| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250428101234.GB551819@e132581.arm.com>
Date: Mon, 28 Apr 2025 11:12:34 +0100
From: Leo Yan <leo.yan@....com>
To: Tomas Glozar <tglozar@...hat.com>
Cc: Peter Zijlstra <peterz@...radead.org>, Ingo Molnar <mingo@...hat.com>,
Arnaldo Carvalho de Melo <acme@...nel.org>,
Namhyung Kim <namhyung@...nel.org>,
linux-perf-users@...r.kernel.org,
LKML <linux-kernel@...r.kernel.org>,
Wander Costa <wcosta@...hat.com>
Subject: Re: [BUG] perf segfaults when combining --overwrite and intel_pt
event
Hi Tomas,
On Mon, Apr 28, 2025 at 11:07:21AM +0200, Tomas Glozar wrote:
> Dear maintainers,
>
> I would like to report a bug in perf I ran into when trying to combine
> --overwrite and intel_pt on latest perf from 6.15-rc4:
> $ perf record --overwrite -a -e intel_pt/cyc,noretcomp/k
> perf: Segmentation fault
[...]
> GDB gives the following backtrace:
>
> (gdb) bt
> #0 0x000000000061bb16 in auxtrace_mmap__mmap (mm=0x7c9fa0,
> mp=0x7fffffff9008, userpg=0x7ffff7cff000, fd=7) at util/auxtrace.c:136
[...]
I can reproduce the issue with Arm CoreSight as well. The cause is
the user page is mapped as read-only (see the mmap_per_evsel() function
in tools/lib/perf/evlist.c), afterwards AUX trace needs to update info
into it.
I would like to suggest a fix blow. For overwrite mode, we need a
fixup to remap the user page with write permission.
Could you confirm if works at you side?
Thanks,
Leo
---8<---
>From f969b3a7c3b338f47f271a2ac012813aec76b5a3 Mon Sep 17 00:00:00 2001
From: Leo Yan <leo.yan@....com>
Date: Mon, 28 Apr 2025 10:59:28 +0100
Subject: [PATCH] libperf: Grant write permission for user page
When perf runs in overwrite mode, the ring buffer is mapped read-only.
On the other hand, the first page in the ring buffer is for user page,
which is used for exchanging parameters between the kernel and the
userspace. The read-only permission causes Segmentation fault with
command:
$ perf record --overwrite -a -e cs_etm//
perf: Segmentation fault
This patch grants write permission for the mapped user page so the
userspace tool can update info properly.
Signed-off-by: Leo Yan <leo.yan@....com>
---
tools/lib/perf/mmap.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/tools/lib/perf/mmap.c b/tools/lib/perf/mmap.c
index c1a51d925e0e..465e12ec5a60 100644
--- a/tools/lib/perf/mmap.c
+++ b/tools/lib/perf/mmap.c
@@ -4,6 +4,7 @@
#include <asm/bug.h>
#include <errno.h>
#include <string.h>
+#include <unistd.h>
#include <linux/ring_buffer.h>
#include <linux/perf_event.h>
#include <perf/mmap.h>
@@ -36,6 +37,8 @@ size_t perf_mmap__mmap_len(struct perf_mmap *map)
int perf_mmap__mmap(struct perf_mmap *map, struct perf_mmap_param *mp,
int fd, struct perf_cpu cpu)
{
+ const long page_sz = sysconf(_SC_PAGE_SIZE);
+
map->prev = 0;
map->mask = mp->mask;
map->base = mmap(NULL, perf_mmap__mmap_len(map), mp->prot,
@@ -45,6 +48,19 @@ int perf_mmap__mmap(struct perf_mmap *map, struct perf_mmap_param *mp,
return -1;
}
+ /*
+ * In overwrite mode, pages are mapped read-only. Fixup writable
+ * permission for the user page as the tool needs to update info
+ * into it.
+ */
+ if (mp->prot == PROT_READ) {
+ if (mprotect(map->base, page_sz, mp->prot | PROT_WRITE) < 0) {
+ munmap(map->base, perf_mmap__mmap_len(map));
+ map->base = NULL;
+ return -1;
+ }
+ }
+
map->fd = fd;
map->cpu = cpu;
return 0;
--
2.34.1
Powered by blists - more mailing lists