Re: [PATCH] perf top: Fix a race in callchain handling

From: Namhyung Kim
Date: Sun May 06 2012 - 21:24:05 EST

Next message: James Morris: "Re: [PATCH 1/1] lib/mpi: Fixed erroneous check on return value ofmpi_resize()"
Previous message: Pierre Carrier: "[PATCH 1/1] lib/vsprintf.c: "%#o",0 becomes '0' instead of '00'"
In reply to: Arnaldo Carvalho de Melo: "Re: [PATCH] perf top: Fix a race in callchain handling"
Next in thread: Arnaldo Carvalho de Melo: "Re: [PATCH] perf top: Fix a race in callchain handling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

On Sun, 6 May 2012 15:07:07 -0300, Arnaldo Carvalho de Melo wrote:
>> 2012-05-05 (í), 20:53 -0300, Arnaldo Carvalho de Melo:
>> > First testing Namhyung patch with -F 100000 tho :-)
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x000000000046a51a in machine__resolve_callchain (self=0x982b20, evsel=0x982440, thread=0x993210, chain=0x7ffff18462d8, parent=0x7fffffffd6f8) at util/session.c:307
> 307 ip = chain->ips[i];
> (gdb) bt
> #0 0x000000000046a51a in machine__resolve_callchain (self=0x982b20, evsel=0x982440, thread=0x993210, chain=0x7ffff18462d8, parent=0x7fffffffd6f8) at util/session.c:307
> #1 0x000000000042b9d2 in perf_event__process_sample (tool=0x7fffffffd8a0, event=0x7ffff18462b8, evsel=0x982440, sample=0x7fffffffd750, machine=0x982b20) at builtin-top.c:777
> #2 0x000000000042bd17 in perf_top__mmap_read_idx (top=0x7fffffffd8a0, idx=0) at builtin-top.c:858
> #3 0x000000000042bdfc in perf_top__mmap_read (top=0x7fffffffd8a0) at builtin-top.c:873
> #4 0x000000000042c45f in __cmd_top (top=0x7fffffffd8a0) at builtin-top.c:1033
> #5 0x000000000042d514 in cmd_top (argc=0, argv=0x7fffffffe630, prefix=0x0) at builtin-top.c:1323
> #6 0x00000000004142c9 in run_builtin (p=0x78a7c8, argc=4, argv=0x7fffffffe630) at perf.c:273
> #7 0x00000000004144cc in handle_internal_command (argc=4, argv=0x7fffffffe630) at perf.c:345
> #8 0x0000000000414618 in run_argv (argcp=0x7fffffffe51c, argv=0x7fffffffe510) at perf.c:389
> #9 0x000000000041489e in main (argc=4, argv=0x7fffffffe630) at perf.c:487
> (gdb) p i
> $1 = 12477348
> (gdb) p *chain
> $2 = {nr = 9007199254740994, ips = 0x7ffff18462d8}
> (gdb) frame 2
> #2 0x000000000042bd17 in perf_top__mmap_read_idx (top=0x7fffffffd8a0, idx=0) at builtin-top.c:858
> 858 perf_event__process_sample(&top->tool, event, evsel,
> (gdb) print event->header
> $3 = {type = 4175878766, misc = 16327, size = 0}
> (gdb) print event->header
> $4 = {type = 4175878766, misc = 16327, size = 0}
> (gdb)
>
> Probably an additional bug :-\
>
> - Arnaldo

Yeah, I think so :(.

The chain->nr has a strang value - it cannot be larger than 255
(PERF_MAX_STACK_DEPTH). Simple fix would be checking ->nr in the
function but it's obviously not fix a root cause.

Anyway, it seems not related to this race problem IMHO.

Thanks,
Namhyung
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: James Morris: "Re: [PATCH 1/1] lib/mpi: Fixed erroneous check on return value ofmpi_resize()"
Previous message: Pierre Carrier: "[PATCH 1/1] lib/vsprintf.c: "%#o",0 becomes '0' instead of '00'"
In reply to: Arnaldo Carvalho de Melo: "Re: [PATCH] perf top: Fix a race in callchain handling"
Next in thread: Arnaldo Carvalho de Melo: "Re: [PATCH] perf top: Fix a race in callchain handling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]