Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp2370488pxb; Mon, 20 Sep 2021 20:26:14 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzMqm1EDJofeV0rCrB9xioVyqTS5PQuOo5uOnSUt5gQegs7pruTwkwwxYZMNQGEL+6RE7Hg X-Received: by 2002:a05:6402:21f4:: with SMTP id ce20mr27236394edb.260.1632194773938; Mon, 20 Sep 2021 20:26:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1632194773; cv=none; d=google.com; s=arc-20160816; b=YyaSkSrcnbtMajFKNWYFUrRRBsgmf61xLQHtRhFQV0GiG1qaWH8gwJ1WlKr271R7+K hcHBqab+TDVa9wNCKBqVFr6znSQicQpI4CqWoYCfY4g+CPJchzw/hQsJWqHeWDcMCptk lcB6E4yEqziAUZlejx/TQ9ovOELe4fqfsngENbPWkrem/KeV+h2G6Mit7HMR7AYFNJ71 FflFaqSIa3yJ7isS9y98IbEk7692NLJyabosPfRn9QLnABPkrYs1ssoYVCH+SN8OQTfy 60wHO6UiqrQff7qygcK2TSUm+fjWhmHTdIy8xr6N9kwmDU9mqiiSw520sBmGK2QzBGKo aTIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=5zqkI5XO49z8pCBF/rQ9aKk4u1fszJaFtUvLaXmCedk=; b=nEumpgaBvEC46Bhf2cWbdqF/fj7hOUpS0TtHoztjZdYdFnGnpSMBDJjjWKfSN/8jlf DFW6B/FYGFAcdkV7q8FqcjlUoCmpQGiUQlwJuKsayk3tNON5dxQga+1piKWkIByW4nts dVm9i4R1PZO/KrPYfJ3kLr4NzdD3xrQF+AZyrBwdIpcJZFPeq8xmMKOTJaWHYPYTNTBR ViYv50wwjpP4GAwXDGCdp9RxVA4+gijHLw+g2zXe9jP0v6fsg4UpOSzShnSOHsXkkrLL WZHfIXo7P60YDc4ibF2lDJZYjqAWV6iZ2J83qyY9hL2T7ZXljgCXFINcEkoRVS4RysZq JP+w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="wRY/PVnw"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y12si13251725ede.501.2021.09.20.20.25.50; Mon, 20 Sep 2021 20:26:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="wRY/PVnw"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1378753AbhITS0V (ORCPT + 99 others); Mon, 20 Sep 2021 14:26:21 -0400 Received: from mail.kernel.org ([198.145.29.99]:40406 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1377314AbhITSSS (ORCPT ); Mon, 20 Sep 2021 14:18:18 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id D3EB161A58; Mon, 20 Sep 2021 17:22:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1632158571; bh=ZE+VVyjQKp9zx49qFnngDF1MT5JsCCwhR5VgDl3qXyo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=wRY/PVnwAFBojkgYD059Hd06DtTjrYWirlv4Sm57u2ImGW/xufoOgT8p1m2f+z76i iZx2IUkrMvG96Fewzv8gNd7IR4+WcS0JX/yaLIjR/+DZiOjAxn7/IyXptg5Ekr3D70 Z3mVyGPJ/c3THwIYfAn3AF181Y7KEQbndcoafvIs= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Michael Petlan , Milian Wolff , Jiri Olsa , Juri Lelli , Arnaldo Carvalho de Melo Subject: [PATCH 5.4 216/260] perf machine: Initialize srcline string member in add_location struct Date: Mon, 20 Sep 2021 18:43:54 +0200 Message-Id: <20210920163938.451074433@linuxfoundation.org> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20210920163931.123590023@linuxfoundation.org> References: <20210920163931.123590023@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Michael Petlan commit 57f0ff059e3daa4e70a811cb1d31a49968262d20 upstream. It's later supposed to be either a correct address or NULL. Without the initialization, it may contain an undefined value which results in the following segmentation fault: # perf top --sort comm -g --ignore-callees=do_idle terminates with: #0 0x00007ffff56b7685 in __strlen_avx2 () from /lib64/libc.so.6 #1 0x00007ffff55e3802 in strdup () from /lib64/libc.so.6 #2 0x00005555558cb139 in hist_entry__init (callchain_size=, sample_self=true, template=0x7fffde7fb110, he=0x7fffd801c250) at util/hist.c:489 #3 hist_entry__new (template=template@entry=0x7fffde7fb110, sample_self=sample_self@entry=true) at util/hist.c:564 #4 0x00005555558cb4ba in hists__findnew_entry (hists=hists@entry=0x5555561d9e38, entry=entry@entry=0x7fffde7fb110, al=al@entry=0x7fffde7fb420, sample_self=sample_self@entry=true) at util/hist.c:657 #5 0x00005555558cba1b in __hists__add_entry (hists=hists@entry=0x5555561d9e38, al=0x7fffde7fb420, sym_parent=, bi=bi@entry=0x0, mi=mi@entry=0x0, sample=sample@entry=0x7fffde7fb4b0, sample_self=true, ops=0x0, block_info=0x0) at util/hist.c:288 #6 0x00005555558cbb70 in hists__add_entry (sample_self=true, sample=0x7fffde7fb4b0, mi=0x0, bi=0x0, sym_parent=, al=, hists=0x5555561d9e38) at util/hist.c:1056 #7 iter_add_single_cumulative_entry (iter=0x7fffde7fb460, al=) at util/hist.c:1056 #8 0x00005555558cc8a4 in hist_entry_iter__add (iter=iter@entry=0x7fffde7fb460, al=al@entry=0x7fffde7fb420, max_stack_depth=, arg=arg@entry=0x7fffffff7db0) at util/hist.c:1231 #9 0x00005555557cdc9a in perf_event__process_sample (machine=, sample=0x7fffde7fb4b0, evsel=, event=, tool=0x7fffffff7db0) at builtin-top.c:842 #10 deliver_event (qe=, qevent=) at builtin-top.c:1202 #11 0x00005555558a9318 in do_flush (show_progress=false, oe=0x7fffffff80e0) at util/ordered-events.c:244 #12 __ordered_events__flush (oe=oe@entry=0x7fffffff80e0, how=how@entry=OE_FLUSH__TOP, timestamp=timestamp@entry=0) at util/ordered-events.c:323 #13 0x00005555558a9789 in __ordered_events__flush (timestamp=, how=, oe=) at util/ordered-events.c:339 #14 ordered_events__flush (how=OE_FLUSH__TOP, oe=0x7fffffff80e0) at util/ordered-events.c:341 #15 ordered_events__flush (oe=oe@entry=0x7fffffff80e0, how=how@entry=OE_FLUSH__TOP) at util/ordered-events.c:339 #16 0x00005555557cd631 in process_thread (arg=0x7fffffff7db0) at builtin-top.c:1114 #17 0x00007ffff7bb817a in start_thread () from /lib64/libpthread.so.0 #18 0x00007ffff5656dc3 in clone () from /lib64/libc.so.6 If you look at the frame #2, the code is: 488 if (he->srcline) { 489 he->srcline = strdup(he->srcline); 490 if (he->srcline == NULL) 491 goto err_rawdata; 492 } If he->srcline is not NULL (it is not NULL if it is uninitialized rubbish), it gets strdupped and strdupping a rubbish random string causes the problem. Also, if you look at the commit 1fb7d06a509e, it adds the srcline property into the struct, but not initializing it everywhere needed. Committer notes: Now I see, when using --ignore-callees=do_idle we end up here at line 2189 in add_callchain_ip(): 2181 if (al.sym != NULL) { 2182 if (perf_hpp_list.parent && !*parent && 2183 symbol__match_regex(al.sym, &parent_regex)) 2184 *parent = al.sym; 2185 else if (have_ignore_callees && root_al && 2186 symbol__match_regex(al.sym, &ignore_callees_regex)) { 2187 /* Treat this symbol as the root, 2188 forgetting its callees. */ 2189 *root_al = al; 2190 callchain_cursor_reset(cursor); 2191 } 2192 } And the al that doesn't have the ->srcline field initialized will be copied to the root_al, so then, back to: 1211 int hist_entry_iter__add(struct hist_entry_iter *iter, struct addr_location *al, 1212 int max_stack_depth, void *arg) 1213 { 1214 int err, err2; 1215 struct map *alm = NULL; 1216 1217 if (al) 1218 alm = map__get(al->map); 1219 1220 err = sample__resolve_callchain(iter->sample, &callchain_cursor, &iter->parent, 1221 iter->evsel, al, max_stack_depth); 1222 if (err) { 1223 map__put(alm); 1224 return err; 1225 } 1226 1227 err = iter->ops->prepare_entry(iter, al); 1228 if (err) 1229 goto out; 1230 1231 err = iter->ops->add_single_entry(iter, al); 1232 if (err) 1233 goto out; 1234 That al at line 1221 is what hist_entry_iter__add() (called from sample__resolve_callchain()) saw as 'root_al', and then: iter->ops->add_single_entry(iter, al); will go on with al->srcline with a bogus value, I'll add the above sequence to the cset and apply, thanks! Signed-off-by: Michael Petlan CC: Milian Wolff Cc: Jiri Olsa Fixes: 1fb7d06a509e ("perf report Use srcline from callchain for hist entries") Link: https //lore.kernel.org/r/20210719145332.29747-1-mpetlan@redhat.com Reported-by: Juri Lelli Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Greg Kroah-Hartman --- tools/perf/util/machine.c | 1 + 1 file changed, 1 insertion(+) --- a/tools/perf/util/machine.c +++ b/tools/perf/util/machine.c @@ -2020,6 +2020,7 @@ static int add_callchain_ip(struct threa al.filtered = 0; al.sym = NULL; + al.srcline = NULL; if (!cpumode) { thread__find_cpumode_addr_location(thread, ip, &al); } else {