2023-09-18 03:06:28

by Yang Jihong

[permalink] [raw]
Subject: [PATCH] perf jevents: Fix segfault in perf_pmu__find_events_table

Before caching the JSON events table, perf_pmu__find_events_table() need
to check whether table is empty.

For example, AuthenticAMD-15-6B-1 is used. The matching events table cannot
be found. As a result, a null pointer is accessed when caching JSON events
table, causing segfault.

Before:
# perf record -vv true
DEBUGINFOD_URLS=
Using CPUID AuthenticAMD-15-6B-1
Segmentation fault (core dumped)

After:
# perf record -vv true
DEBUGINFOD_URLS=
Using CPUID AuthenticAMD-15-6B-1
<SNIP>
[ perf record: Woken up 1 times to write data ]
[ perf record: Captured and wrote 0.005 MB perf.data ]

Fixes: 7c52f10c0d4d ("perf pmu: Cache JSON events table")
Signed-off-by: Yang Jihong <[email protected]>
---
tools/perf/pmu-events/jevents.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/perf/pmu-events/jevents.py b/tools/perf/pmu-events/jevents.py
index a7e88332276d..72ba4a9239c6 100755
--- a/tools/perf/pmu-events/jevents.py
+++ b/tools/perf/pmu-events/jevents.py
@@ -991,7 +991,7 @@ const struct pmu_events_table *perf_pmu__find_events_table(struct perf_pmu *pmu)
}
}
free(cpuid);
- if (!pmu)
+ if (!pmu || !table)
return table;

for (i = 0; i < table->num_pmus; i++) {
--
2.34.1


2023-09-18 23:57:20

by Namhyung Kim

[permalink] [raw]
Subject: Re: [PATCH] perf jevents: Fix segfault in perf_pmu__find_events_table

Hello,

On Sun, Sep 17, 2023 at 8:05 PM Yang Jihong <[email protected]> wrote:
>
> Before caching the JSON events table, perf_pmu__find_events_table() need
> to check whether table is empty.
>
> For example, AuthenticAMD-15-6B-1 is used. The matching events table cannot
> be found. As a result, a null pointer is accessed when caching JSON events
> table, causing segfault.
>
> Before:
> # perf record -vv true
> DEBUGINFOD_URLS=
> Using CPUID AuthenticAMD-15-6B-1
> Segmentation fault (core dumped)
>
> After:
> # perf record -vv true
> DEBUGINFOD_URLS=
> Using CPUID AuthenticAMD-15-6B-1
> <SNIP>
> [ perf record: Woken up 1 times to write data ]
> [ perf record: Captured and wrote 0.005 MB perf.data ]
>
> Fixes: 7c52f10c0d4d ("perf pmu: Cache JSON events table")
> Signed-off-by: Yang Jihong <[email protected]>

Thanks for the fix but please see

https://lore.kernel.org/all/[email protected]/

Thanks,
Namhyung


> ---
> tools/perf/pmu-events/jevents.py | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tools/perf/pmu-events/jevents.py b/tools/perf/pmu-events/jevents.py
> index a7e88332276d..72ba4a9239c6 100755
> --- a/tools/perf/pmu-events/jevents.py
> +++ b/tools/perf/pmu-events/jevents.py
> @@ -991,7 +991,7 @@ const struct pmu_events_table *perf_pmu__find_events_table(struct perf_pmu *pmu)
> }
> }
> free(cpuid);
> - if (!pmu)
> + if (!pmu || !table)
> return table;
>
> for (i = 0; i < table->num_pmus; i++) {
> --
> 2.34.1
>

2023-09-19 01:51:35

by Yang Jihong

[permalink] [raw]
Subject: Re: [PATCH] perf jevents: Fix segfault in perf_pmu__find_events_table

Hello,

On 2023/9/19 7:55, Namhyung Kim wrote:
> Hello,
>
> On Sun, Sep 17, 2023 at 8:05 PM Yang Jihong <[email protected]> wrote:
>>
>> Before caching the JSON events table, perf_pmu__find_events_table() need
>> to check whether table is empty.
>>
>> For example, AuthenticAMD-15-6B-1 is used. The matching events table cannot
>> be found. As a result, a null pointer is accessed when caching JSON events
>> table, causing segfault.
>>
>> Before:
>> # perf record -vv true
>> DEBUGINFOD_URLS=
>> Using CPUID AuthenticAMD-15-6B-1
>> Segmentation fault (core dumped)
>>
>> After:
>> # perf record -vv true
>> DEBUGINFOD_URLS=
>> Using CPUID AuthenticAMD-15-6B-1
>> <SNIP>
>> [ perf record: Woken up 1 times to write data ]
>> [ perf record: Captured and wrote 0.005 MB perf.data ]
>>
>> Fixes: 7c52f10c0d4d ("perf pmu: Cache JSON events table")
>> Signed-off-by: Yang Jihong <[email protected]>
>
> Thanks for the fix but please see
>
> https://lore.kernel.org/all/[email protected]/
>

Uh.. no notice that there is already a fix, please ignore it.

Thanks,
Yang