Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
From:   Leo Yan <leo.yan@linaro.org>
To:     Arnaldo Carvalho de Melo <acme@kernel.org>,
        Namhyung Kim <namhyung@kernel.org>,
        Ingo Molnar <mingo@redhat.com>,
        Mark Rutland <mark.rutland@arm.com>,
        Alexander Shishkin <alexander.shishkin@linux.intel.com>,
        Jiri Olsa <jolsa@kernel.org>,
        Adrian Hunter <adrian.hunter@intel.com>,
        linux-perf-users@vger.kernel.org, linux-kernel@vger.kernel.org
Cc:     Leo Yan <leo.yan@linaro.org>
Subject: [PATCH] perf record: Fix segmentation fault in record__read_lost_samples()
Date:   Sat, 24 Sep 2022 19:33:46 +0800
Message-Id: <20220924113346.1110909-1-leo.yan@linaro.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Commit a49aa8a54e86 ("perf record: Read and inject LOST_SAMPLES events")
causes segmentation fault when run the "perf mem record" command in
unprivileged mode, the output log is:

  $ ./perf mem record --all-user -o perf_test.data -- ./test_program
  Error:
  Access to performance monitoring and observability operations is limited.
  Consider adjusting /proc/sys/kernel/perf_event_paranoid setting to open
  access to performance monitoring and observability operations for processes
  without CAP_PERFMON, CAP_SYS_PTRACE or CAP_SYS_ADMIN Linux capability.
  More information can be found at 'Perf events and tool security' document:
  https://www.kernel.org/doc/html/latest/admin-guide/perf-security.html
  perf_event_paranoid setting is 4:
    -1: Allow use of (almost) all events by all users
        Ignore mlock limit after perf_event_mlock_kb without CAP_IPC_LOCK
  >= 0: Disallow raw and ftrace function tracepoint access
  >= 1: Disallow CPU event access
  >= 2: Disallow kernel profiling
  To make the adjusted perf_event_paranoid setting permanent preserve it
  in /etc/sysctl.conf (e.g. kernel.perf_event_paranoid = <setting>)
  perf: Segmentation fault
  Obtained 16 stack frames.
  ./perf(dump_stack+0x31) [0x55b7aa1e8070]
  ./perf(sighandler_dump_stack+0x36) [0x55b7aa1e815e]
  ./perf(+0xc9120) [0x55b7aa0a9120]
  /lib/x86_64-linux-gnu/libc.so.6(+0x4251f) [0x7fd03ef8151f]
  ./perf(+0xccaca) [0x55b7aa0acaca]
  ./perf(+0xcf4ab) [0x55b7aa0af4ab]
  ./perf(cmd_record+0xd50) [0x55b7aa0b28df]
  ./perf(+0x112f77) [0x55b7aa0f2f77]
  ./perf(cmd_mem+0x53b) [0x55b7aa0f406c]
  ./perf(+0x19979c) [0x55b7aa17979c]
  ./perf(+0x199a37) [0x55b7aa179a37]
  ./perf(+0x199b95) [0x55b7aa179b95]
  ./perf(main+0x2c7) [0x55b7aa179fbd]
  /lib/x86_64-linux-gnu/libc.so.6(+0x29d8f) [0x7fd03ef68d8f]
  /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x7f) [0x7fd03ef68e3f]
  ./perf(_start+0x24) [0x55b7aa089974]
  Segmentation fault (core dumped)

In the unprivileged mode perf fails to open PMU event, the function
record__open() returns error and "session->evlist" is NULL; this leads
to segmentation fault when iterates "session->evlist" in the function
record__read_lost_samples().

This patch checks "session->evlist" in record__read_lost_samples(), if
"session->evlist" is NULL then the function directly bails out to avoid
segmentation fault.

Fixes: a49aa8a54e86 ("perf record: Read and inject LOST_SAMPLES events")
Signed-off-by: Leo Yan <leo.yan@linaro.org>
---
 tools/perf/builtin-record.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tools/perf/builtin-record.c b/tools/perf/builtin-record.c
index 02e38f50a138..012b46dd4999 100644
--- a/tools/perf/builtin-record.c
+++ b/tools/perf/builtin-record.c
@@ -1888,6 +1888,10 @@ static void record__read_lost_samples(struct record *rec)
 	struct perf_record_lost_samples *lost;
 	struct evsel *evsel;
 
+	/* No any event is opened, directly bail out */
+	if (!session->evlist)
+		return;
+
 	lost = zalloc(PERF_SAMPLE_MAX_SIZE);
 	if (lost == NULL) {
 		pr_debug("Memory allocation failed\n");
-- 
2.34.1