Re: perf_fuzzer compiled for x32 causes reboot

From: H. Peter Anvin
Date: Mon Feb 24 2014 - 00:23:30 EST

Next message: Linus Torvalds: "Re: [RFC][PATCH 0/5] arch: atomic rework"
Previous message: Michael wang: "Re: sched: hang in migrate_swap"
Next in thread: Vince Weaver: "Re: perf_fuzzer compiled for x32 causes reboot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 02/23/2014 07:02 PM, Vince Weaver wrote:
> On Sun, 23 Feb 2014, Vince Weaver wrote:
>>
>> and as far as I can tell nothing touches rbp again until the segfault.
>> Nothing in _memset_sse2 does as far as I can tell.
>
> I only know enough about ftrace to be dangerous, but here is what I think
> is the trace of the problem:
>
> perf_fuzzer-11492 [000] 197077.488420: function: perf_output_put_handle
> perf_fuzzer-11492 [000] 197077.488421: function: __do_page_fault

So we do a write to the buffer rather immediately before this happens,
and in particular that will update the head:

rb->user_page->data_head = head;

However, that doesn't explain what is going on and in particular the
write to whatever address was in %rbp. The rest pretty much seems to be
the page fault logic.

Incidentally, I doubt that this is x32-related in any way; there seems
to be absolutely no difference between x86-64 perf and x32 perf; more
likely it just makes the error more reproducible because the address
space is so much smaller.

-hpa

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Linus Torvalds: "Re: [RFC][PATCH 0/5] arch: atomic rework"
Previous message: Michael wang: "Re: sched: hang in migrate_swap"
Next in thread: Vince Weaver: "Re: perf_fuzzer compiled for x32 causes reboot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]