Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp958081imu; Fri, 9 Nov 2018 08:41:26 -0800 (PST) X-Google-Smtp-Source: AJdET5eNRH0q/jvez+sYMJ08HncsI3LAMiSUBCjmp8LIIauYkKuhvX1DTUnLHtAkuxqfqWNOtKU6 X-Received: by 2002:a62:d084:: with SMTP id p126-v6mr10134718pfg.147.1541781686243; Fri, 09 Nov 2018 08:41:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541781686; cv=none; d=google.com; s=arc-20160816; b=lkiJa9tMh8l0G99StUrdeRPw7uMUwh9zadgq9uzd42e8Se5nBdGH+M1RyICxXUdG4K MtQ2W8uYdKfl0JxffcbKFKKCbQhPyHNWCquEcWZdcN6CPNe6WnrJzMS3jPrFtTCV7wN2 YDPIpR1AIn/QfJyfWfLtnT9wfwHugxXHdAr7WZNUYVJlaqTcocD4q4aEfhRwu7wM3SC/ TyFK32EQ5a6L6mrvdlbeeQgZleEfuZBwsjpVELXQYwMseV/E3bW40uSla1VUew456waI uYO+OsQ/Lp3tgzkJVEqitq0i3qXG7j5+GEbezkJl+uM3cMFUqQYNDYfvU7QYVuyuKTu9 66tQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=Q5ykhmjR6teSj3M68wESasoXqiwZNzqH/LjQz1VtJJQ=; b=W/fLc7Me+zQnIF1N6T37dG007zBlY6sSCaxLyKejQrF5GPTByptJ7sbmeXsnr0R/+l OzBZ2MCxw3lLRiDu3vYlSovQHL41piTvpAg7h/axRwiCKQpbVvpNtla3DNARRAE8PVRH 9pjccLgAIy6Epkl9imfckf9X4paHWsOTAtLPi4znyxFoTjWjjdqW4w3P6vf7nt7k5YRt m4vz2f4jyMT8MOe8bb1HsAvuhnQgNKGBwDk3Lk6r13DxaUEfevyh7YM70TxyMzEdeuFR mcvoEXdNj9KvtTRJSTasPW8UWYk3eZ0KMUXHHypSZPSfsgIvit5F6dq52dQDQKs89WeY kYcw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 65-v6si8614299pfl.220.2018.11.09.08.41.04; Fri, 09 Nov 2018 08:41:26 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728453AbeKJCTm (ORCPT + 99 others); Fri, 9 Nov 2018 21:19:42 -0500 Received: from mx1.redhat.com ([209.132.183.28]:35604 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727955AbeKJCTm (ORCPT ); Fri, 9 Nov 2018 21:19:42 -0500 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 344CB308AA12; Fri, 9 Nov 2018 16:38:22 +0000 (UTC) Received: from krava (unknown [10.40.205.64]) by smtp.corp.redhat.com (Postfix) with SMTP id 150F95C220; Fri, 9 Nov 2018 16:38:19 +0000 (UTC) Date: Fri, 9 Nov 2018 17:38:19 +0100 From: Jiri Olsa To: Vince Weaver Cc: Alexander Shishkin , linux-kernel@vger.kernel.org, Peter Zijlstra , Ingo Molnar , Arnaldo Carvalho de Melo , Namhyung Kim , torvalds@linux-foundation.org Subject: Re: perf: perf_fuzzer triggers NULL pointer dereference Message-ID: <20181109163819.GA2750@krava> References: <87a7mj5yx4.fsf@ashishki-desk.ger.corp.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]); Fri, 09 Nov 2018 16:38:22 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Nov 08, 2018 at 11:46:41AM -0500, Vince Weaver wrote: > On Thu, 8 Nov 2018, Alexander Shishkin wrote: > > > Vince Weaver writes: > > > > > On Thu, 8 Nov 2018, Vince Weaver wrote: > > > > > >> [91760.326510] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 > > >> [91760.334876] PGD 0 P4D 0 > > >> [91760.337596] Oops: 0000 [#1] SMP PTI > > >> [91760.341332] CPU: 6 PID: 0 Comm: swapper/6 Tainted: G W 4.20.0-rc1+ #119 > > >> [91760.349816] Hardware name: LENOVO 10AM000AUS/SHARKBAY, BIOS FBKT72AUS 01/26/2014 > > >> [91760.357723] RIP: 0010:perf_prepare_sample+0x82/0x4a0 > > > > > > so what's the best way to do the equivelent of addr2line on something like > > > this, now that we aren't allowed to know the RIP anymore? > > > > scripts/decode_stacktrace.sh works most of the time. > > > > Sounds like BTS needs fixing up again. Thanks for looking at it though! > > In case it matters, it looks like the address of the oops comes down to > > linux.git/kernel/events/core.c:6393 > > size += data->callchain->nr; > nice ;-) we can actual fake cpu event to become the bts event and relay on that EARLY callchain stuff I can bring my server down by: perf record -e cpu/event=0xc4/p -g -c 1 where 0xc4 is the branch instructions events I guess something like below could prevent it, but haven't tested it yet, will do next week jirka --- diff --git a/arch/x86/events/intel/ds.c b/arch/x86/events/intel/ds.c index b7b01d762d32..1049b547fdfe 100644 --- a/arch/x86/events/intel/ds.c +++ b/arch/x86/events/intel/ds.c @@ -577,6 +577,8 @@ void intel_pmu_disable_bts(void) update_debugctlmsr(debugctlmsr); } +static struct perf_callchain_entry __empty_callchain = { .nr = 0, }; + int intel_pmu_drain_bts_buffer(void) { struct cpu_hw_events *cpuc = this_cpu_ptr(&cpu_hw_events); @@ -612,6 +614,9 @@ int intel_pmu_drain_bts_buffer(void) perf_sample_data_init(&data, 0, event->hw.last_period); + if (event->attr.sample_type & __PERF_SAMPLE_CALLCHAIN_EARLY) + data.callchain = &__empty_callchain; + /* * BTS leaks kernel addresses in branches across the cpl boundary, * such as traps or system calls, so unless the user is asking for