11 20:24 ` [PATCH v1 05/10] perf, report: Show all sort keys in help output Andi Kleen
2019-03-12 10:30 ` Jiri Olsa
2019-03-12 16:43 ` Andi Kleen
2019-03-11 20:24 ` [PATCH v1 06/10] perf, tools, report: Print better message for JITed code Andi Kleen
2019-03-11 20:33 ` Arnaldo Carvalho de Melo
2019-03-11 20:48 ` Andi Kleen
2019-03-11 20:58 ` Arnaldo Carvalho de Melo
2019-03-11 20:24 ` [PATCH v1 07/10] perf, tools, report: Indicate JITed code better in report Andi Kleen
2019-03-11 20:24 ` [PATCH v1 08/10] perf, tools, script: Support relative time Andi Kleen
2019-03-11 20:24 ` [PATCH v1 09/10] perf, tools, stat: Fix --no-scale Andi Kleen
2019-03-11 20:24 ` [PATCH v1 10/10] perf, tools, stat: Improve scaling Andi Kleen
2019-03-12 10:31 ` Misc improvements and bug fixes for perf Jiri Olsa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190311202446.10210-3-andi@firstfloor.org \
--to=andi@firstfloor.org \
--cc=acme@kernel.org \
--cc=ak@linux.intel.com \
--cc=jolsa@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-perf-users@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).