Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp80105pxk; Mon, 5 Oct 2020 18:28:50 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyQL0jsgzE7KryEki+KH6jL4ooMqswkqaGxy/Z+b5BaJ7qDdQUYOlwPBpyh2JxyuhmJQ8fZ X-Received: by 2002:a05:6402:605:: with SMTP id n5mr2614639edv.373.1601947730020; Mon, 05 Oct 2020 18:28:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1601947730; cv=none; d=google.com; s=arc-20160816; b=0FdWEfAg5d/XlshuuJbmlc7W+XAkXRCHcEE1N/OD/zjqGfoNx56N+hLx+uqqzi2CAz 3Fc4iaGEG7ckLNB4cT6/90dTBToeAGzSJ9qN59BZDob7b3N6zmusXExodFMm+Mtx2nLD t8HSmyAZGt9PNxNM+/S+QZS7L1VUlMTgnjWZ/IWouTR+DHbh2SUYy+hGGL48Q73Ax79W jhHX6OdwhUOp8Glvzwn6Ntv6rmNuUy4TXag9ngA+KZlRND/sOBt7+q7Nbr2B9TEtRrQ2 QdMpY/3+EWtCjhBBtIBuRcUnsBHeXbIAc1Id3F1HEnrnPs9Zimk/pbUrv1K5/Am1nsXt 93CA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version; bh=eEn/BbqJAigLNYaVm32cPXAksF2y350jGRnAefzYvYw=; b=Zq0JkBAde/eKZAOdWee1J5rww5iBKVB04cHMwadWRxfhWX0sTZTtG4XafJHhDMZbkn CFJrUXUjN0OSprfZyUMp2JBba3FZNkl9qZbkNQ7SglIUta9FbXR7SmUVNbZhGLwBnN2I b8zkkn1vtndt0J/yhSz8AFIUISxdTXVZv73U+qLOTXM5HgAbTSVePBOgKw9vFdWbyom/ ygZLUJK9cTlnZcWjBDBvWXvRbXanCTkBdbdVH4z8J13XFA/iOfFSymrMzJKNq7G2Cr6J iRHHhgaWZGEHe5b2m2FRe72FNTw5bHbIlRJBuFvRLoXoQY8axLN5tuRWLjQjPX+jRgWp qWHw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z30si1187136edi.478.2020.10.05.18.28.27; Mon, 05 Oct 2020 18:28:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726636AbgJFB0L (ORCPT + 99 others); Mon, 5 Oct 2020 21:26:11 -0400 Received: from mail-wm1-f68.google.com ([209.85.128.68]:56161 "EHLO mail-wm1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725901AbgJFB0L (ORCPT ); Mon, 5 Oct 2020 21:26:11 -0400 Received: by mail-wm1-f68.google.com with SMTP id d4so1231989wmd.5 for ; Mon, 05 Oct 2020 18:26:09 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=eEn/BbqJAigLNYaVm32cPXAksF2y350jGRnAefzYvYw=; b=ixx4aFNZ/u+W1ubTDKWb+XPA3JmwhOw7uXhn4FTAJQf4i12pSXnZQ2q2VU3BQBh4xK Ghm3u81DEPpkuVAGI6dlbDlsICDUUdM4T78i+T6oOt2jNJDTLPNgeC2wfg3tkTXrTfSv GI5ul94epHfaumNeIeNuNg/OoqsLcXdCG8oeYTULfPa0xZTTx0Dkdx8vPaLXYKDjHg69 KOh7zhn8jG6wcHrvcudbdmqgrIxKl+DKp1TaNNawpaUz1+W/uQTuWMEce2R1Nhc3P24L gQ/lCK/I7DMhhbmr/DtLpw4lz56XJIPDdqAkP4UPDCPI0/kHtrCuVdiQaGQvn+ojOWSr rycg== X-Gm-Message-State: AOAM53369V2BQITooI8GAQK631ZIIZ2k8WmfJpenW3eBpYA3kqoqCwUv lybxENQNMmdX1JRHTiAhzn18EnzAE3nM+cKNYVY= X-Received: by 2002:a1c:6341:: with SMTP id x62mr1997325wmb.70.1601947568715; Mon, 05 Oct 2020 18:26:08 -0700 (PDT) MIME-Version: 1.0 References: <20201001115729.27116-1-song.bao.hua@hisilicon.com> <20201001230653.GM50079@tassilo.jf.intel.com> In-Reply-To: From: Namhyung Kim Date: Tue, 6 Oct 2020 10:25:57 +0900 Message-ID: Subject: Re: [PATCH] perf evlist: fix memory corruption for Kernel PMU event To: "Song Bao Hua (Barry Song)" Cc: Andi Kleen , "linux-kernel@vger.kernel.org" , Linuxarm , Peter Zijlstra , Ingo Molnar , Arnaldo Carvalho de Melo , Mark Rutland , Alexander Shishkin , Jiri Olsa , Adrian Hunter , Alexey Budankov Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello, On Fri, Oct 2, 2020 at 12:02 PM Song Bao Hua (Barry Song) wrote: > > > > > -----Original Message----- > > From: Andi Kleen [mailto:ak@linux.intel.com] > > Sent: Friday, October 2, 2020 12:07 PM > > To: Song Bao Hua (Barry Song) > > Cc: linux-kernel@vger.kernel.org; Linuxarm ; Peter > > Zijlstra ; Ingo Molnar ; Arnaldo > > Carvalho de Melo ; Mark Rutland > > ; Alexander Shishkin > > ; Jiri Olsa ; > > Namhyung Kim ; Adrian Hunter > > ; Alexey Budankov > > > > Subject: Re: [PATCH] perf evlist: fix memory corruption for Kernel PMU event > > > > On Fri, Oct 02, 2020 at 12:57:29AM +1300, Barry Song wrote: > > > Commit 7736627b865d ("perf stat: Use affinity for closing file > > > descriptors") will use FD(evsel, cpu, thread) to read and write file > > > descriptors xyarray. For a kernel PMU event, this leads to serious > > > memory corruption and perf crash. > > > I have seen evlist->core.cpus->nr is 1 while evsel has cpus->nr with > > > the total number of CPUs. so xyarray which is allocated by > > > evlist->core.cpus->nr will get overflow. This leads to various > > > segmentation faults in perf tool for kernel PMU events, eg: > > > ./perf stat -e bus_cycles sleep 1 > > > *** Error in `./perf': free(): invalid next size (fast): > > > 0x00000000401e6370 *** Aborted (core dumped) > > > > Thanks. > > > > I believe there is already a patch queued for this. > > Andi, thanks! Could you share the link or the commit ID? I'd like to take a look at the fix. > I could still reproduce this issue in the latest linus' tree and I didn't find any commit > related to this issue in linux-next and tip/perf/core. I think Andi was referring to this discussion which is not merged yet: https://lore.kernel.org/lkml/20200922031346.15051-2-liwei391@huawei.com/ I suggested a patch at the end. Can you please try it? Thanks Namhyung