Received: by 2002:a05:6358:16cc:b0:ea:6187:17c9 with SMTP id r12csp5899818rwl; Thu, 29 Dec 2022 04:50:46 -0800 (PST) X-Google-Smtp-Source: AMrXdXvKibf7lS4smUAtc1oOow1iID7h79WlOMoThUl7rRxef8AVfCSeR97yLfNEpL7bv3ZmUCu/ X-Received: by 2002:a05:6a21:32a5:b0:a4:93ca:a2d with SMTP id yt37-20020a056a2132a500b000a493ca0a2dmr51205865pzb.49.1672318246644; Thu, 29 Dec 2022 04:50:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672318246; cv=none; d=google.com; s=arc-20160816; b=mXb0iZ0933Vo4NygIIypGC7GcF7OQai+/F5PZ3R6XuEQ/Y8fFqWW0YWPIkhTAT1I8H eskXv8lQK+oZK2vWMqDUduOWMAC5W57atj9v4fJkZDTkGCNPoa+Y8W7g4yoWCE9lCXgT fSQRfYVz6k6RYoKklmZhZOHw3w5iMm6i2Cucdo4X+JiQpHGjck6KZ8inReohSX3stR/r sizpJrWiO0ABtyyuRHUJKVmGR6/hQWIHCfYiRrCBwDGOByYP33IcRevBK9x5/nkYOd1K IYFUg3mT+ecPD8w0W0CGDNxYrIyyORHO6ZaPHYYcdHteR1RHo+sf96bNAHsorzFuNtMK 0Znw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=idRBMrjX7u3gE4xTfiHsjQkCh6mziBE4UKBduU1mw6U=; b=TqxvFYXU/NQjFtooMtvf0IRo46tfMIUfVk+ENiNZtUfu5s7WdUuG0P1cgxfYOp9ai0 gKFju75ZZCZ54FKN0OXC3eIqPIvg9eFJGtgSRSWriTvwWxmMgnTiIDj008bv8JnyciqJ rlVKhRAfyxSaVWNE3bHTq/RlpMMQ/nFxdM2NhVFvCgAH/NJIE5rYEhD4rUIEXLwOMuV6 tE/Q8yArfL3H8cP3Pc5mUaztsopE8DcTDWAht2uzpQ33qW61Gpou20Znr8tIgkoQGFZg dAOJ84I4uqnZkGJyQZiceLmgel9+tO95sGRCkozJWvdsRy/ZS9/O315aD7nnXOJsNaxB +dxg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r12-20020a65498c000000b00477b7f8d5a4si19383538pgs.620.2022.12.29.04.50.38; Thu, 29 Dec 2022 04:50:46 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233317AbiL2MpZ (ORCPT + 62 others); Thu, 29 Dec 2022 07:45:25 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35558 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233326AbiL2MpV (ORCPT ); Thu, 29 Dec 2022 07:45:21 -0500 Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 482EF13D6C; Thu, 29 Dec 2022 04:45:18 -0800 (PST) Received: from kwepemm600003.china.huawei.com (unknown [172.30.72.55]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4NjSkK5T7kzJqkX; Thu, 29 Dec 2022 20:43:53 +0800 (CST) Received: from [10.67.111.205] (10.67.111.205) by kwepemm600003.china.huawei.com (7.193.23.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Thu, 29 Dec 2022 20:44:31 +0800 Subject: Re: [PATCH] perf record: Fix coredump with --overwrite and --max-size To: Namhyung Kim CC: , , , , , , , , References: <20221227130701.124278-1-yangjihong1@huawei.com> From: Yang Jihong Message-ID: <730b1733-8778-8b82-3751-a14905cef114@huawei.com> Date: Thu, 29 Dec 2022 20:44:31 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.6.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8"; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [10.67.111.205] X-ClientProxiedBy: dggems706-chm.china.huawei.com (10.3.19.183) To kwepemm600003.china.huawei.com (7.193.23.202) X-CFilter-Loop: Reflected X-Spam-Status: No, score=-5.3 required=5.0 tests=BAYES_00,NICE_REPLY_A, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello, On 2022/12/28 5:05, Namhyung Kim wrote: > On Tue, Dec 27, 2022 at 5:10 AM Yang Jihong wrote: >> >> When --overwrite and --max-size options of perf record are used together, >> a segmentation fault occurs. The following is an example: >> >> # perf record -e sched:sched* --overwrite --max-size 1M -a -- sleep 1 >> [ perf record: Woken up 1 times to write data ] >> perf: Segmentation fault >> Obtained 1 stack frames. >> [0xc4c67f] >> Segmentation fault (core dumped) >> >> backtrace of the core file is as follows: >> >> #0 0x0000000000417990 in process_locked_synthesized_event (tool=0x0, event=0x15, sample=0x1de0, machine=0xf8) at builtin-record.c:630 >> #1 0x000000000057ee53 in perf_event__synthesize_threads (nr_threads_synthesize=21, mmap_data=, needs_mmap=, machine=0x17ad9b0, process=, tool=0x0) at util/synthetic-events.c:1950 >> #2 __machine__synthesize_threads (nr_threads_synthesize=0, data_mmap=, needs_mmap=, process=, threads=0x8, target=0x8, tool=0x0, machine=0x17ad9b0) at util/synthetic-events.c:1936 >> #3 machine__synthesize_threads (machine=0x17ad9b0, target=0x8, threads=0x8, needs_mmap=, data_mmap=, nr_threads_synthesize=0) at util/synthetic-events.c:1947 >> #4 0x000000000040165d in record__synthesize (tail=, rec=0xbe2520 ) at builtin-record.c:2010 >> #5 0x0000000000403989 in __cmd_record (argc=, argv=, rec=0xbe2520 ) at builtin-record.c:2810 >> #6 0x00000000004196ba in record__init_thread_user_masks (rec=0xbe2520 , cpus=0x17a65f0) at builtin-record.c:3837 >> #7 record__init_thread_masks (rec=0xbe2520 ) at builtin-record.c:3938 >> #8 cmd_record (argc=1, argv=0x7ffdd692dc60) at builtin-record.c:4241 >> #9 0x00000000004b701d in pager_command_config (var=0x0, value=0x15 , data=0x1de0) at perf.c:117 >> #10 0x00000000004b732b in get_leaf_frame_caller_aarch64 (sample=0xfffffffb, thread=0x0, usr_idx=) at util/arm64-frame-pointer-unwind-support.c:56 >> #11 0x0000000000406331 in execv_dashed_external (argv=0x7ffdd692d9e8) at perf.c:410 >> #12 run_argv (argcp=, argv=) at perf.c:431 >> #13 main (argc=, argv=0x7ffdd692d9e8) at perf.c:562 > > I'm not sure this callstack is correct. This is the backtrace printed by using the gdb to debug the core file, which should be normal. The preceding example should trigger this problem as long as the perf file reaches max_size. > >> >> The reason is that record__bytes_written accesses the freed memory rec->thread_data, >> The process is as follows: >> __cmd_record >> -> record__free_thread_data >> -> zfree(&rec->thread_data) // free rec->thread_data >> -> record__synthesize >> -> perf_event__synthesize_id_index >> -> process_synthesized_event >> -> record__write >> -> record__bytes_written // access rec->thread_data >> >> In the overwrite scenario, to synthesize non-sample events, >> we do not need to check perf size limit. > > Hmm.. I think we should prevent this kind of access after > record__free_thread_data(). We may set nr_threads to 0 > and save the bytes_written for threads separately. Ok, will change in next version. > the value of done is 1 here, Therefore, we only need to check the value of done first. Thanks, Yang. > Thanks, > Namhyung > > >> >> Fixes: 6d57581659f7 ("perf record: Add support for limit perf output file size") >> Signed-off-by: Yang Jihong >> --- >> tools/perf/builtin-record.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/tools/perf/builtin-record.c b/tools/perf/builtin-record.c >> index 29dcd454b8e2..c5f169150d63 100644 >> --- a/tools/perf/builtin-record.c >> +++ b/tools/perf/builtin-record.c >> @@ -260,7 +260,7 @@ static int record__write(struct record *rec, struct mmap *map __maybe_unused, >> else >> rec->bytes_written += size; >> >> - if (record__output_max_size_exceeded(rec) && !done) { >> + if (!rec->opts.tail_synthesize && record__output_max_size_exceeded(rec) && !done) { >> fprintf(stderr, "[ perf record: perf size limit reached (%" PRIu64 " KB)," >> " stopping session ]\n", >> record__bytes_written(rec) >> 10); >> -- >> 2.17.1 >> > . >