lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20170510060423.GB2667@sejong>
Date:   Wed, 10 May 2017 15:04:23 +0900
From:   Namhyung Kim <namhyung@...nel.org>
To:     Milian Wolff <milian.wolff@...b.com>
Cc:     Linux-kernel@...r.kernel.org, linux-perf-users@...r.kernel.org,
        Arnaldo Carvalho de Melo <acme@...hat.com>,
        David Ahern <dsahern@...il.com>,
        Peter Zijlstra <a.p.zijlstra@...llo.nl>,
        Yao Jin <yao.jin@...ux.intel.com>, kernel-team@....com
Subject: Re: [PATCH] perf report: don't crash on invalid maps in `-g srcline`
 mode

On Tue, May 09, 2017 at 10:50:46PM +0200, Milian Wolff wrote:
> I just hit a segfault when doing `perf report -g srcline`.
> Valgrind pointed me at this code as the culprit:
> 
> ==8359== Invalid read of size 8
> ==8359==    at 0x3096D9: map__rip_2objdump (map.c:430)
> ==8359==    by 0x2FC1A3: match_chain_srcline (callchain.c:645)
> ==8359==    by 0x2FC1A3: match_chain (callchain.c:700)
> ==8359==    by 0x2FC1A3: append_chain (callchain.c:895)
> ==8359==    by 0x2FC1A3: append_chain_children (callchain.c:846)
> ==8359==    by 0x2FF719: callchain_append (callchain.c:944)
> ==8359==    by 0x2FF719: hist_entry__append_callchain (callchain.c:1058)
> ==8359==    by 0x32FA06: iter_add_single_cumulative_entry (hist.c:908)
> ==8359==    by 0x33195C: hist_entry_iter__add (hist.c:1050)
> ==8359==    by 0x258F65: process_sample_event (builtin-report.c:204)
> ==8359==    by 0x30D60C: perf_session__deliver_event (session.c:1310)
> ==8359==    by 0x30D60C: ordered_events__deliver_event (session.c:119)
> ==8359==    by 0x310D12: __ordered_events__flush (ordered-events.c:210)
> ==8359==    by 0x310D12: ordered_events__flush.part.3 (ordered-events.c:277)
> ==8359==    by 0x30DD3C: perf_session__process_user_event (session.c:1349)
> ==8359==    by 0x30DD3C: perf_session__process_event (session.c:1475)
> ==8359==    by 0x30FC3C: __perf_session__process_events (session.c:1867)
> ==8359==    by 0x30FC3C: perf_session__process_events (session.c:1921)
> ==8359==    by 0x25A985: __cmd_report (builtin-report.c:575)
> ==8359==    by 0x25A985: cmd_report (builtin-report.c:1054)
> ==8359==    by 0x2B9A80: run_builtin (perf.c:296)
> ==8359==  Address 0x70 is not stack'd, malloc'd or (recently) free'd
> 
> This patch fixes the issue.
> 
> Cc: Arnaldo Carvalho de Melo <acme@...hat.com>
> Cc: David Ahern <dsahern@...il.com>
> Cc: Namhyung Kim <namhyung@...nel.org>
> Cc: Peter Zijlstra <a.p.zijlstra@...llo.nl>
> Cc: Yao Jin <yao.jin@...ux.intel.com>
> Signed-off-by: Milian Wolff <milian.wolff@...b.com>
> ---
>  tools/perf/util/callchain.c | 23 ++++++++++++++++-------
>  1 file changed, 16 insertions(+), 7 deletions(-)
> 
> diff --git a/tools/perf/util/callchain.c b/tools/perf/util/callchain.c
> index 9ab68682c6d0..295f0846fd84 100644
> --- a/tools/perf/util/callchain.c
> +++ b/tools/perf/util/callchain.c
> @@ -642,13 +642,22 @@ static enum match_result match_chain_strings(const char *left,
>  static enum match_result match_chain_srcline(struct callchain_cursor_node *node,
>  					     struct callchain_list *cnode)
>  {
> -	char *left = get_srcline(cnode->ms.map->dso,
> -				 map__rip_2objdump(cnode->ms.map, cnode->ip),
> -				 cnode->ms.sym, true, false);
> -	char *right = get_srcline(node->map->dso,
> -				  map__rip_2objdump(node->map, node->ip),
> -				  node->sym, true, false);
> -	enum match_result ret = match_chain_strings(left, right);
> +	char *left = NULL;
> +	char *right = NULL;
> +	enum match_result ret = MATCH_ERROR;
> +
> +	if (!node->map || !cnode->ms.map)
> +		return ret;

This makes it fall back to function/address matching below if one of
srcline is not available.  But it'll just show many "??:0" entries
IMHO.  Maybe we can use same logic in util/sort.c:cmp_null instead..

Thanks,
Namhyung


> +
> +	left = get_srcline(cnode->ms.map->dso,
> +			   map__rip_2objdump(cnode->ms.map, cnode->ip),
> +			   cnode->ms.sym, true, false);
> +
> +	right = get_srcline(node->map->dso,
> +			    map__rip_2objdump(node->map, node->ip),
> +			    node->sym, true, false);
> +
> +	ret = match_chain_strings(left, right);
>  
>  	free_srcline(left);
>  	free_srcline(right);
> -- 
> 2.12.2
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ