Received: by 2002:a05:6358:16cc:b0:ea:6187:17c9 with SMTP id r12csp3680987rwl; Tue, 27 Dec 2022 13:11:30 -0800 (PST) X-Google-Smtp-Source: AMrXdXs8ouvk1rHgTBdKMlDsjTLXsUyLtFqSDu1BsX6arGFt9423sgivq5wqItY/3kwY6OPXl8ev X-Received: by 2002:a05:6300:811c:b0:ad:4be8:5984 with SMTP id bs28-20020a056300811c00b000ad4be85984mr27913103pzc.27.1672175490049; Tue, 27 Dec 2022 13:11:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672175490; cv=none; d=google.com; s=arc-20160816; b=Ap1RVXWXJ2YaBJ5rRdl8xWZ5qIZSzOyswsTRdYOVA4obyx4knBoXodCac5sYA3yjBb mxezJAerJLKt6XSM6NbIbaAhtGLwEs3z1PMY/FY7egrwsh/qFHlLarl9iuXEHCudTBR/ TKbKOQnopnjT9fxjEKS6zko5FMOz79vUeShiHcLxcWjswjcCPIG2ofETefYYoPL+TKdM +uIVVUihXGoemaLsYz38ZoYs64UeVWKBQOVfDWmMz2D63NtfX/H4h3BtaKuJGlpoEXS7 eBPV6wUiwgN+LbOXfwqv7lNvBEaBWvJi2Z+DkvhGx3yzFfrqURoS5Tw89Ld6ntG2CUPT UhKg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version; bh=vv+ZjSlUuwa317vbQX/rH0BLAZD6zsIjkQVH3w5ABrI=; b=A9BUdS/K3TxCEf2VCYqH95N9nI+1ITUDUK5tDwJc40C6AryrF1kkn1xvsQfVcrDdte FE8Qw34+xtwD3hbWfjWfwGZkgFCNScvvetOzLnnSuhdIwk9wO9RjU857MvePhhGshcs3 3/+/sfvOP1/GfN5LFbiw7VP0vJsz5VIcarkDiRZpNgVx3LeyKEZOrNoyovbCc/3VAt10 GV3Jnowre1DxwxLReEJkfZJbTs8LPFa1nwL6x8hI8yj8y+8ZNGVUJPwO8FsHn76vr/z/ 6kE4c9ZkAOLlUXrMD7mqJNX6oAzEJNLqCjOv19nMifFayt3RaJvhX6TmZlrwG0rfWb1R Xp5Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id v19-20020a63d553000000b004782b471222si14691341pgi.223.2022.12.27.13.11.20; Tue, 27 Dec 2022 13:11:30 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232386AbiL0VKF (ORCPT + 66 others); Tue, 27 Dec 2022 16:10:05 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46098 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232347AbiL0VJQ (ORCPT ); Tue, 27 Dec 2022 16:09:16 -0500 Received: from mail-io1-f44.google.com (mail-io1-f44.google.com [209.85.166.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D4BE5DEB3; Tue, 27 Dec 2022 13:06:06 -0800 (PST) Received: by mail-io1-f44.google.com with SMTP id h6so7428647iof.9; Tue, 27 Dec 2022 13:06:06 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=vv+ZjSlUuwa317vbQX/rH0BLAZD6zsIjkQVH3w5ABrI=; b=ofPrzENKSDMOhKOytTnY4pk2WDF2jJNabvG1NNyZ0t+nDUODMzO0KnzFOhuIxNl/Al AVlNQNEAKivhHsdAOE3zhunzNWNCKqBsSGZUT7pg0ly2T2dRVdYfTpzj5YuQZ1RsRHX4 inZqV5J+YOVQpMzMFf2X2Q8AX6SF7NannlgJuXLSOmePGBV1ftBp1lS5+9/Dt9lSUyXp YMRl3sBOkoQcjvMlpvZckvgwk09pAFysWK6sRQZpHaMgtYaH2MwDLSFbYOsysIqRER14 nuOEIl3uauDrzuRqVAv1tRJkckxsrmBKWaIueqjgftUM4pabOWwAqohi2ZQV9qmi5xTa 4lPw== X-Gm-Message-State: AFqh2krwlOxHsxPMImAZHmRwl1s964f5Eni80lBVaFzAwAbBPPaqK5o2 nB+H1AXKc+sGMc0wyiPYeeWUSOGpSPdS0egBfou7qHhvG7Y= X-Received: by 2002:a02:8562:0:b0:38a:4fbc:b85a with SMTP id g89-20020a028562000000b0038a4fbcb85amr1858364jai.277.1672175166010; Tue, 27 Dec 2022 13:06:06 -0800 (PST) MIME-Version: 1.0 References: <20221227130701.124278-1-yangjihong1@huawei.com> In-Reply-To: <20221227130701.124278-1-yangjihong1@huawei.com> From: Namhyung Kim Date: Tue, 27 Dec 2022 13:05:54 -0800 Message-ID: Subject: Re: [PATCH] perf record: Fix coredump with --overwrite and --max-size To: Yang Jihong Cc: peterz@infradead.org, mingo@redhat.com, acme@kernel.org, mark.rutland@arm.com, alexander.shishkin@linux.intel.com, jolsa@kernel.org, jiwei.sun@windriver.com, linux-perf-users@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.6 required=5.0 tests=BAYES_00, FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Dec 27, 2022 at 5:10 AM Yang Jihong wrote: > > When --overwrite and --max-size options of perf record are used together, > a segmentation fault occurs. The following is an example: > > # perf record -e sched:sched* --overwrite --max-size 1M -a -- sleep 1 > [ perf record: Woken up 1 times to write data ] > perf: Segmentation fault > Obtained 1 stack frames. > [0xc4c67f] > Segmentation fault (core dumped) > > backtrace of the core file is as follows: > > #0 0x0000000000417990 in process_locked_synthesized_event (tool=0x0, event=0x15, sample=0x1de0, machine=0xf8) at builtin-record.c:630 > #1 0x000000000057ee53 in perf_event__synthesize_threads (nr_threads_synthesize=21, mmap_data=, needs_mmap=, machine=0x17ad9b0, process=, tool=0x0) at util/synthetic-events.c:1950 > #2 __machine__synthesize_threads (nr_threads_synthesize=0, data_mmap=, needs_mmap=, process=, threads=0x8, target=0x8, tool=0x0, machine=0x17ad9b0) at util/synthetic-events.c:1936 > #3 machine__synthesize_threads (machine=0x17ad9b0, target=0x8, threads=0x8, needs_mmap=, data_mmap=, nr_threads_synthesize=0) at util/synthetic-events.c:1947 > #4 0x000000000040165d in record__synthesize (tail=, rec=0xbe2520 ) at builtin-record.c:2010 > #5 0x0000000000403989 in __cmd_record (argc=, argv=, rec=0xbe2520 ) at builtin-record.c:2810 > #6 0x00000000004196ba in record__init_thread_user_masks (rec=0xbe2520 , cpus=0x17a65f0) at builtin-record.c:3837 > #7 record__init_thread_masks (rec=0xbe2520 ) at builtin-record.c:3938 > #8 cmd_record (argc=1, argv=0x7ffdd692dc60) at builtin-record.c:4241 > #9 0x00000000004b701d in pager_command_config (var=0x0, value=0x15 , data=0x1de0) at perf.c:117 > #10 0x00000000004b732b in get_leaf_frame_caller_aarch64 (sample=0xfffffffb, thread=0x0, usr_idx=) at util/arm64-frame-pointer-unwind-support.c:56 > #11 0x0000000000406331 in execv_dashed_external (argv=0x7ffdd692d9e8) at perf.c:410 > #12 run_argv (argcp=, argv=) at perf.c:431 > #13 main (argc=, argv=0x7ffdd692d9e8) at perf.c:562 I'm not sure this callstack is correct. > > The reason is that record__bytes_written accesses the freed memory rec->thread_data, > The process is as follows: > __cmd_record > -> record__free_thread_data > -> zfree(&rec->thread_data) // free rec->thread_data > -> record__synthesize > -> perf_event__synthesize_id_index > -> process_synthesized_event > -> record__write > -> record__bytes_written // access rec->thread_data > > In the overwrite scenario, to synthesize non-sample events, > we do not need to check perf size limit. Hmm.. I think we should prevent this kind of access after record__free_thread_data(). We may set nr_threads to 0 and save the bytes_written for threads separately. Thanks, Namhyung > > Fixes: 6d57581659f7 ("perf record: Add support for limit perf output file size") > Signed-off-by: Yang Jihong > --- > tools/perf/builtin-record.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/tools/perf/builtin-record.c b/tools/perf/builtin-record.c > index 29dcd454b8e2..c5f169150d63 100644 > --- a/tools/perf/builtin-record.c > +++ b/tools/perf/builtin-record.c > @@ -260,7 +260,7 @@ static int record__write(struct record *rec, struct mmap *map __maybe_unused, > else > rec->bytes_written += size; > > - if (record__output_max_size_exceeded(rec) && !done) { > + if (!rec->opts.tail_synthesize && record__output_max_size_exceeded(rec) && !done) { > fprintf(stderr, "[ perf record: perf size limit reached (%" PRIu64 " KB)," > " stopping session ]\n", > record__bytes_written(rec) >> 10); > -- > 2.17.1 >