subject:"\[PATCH 2\/2\] perf tools\: Fix fault in error patch of intel_pt_process_auxtrace

Re: [PATCH 2/2] perf tools: Fix fault in error patch of intel_pt_process_auxtrace_info()

2016-02-02 Thread Adrian Hunter


On 2/02/2016 5:52 p.m., Arnaldo Carvalho de Melo wrote:

Em Tue, Feb 02, 2016 at 12:24:19PM +0200, Adrian Hunter escreveu:

This patch does not fix the problem because the thread__zput() will still
segfault later if the error path is not taken.

Sorry, I didn't look closely at this patch because I was not expecting it
to be taken because of the fix I had already sent:

http://marc.info/?l=linux-kernel=145431692623940

However if you want to keep the struct thread rbtree / list union, the
simple fix would be to reinstate the list initialization in this particular
case i.e.:


So, can I go with the following patch+description+authorship?


Fine by me.  Thank you!



 From 3a4acda1ecbd290973de08250d7dcdfaf5b2fe0f Mon Sep 17 00:00:00 2001
From: Adrian Hunter 
Date: Mon, 1 Feb 2016 03:21:04 +
Subject: [PATCH 1/1] perf tools: Fix thread lifetime related segfaut in intel_pt

intel_pt_process_auxtrace_info() creates a pt->unknown_thread thread
that eventually needs to be freed by the last thread__put() on it, when
its refcount hits zero, which may happen in
intel_pt_process_auxtrace_info() error handling path and triggers the
following segfault, which would happen as well at intel_pt_free, when
tools using this intel_pt codebase frees up resources:

   # perf record -I -e intel_pt/tsc=1,noretcomp=1/u /bin/ls
   0  a  anaconda-ks.cfg  bin   perf.data   perf.data.old  
perf-f23-bringup.todo
   [ perf record: Woken up 1 times to write data ]
   [ perf record: Captured and wrote 0.217 MB perf.data ]
   #
   # perf script -F event,comm,pid,tid,time,addr,ip,sym,dso,iregs
   Samples for 'instructions:u' event do not have IREGS attribute set. Cannot 
print 'iregs' field.
   intel_pt_synth_events: failed to synthesize 'instructions' event type
   Segmentation fault (core dumped)
   #

The problem is: there's a union in 'struct thread' combines a list_head
and a rb_node. The standard life cycle of a thread is: init rb_node in
the constructor, insert it into machine->threads rbtree using rb_node,
move it to machine->dead_threads using list_head, clean in the last
thread__put: list_del_init(>node).

In the above command, it clean a thread before adding it into list,
causes the above segfault.

Since pt->unknown_thread will never live in an rbtree, initialize its
list node so that when list_del_init() is done on it we don't segfault.

After this patch:

   # perf script -F event,comm,pid,tid,time,addr,ip,sym,dso,iregs
   Samples for 'instructions:u' event do not have IREGS attribute set. Cannot 
print 'iregs' field.
   intel_pt_synth_events: failed to synthesize 'instructions' event type
   0x248 [0x88]: failed to process type: 70
   #

Reported-by: Tong Zhang 
Reported-by: Wang Nan 
Signed-off-by: Adrian Hunter 
Tested-by: Arnaldo Carvalho de Melo 
Cc: Josh Poimboeuf 
Link: 
http://lkml.kernel.org/r/1454296865-19749-1-git-send-email-wangn...@huawei.com
Signed-off-by: Arnaldo Carvalho de Melo 
---
  tools/perf/util/intel-pt.c | 9 +
  1 file changed, 9 insertions(+)

diff --git a/tools/perf/util/intel-pt.c b/tools/perf/util/intel-pt.c
index 81a2eb77ba7f..05d815851be1 100644
--- a/tools/perf/util/intel-pt.c
+++ b/tools/perf/util/intel-pt.c
@@ -2068,6 +2068,15 @@ int intel_pt_process_auxtrace_info(union perf_event 
*event,
err = -ENOMEM;
goto err_free_queues;
}
+
+   /*
+* Since this thread will not be kept in any rbtree not in a
+* list, initialize its list node so that at thread__put() the
+* current thread lifetime assuption is kept and we don't segfault
+* at list_del_init().
+*/
+   INIT_LIST_HEAD(>unknown_thread->node);
+
err = thread__set_comm(pt->unknown_thread, "unknown", 0);
if (err)
goto err_delete_thread;

Re: [PATCH 2/2] perf tools: Fix fault in error patch of intel_pt_process_auxtrace_info()

2016-02-02 Thread Wangnan (F)




On 2016/2/2 23:52, Arnaldo Carvalho de Melo wrote:

Em Tue, Feb 02, 2016 at 12:24:19PM +0200, Adrian Hunter escreveu:

This patch does not fix the problem because the thread__zput() will still
segfault later if the error path is not taken.

Sorry, I didn't look closely at this patch because I was not expecting it
to be taken because of the fix I had already sent:

http://marc.info/?l=linux-kernel=145431692623940

However if you want to keep the struct thread rbtree / list union, the
simple fix would be to reinstate the list initialization in this particular
case i.e.:

So, can I go with the following patch+description+authorship?


I didn't really understand the lifecycle of unknown_thread, and though
it would go to an rbtree in normal path. I think the patch you posted
is good.

Thank you.


 From 3a4acda1ecbd290973de08250d7dcdfaf5b2fe0f Mon Sep 17 00:00:00 2001
From: Adrian Hunter 
Date: Mon, 1 Feb 2016 03:21:04 +
Subject: [PATCH 1/1] perf tools: Fix thread lifetime related segfaut in intel_pt

intel_pt_process_auxtrace_info() creates a pt->unknown_thread thread
that eventually needs to be freed by the last thread__put() on it, when
its refcount hits zero, which may happen in
intel_pt_process_auxtrace_info() error handling path and triggers the
following segfault, which would happen as well at intel_pt_free, when
tools using this intel_pt codebase frees up resources:

   # perf record -I -e intel_pt/tsc=1,noretcomp=1/u /bin/ls
   0  a  anaconda-ks.cfg  bin   perf.data   perf.data.old  
perf-f23-bringup.todo
   [ perf record: Woken up 1 times to write data ]
   [ perf record: Captured and wrote 0.217 MB perf.data ]
   #
   # perf script -F event,comm,pid,tid,time,addr,ip,sym,dso,iregs
   Samples for 'instructions:u' event do not have IREGS attribute set. Cannot 
print 'iregs' field.
   intel_pt_synth_events: failed to synthesize 'instructions' event type
   Segmentation fault (core dumped)
   #

The problem is: there's a union in 'struct thread' combines a list_head
and a rb_node. The standard life cycle of a thread is: init rb_node in
the constructor, insert it into machine->threads rbtree using rb_node,
move it to machine->dead_threads using list_head, clean in the last
thread__put: list_del_init(>node).

In the above command, it clean a thread before adding it into list,
causes the above segfault.

Since pt->unknown_thread will never live in an rbtree, initialize its
list node so that when list_del_init() is done on it we don't segfault.

After this patch:

   # perf script -F event,comm,pid,tid,time,addr,ip,sym,dso,iregs
   Samples for 'instructions:u' event do not have IREGS attribute set. Cannot 
print 'iregs' field.
   intel_pt_synth_events: failed to synthesize 'instructions' event type
   0x248 [0x88]: failed to process type: 70
   #

Reported-by: Tong Zhang 
Reported-by: Wang Nan 
Signed-off-by: Adrian Hunter 
Tested-by: Arnaldo Carvalho de Melo 
Cc: Josh Poimboeuf 
Link: 
http://lkml.kernel.org/r/1454296865-19749-1-git-send-email-wangn...@huawei.com
Signed-off-by: Arnaldo Carvalho de Melo 
---
  tools/perf/util/intel-pt.c | 9 +
  1 file changed, 9 insertions(+)

diff --git a/tools/perf/util/intel-pt.c b/tools/perf/util/intel-pt.c
index 81a2eb77ba7f..05d815851be1 100644
--- a/tools/perf/util/intel-pt.c
+++ b/tools/perf/util/intel-pt.c
@@ -2068,6 +2068,15 @@ int intel_pt_process_auxtrace_info(union perf_event 
*event,
err = -ENOMEM;
goto err_free_queues;
}
+
+   /*
+* Since this thread will not be kept in any rbtree not in a
+* list, initialize its list node so that at thread__put() the
+* current thread lifetime assuption is kept and we don't segfault
+* at list_del_init().
+*/
+   INIT_LIST_HEAD(>unknown_thread->node);
+
err = thread__set_comm(pt->unknown_thread, "unknown", 0);
if (err)
goto err_delete_thread;

Re: [PATCH 2/2] perf tools: Fix fault in error patch of intel_pt_process_auxtrace_info()

2016-02-02 Thread Arnaldo Carvalho de Melo

Em Tue, Feb 02, 2016 at 12:52:25PM -0300, Arnaldo Carvalho de Melo escreveu:
> Em Tue, Feb 02, 2016 at 12:24:19PM +0200, Adrian Hunter escreveu:
> > This patch does not fix the problem because the thread__zput() will still
> > segfault later if the error path is not taken.
> > 
> > Sorry, I didn't look closely at this patch because I was not expecting it
> > to be taken because of the fix I had already sent:
> > 
> > http://marc.info/?l=linux-kernel=145431692623940
> > 
> > However if you want to keep the struct thread rbtree / list union, the
> > simple fix would be to reinstate the list initialization in this particular
> > case i.e.:
> 
> So, can I go with the following patch+description+authorship?

BTW, I just noticed it while testing some unrelated patch (Jiri's hpp
hists stuff) that with a perf.data file with intel pt data, I get this
at the end of a TUI session, i.e. the segfault at tool exit:


Available samples
0 intel_pt/tsc=1,noretcomp=1/u  

◆
29 sched:sched_switch   

▒
0 dummy:u   

▒
6 instructions:u

▒
0 transactions  

▒


Program received signal SIGSEGV, Segmentation fault.

 ▒
   0x004ec5c5 in 
__write_once_size (size=8, res=0x7fffc2e0, p=0x0) at 
/home/acme/git/linux/tools/include/linux/compiler.h:82  

   ▒
82  case 8: *(volatile __u64_alias_t *) p = *(__u64_alias_t *) res; 
break;  
▒
Missing separate debuginfos, use: dnf debuginfo-install 
audit-libs-2.4.5-1.fc23.x86_64 bzip2-libs-1.0.6-19.fc23.x86_64 
elfutils-libelf-0.165-2.fc23.x86_64 elfutils-libs-0.165-2.fc23.x86_64 
libunwind-1.1-10.fc23.x86_64 nss-softokn-freebl-3.21.0-1.1.fc23.x86_64 
numactl-libs-2.0.10-3.fc23.x86_64 perl-libs-5.22.1-350.fc23.x86_64 
python-libs-2.7.10-8.fc23.x86_64 slang-2.3.0-4.fc23.x86_64 
xz-libs-5.2.1-3.fc23.x86_64 zlib-1.2.8-9.fc23.x86_64
▒
(gdb) bt

▒
#0  0x004ec5c5 in __write_once_size (size=8, res=0x7fffc2e0, p=0x0) 
at /home/acme/git/linux/tools/include/linux/compiler.h:82   
▒
#1  __list_del (prev=0x0, next=0x1a2e970) at 
/home/acme/git/linux/tools/include/linux/list.h:89  
   ▒
#2  0x004ec631 in __list_del_entry (entry=0x1a2e970) at 
/home/acme/git/linux/tools/include/linux/list.h:101 
▒
#3  0x004ec6d2 in list_del_init (entry=0x1a2e970) at 
/home/acme/git/linux/tools/include/linux/list.h:144 
   ▒
#4  0x004ecd2a in thread__put (thread=0x1a2e970) at util/thread.c:104   

▒
#5  0x0052de51 in intel_pt_free (session=0x19a3b90) at 
util/intel-pt.c:1747
 ▒
#6  0x004e4e3d in auxtrace__free (session=0x19a3b90) at 
util/auxtrace.h:513 
▒
#7  0x004e5603 in perf_session__delete (session=0x19a3b90) at 
util/session.c:181  
  ▒
#8  0x004363f3 in cmd_report (argc=0, argv=0x7fffdeb0, prefix=0x0) 
at builtin-report.c:984 
 ▒
#9

Re: [PATCH 2/2] perf tools: Fix fault in error patch of intel_pt_process_auxtrace_info()

2016-02-02 Thread Arnaldo Carvalho de Melo

Em Tue, Feb 02, 2016 at 12:24:19PM +0200, Adrian Hunter escreveu:
> This patch does not fix the problem because the thread__zput() will still
> segfault later if the error path is not taken.
> 
> Sorry, I didn't look closely at this patch because I was not expecting it
> to be taken because of the fix I had already sent:
> 
>   http://marc.info/?l=linux-kernel=145431692623940
> 
> However if you want to keep the struct thread rbtree / list union, the
> simple fix would be to reinstate the list initialization in this particular
> case i.e.:

So, can I go with the following patch+description+authorship?

>From 3a4acda1ecbd290973de08250d7dcdfaf5b2fe0f Mon Sep 17 00:00:00 2001
From: Adrian Hunter 
Date: Mon, 1 Feb 2016 03:21:04 +
Subject: [PATCH 1/1] perf tools: Fix thread lifetime related segfaut in intel_pt

intel_pt_process_auxtrace_info() creates a pt->unknown_thread thread
that eventually needs to be freed by the last thread__put() on it, when
its refcount hits zero, which may happen in
intel_pt_process_auxtrace_info() error handling path and triggers the
following segfault, which would happen as well at intel_pt_free, when
tools using this intel_pt codebase frees up resources:

  # perf record -I -e intel_pt/tsc=1,noretcomp=1/u /bin/ls
  0  a  anaconda-ks.cfg  bin   perf.dataperf.data.old  
perf-f23-bringup.todo
  [ perf record: Woken up 1 times to write data ]
  [ perf record: Captured and wrote 0.217 MB perf.data ]
  #
  # perf script -F event,comm,pid,tid,time,addr,ip,sym,dso,iregs
  Samples for 'instructions:u' event do not have IREGS attribute set. Cannot 
print 'iregs' field.
  intel_pt_synth_events: failed to synthesize 'instructions' event type
  Segmentation fault (core dumped)
  #

The problem is: there's a union in 'struct thread' combines a list_head
and a rb_node. The standard life cycle of a thread is: init rb_node in
the constructor, insert it into machine->threads rbtree using rb_node,
move it to machine->dead_threads using list_head, clean in the last
thread__put: list_del_init(>node).

In the above command, it clean a thread before adding it into list,
causes the above segfault.

Since pt->unknown_thread will never live in an rbtree, initialize its
list node so that when list_del_init() is done on it we don't segfault.

After this patch:

  # perf script -F event,comm,pid,tid,time,addr,ip,sym,dso,iregs
  Samples for 'instructions:u' event do not have IREGS attribute set. Cannot 
print 'iregs' field.
  intel_pt_synth_events: failed to synthesize 'instructions' event type
  0x248 [0x88]: failed to process type: 70
  #

Reported-by: Tong Zhang 
Reported-by: Wang Nan 
Signed-off-by: Adrian Hunter 
Tested-by: Arnaldo Carvalho de Melo 
Cc: Josh Poimboeuf 
Link: 
http://lkml.kernel.org/r/1454296865-19749-1-git-send-email-wangn...@huawei.com
Signed-off-by: Arnaldo Carvalho de Melo 
---
 tools/perf/util/intel-pt.c | 9 +
 1 file changed, 9 insertions(+)

diff --git a/tools/perf/util/intel-pt.c b/tools/perf/util/intel-pt.c
index 81a2eb77ba7f..05d815851be1 100644
--- a/tools/perf/util/intel-pt.c
+++ b/tools/perf/util/intel-pt.c
@@ -2068,6 +2068,15 @@ int intel_pt_process_auxtrace_info(union perf_event 
*event,
err = -ENOMEM;
goto err_free_queues;
}
+
+   /*
+* Since this thread will not be kept in any rbtree not in a
+* list, initialize its list node so that at thread__put() the
+* current thread lifetime assuption is kept and we don't segfault
+* at list_del_init().
+*/
+   INIT_LIST_HEAD(>unknown_thread->node);
+
err = thread__set_comm(pt->unknown_thread, "unknown", 0);
if (err)
goto err_delete_thread;
-- 
2.5.0

Re: [PATCH 2/2] perf tools: Fix fault in error patch of intel_pt_process_auxtrace_info()

2016-02-02 Thread Arnaldo Carvalho de Melo

Em Tue, Feb 02, 2016 at 12:24:19PM +0200, Adrian Hunter escreveu:
> This patch does not fix the problem because the thread__zput() will still
> segfault later if the error path is not taken.
> 
> Sorry, I didn't look closely at this patch because I was not expecting it
> to be taken because of the fix I had already sent:
> 
>   http://marc.info/?l=linux-kernel=145431692623940
> 
> However if you want to keep the struct thread rbtree / list union, the
> simple fix would be to reinstate the list initialization in this particular
> case i.e.:

Right, so it keeps the existing thread lifetime assumptions both in the
error path, as Wang did, and in the normal pt->unknown_thread end of
life at intel_pt_free(), I'm replacing the patch...

- Arnaldo
 
> 
> diff --git a/tools/perf/util/intel-pt.c b/tools/perf/util/intel-pt.c
> index 81a2eb7..18245b8 100644
> --- a/tools/perf/util/intel-pt.c
> +++ b/tools/perf/util/intel-pt.c
> @@ -2068,6 +2068,7 @@ int intel_pt_process_auxtrace_info(union perf_event
> err = -ENOMEM;
> goto err_free_queues;
> }
> +   INIT_LIST_HEAD(>unknown_thread->node);
> err = thread__set_comm(pt->unknown_thread, "unknown", 0);
> if (err)
> goto err_delete_thread;
> 
> 
> 
> On 01/02/16 19:13, Arnaldo Carvalho de Melo wrote:
> > From: Wang Nan 
> > 
> > In error processing path of intel_pt_process_auxtrace_info() it calls
> > thread__zput() to clean and free pt->unknown_thread which is created by
> > thread__new(). However, when error raise, a segfault happen:
> > 
> >   # perf record -I -e intel_pt/tsc=1,noretcomp=1/u /bin/ls
> >   0  a  anaconda-ks.cfg  bin   perf.dataperf.data.old  
> > perf-f23-bringup.todo
> >   [ perf record: Woken up 1 times to write data ]
> >   [ perf record: Captured and wrote 0.217 MB perf.data ]
> >   #
> >   # perf script -F event,comm,pid,tid,time,addr,ip,sym,dso,iregs
> >   Samples for 'instructions:u' event do not have IREGS attribute set. 
> > Cannot print 'iregs' field.
> >   intel_pt_synth_events: failed to synthesize 'instructions' event type
> >   Segmentation fault (core dumped)
> >   #
> > 
> > The problem is: there's a union in 'struct thread' combines a list_head
> > and a rb_node. The standard life cycle of a thread is: init rb_node during
> > creating, inserted into machine->threads rbtree uses rb_node, move to
> > machine->dead_threads using list_head, clean by thread__put:
> > list_del_init(>node).
> > 
> > In the above command, it clean a thread before adding it into list,
> > causes the above segfault.
> > 
> > This patch gives a fake list_head and link the thread into it before
> > calling thread__zput(), get rid of the segfault.
> > 
> > After this patch:
> > 
> >   # perf script -F event,comm,pid,tid,time,addr,ip,sym,dso,iregs
> >   Samples for 'instructions:u' event do not have IREGS attribute set. 
> > Cannot print 'iregs' field.
> >   intel_pt_synth_events: failed to synthesize 'instructions' event type
> >   0x248 [0x88]: failed to process type: 70
> >   #
> > 
> > Reported-by: Tong Zhang 
> > Signed-off-by: Wang Nan 
> > Tested-by: Arnaldo Carvalho de Melo 
> > Cc: Adrian Hunter 
> > Cc: Josh Poimboeuf 
> > Link: 
> > http://lkml.kernel.org/r/1454296865-19749-1-git-send-email-wangn...@huawei.com
> > Signed-off-by: Arnaldo Carvalho de Melo 
> > ---
> >  tools/perf/util/intel-pt.c | 4 
> >  1 file changed, 4 insertions(+)
> > 
> > diff --git a/tools/perf/util/intel-pt.c b/tools/perf/util/intel-pt.c
> > index 81a2eb77ba7f..e2add6376fec 100644
> > --- a/tools/perf/util/intel-pt.c
> > +++ b/tools/perf/util/intel-pt.c
> > @@ -2013,6 +2013,7 @@ int intel_pt_process_auxtrace_info(union perf_event 
> > *event,
> > struct auxtrace_info_event *auxtrace_info = >auxtrace_info;
> > size_t min_sz = sizeof(u64) * INTEL_PT_PER_CPU_MMAPS;
> > struct intel_pt *pt;
> > +   struct list_head dead_thread;
> > int err;
> >  
> > if (auxtrace_info->header.size < sizeof(struct auxtrace_info_event) +
> > @@ -2153,6 +2154,9 @@ int intel_pt_process_auxtrace_info(union perf_event 
> > *event,
> > return 0;
> >  
> >  err_delete_thread:
> > +   RB_CLEAR_NODE(>unknown_thread->rb_node);
> > +   INIT_LIST_HEAD(_thread);
> > +   list_add(>unknown_thread->node, _thread);
> > thread__zput(pt->unknown_thread);
> >  err_free_queues:
> > intel_pt_log_disable();
> >

Re: [PATCH 2/2] perf tools: Fix fault in error patch of intel_pt_process_auxtrace_info()

2016-02-02 Thread Adrian Hunter

This patch does not fix the problem because the thread__zput() will still
segfault later if the error path is not taken.

Sorry, I didn't look closely at this patch because I was not expecting it
to be taken because of the fix I had already sent:

http://marc.info/?l=linux-kernel=145431692623940

However if you want to keep the struct thread rbtree / list union, the
simple fix would be to reinstate the list initialization in this particular
case i.e.:


diff --git a/tools/perf/util/intel-pt.c b/tools/perf/util/intel-pt.c
index 81a2eb7..18245b8 100644
--- a/tools/perf/util/intel-pt.c
+++ b/tools/perf/util/intel-pt.c
@@ -2068,6 +2068,7 @@ int intel_pt_process_auxtrace_info(union perf_event
err = -ENOMEM;
goto err_free_queues;
}
+   INIT_LIST_HEAD(>unknown_thread->node);
err = thread__set_comm(pt->unknown_thread, "unknown", 0);
if (err)
goto err_delete_thread;



On 01/02/16 19:13, Arnaldo Carvalho de Melo wrote:
> From: Wang Nan 
> 
> In error processing path of intel_pt_process_auxtrace_info() it calls
> thread__zput() to clean and free pt->unknown_thread which is created by
> thread__new(). However, when error raise, a segfault happen:
> 
>   # perf record -I -e intel_pt/tsc=1,noretcomp=1/u /bin/ls
>   0  a  anaconda-ks.cfg  bin   perf.data  perf.data.old  
> perf-f23-bringup.todo
>   [ perf record: Woken up 1 times to write data ]
>   [ perf record: Captured and wrote 0.217 MB perf.data ]
>   #
>   # perf script -F event,comm,pid,tid,time,addr,ip,sym,dso,iregs
>   Samples for 'instructions:u' event do not have IREGS attribute set. Cannot 
> print 'iregs' field.
>   intel_pt_synth_events: failed to synthesize 'instructions' event type
>   Segmentation fault (core dumped)
>   #
> 
> The problem is: there's a union in 'struct thread' combines a list_head
> and a rb_node. The standard life cycle of a thread is: init rb_node during
> creating, inserted into machine->threads rbtree uses rb_node, move to
> machine->dead_threads using list_head, clean by thread__put:
> list_del_init(>node).
> 
> In the above command, it clean a thread before adding it into list,
> causes the above segfault.
> 
> This patch gives a fake list_head and link the thread into it before
> calling thread__zput(), get rid of the segfault.
> 
> After this patch:
> 
>   # perf script -F event,comm,pid,tid,time,addr,ip,sym,dso,iregs
>   Samples for 'instructions:u' event do not have IREGS attribute set. Cannot 
> print 'iregs' field.
>   intel_pt_synth_events: failed to synthesize 'instructions' event type
>   0x248 [0x88]: failed to process type: 70
>   #
> 
> Reported-by: Tong Zhang 
> Signed-off-by: Wang Nan 
> Tested-by: Arnaldo Carvalho de Melo 
> Cc: Adrian Hunter 
> Cc: Josh Poimboeuf 
> Link: 
> http://lkml.kernel.org/r/1454296865-19749-1-git-send-email-wangn...@huawei.com
> Signed-off-by: Arnaldo Carvalho de Melo 
> ---
>  tools/perf/util/intel-pt.c | 4 
>  1 file changed, 4 insertions(+)
> 
> diff --git a/tools/perf/util/intel-pt.c b/tools/perf/util/intel-pt.c
> index 81a2eb77ba7f..e2add6376fec 100644
> --- a/tools/perf/util/intel-pt.c
> +++ b/tools/perf/util/intel-pt.c
> @@ -2013,6 +2013,7 @@ int intel_pt_process_auxtrace_info(union perf_event 
> *event,
>   struct auxtrace_info_event *auxtrace_info = >auxtrace_info;
>   size_t min_sz = sizeof(u64) * INTEL_PT_PER_CPU_MMAPS;
>   struct intel_pt *pt;
> + struct list_head dead_thread;
>   int err;
>  
>   if (auxtrace_info->header.size < sizeof(struct auxtrace_info_event) +
> @@ -2153,6 +2154,9 @@ int intel_pt_process_auxtrace_info(union perf_event 
> *event,
>   return 0;
>  
>  err_delete_thread:
> + RB_CLEAR_NODE(>unknown_thread->rb_node);
> + INIT_LIST_HEAD(_thread);
> + list_add(>unknown_thread->node, _thread);
>   thread__zput(pt->unknown_thread);
>  err_free_queues:
>   intel_pt_log_disable();
>

Re: [PATCH 2/2] perf tools: Fix fault in error patch of intel_pt_process_auxtrace_info()

2016-02-02 Thread Arnaldo Carvalho de Melo

Em Tue, Feb 02, 2016 at 12:52:25PM -0300, Arnaldo Carvalho de Melo escreveu:
> Em Tue, Feb 02, 2016 at 12:24:19PM +0200, Adrian Hunter escreveu:
> > This patch does not fix the problem because the thread__zput() will still
> > segfault later if the error path is not taken.
> > 
> > Sorry, I didn't look closely at this patch because I was not expecting it
> > to be taken because of the fix I had already sent:
> > 
> > http://marc.info/?l=linux-kernel=145431692623940
> > 
> > However if you want to keep the struct thread rbtree / list union, the
> > simple fix would be to reinstate the list initialization in this particular
> > case i.e.:
> 
> So, can I go with the following patch+description+authorship?

BTW, I just noticed it while testing some unrelated patch (Jiri's hpp
hists stuff) that with a perf.data file with intel pt data, I get this
at the end of a TUI session, i.e. the segfault at tool exit:


Available samples
0 intel_pt/tsc=1,noretcomp=1/u  

◆
29 sched:sched_switch   

▒
0 dummy:u   

▒
6 instructions:u

▒
0 transactions  

▒


Program received signal SIGSEGV, Segmentation fault.

 ▒
   0x004ec5c5 in 
__write_once_size (size=8, res=0x7fffc2e0, p=0x0) at 
/home/acme/git/linux/tools/include/linux/compiler.h:82  

   ▒
82  case 8: *(volatile __u64_alias_t *) p = *(__u64_alias_t *) res; 
break;  
▒
Missing separate debuginfos, use: dnf debuginfo-install 
audit-libs-2.4.5-1.fc23.x86_64 bzip2-libs-1.0.6-19.fc23.x86_64 
elfutils-libelf-0.165-2.fc23.x86_64 elfutils-libs-0.165-2.fc23.x86_64 
libunwind-1.1-10.fc23.x86_64 nss-softokn-freebl-3.21.0-1.1.fc23.x86_64 
numactl-libs-2.0.10-3.fc23.x86_64 perl-libs-5.22.1-350.fc23.x86_64 
python-libs-2.7.10-8.fc23.x86_64 slang-2.3.0-4.fc23.x86_64 
xz-libs-5.2.1-3.fc23.x86_64 zlib-1.2.8-9.fc23.x86_64
▒
(gdb) bt

▒
#0  0x004ec5c5 in __write_once_size (size=8, res=0x7fffc2e0, p=0x0) 
at /home/acme/git/linux/tools/include/linux/compiler.h:82   
▒
#1  __list_del (prev=0x0, next=0x1a2e970) at 
/home/acme/git/linux/tools/include/linux/list.h:89  
   ▒
#2  0x004ec631 in __list_del_entry (entry=0x1a2e970) at 
/home/acme/git/linux/tools/include/linux/list.h:101 
▒
#3  0x004ec6d2 in list_del_init (entry=0x1a2e970) at 
/home/acme/git/linux/tools/include/linux/list.h:144 
   ▒
#4  0x004ecd2a in thread__put (thread=0x1a2e970) at util/thread.c:104   

▒
#5  0x0052de51 in intel_pt_free (session=0x19a3b90) at 
util/intel-pt.c:1747
 ▒
#6  0x004e4e3d in auxtrace__free (session=0x19a3b90) at 
util/auxtrace.h:513 
▒
#7  0x004e5603 in perf_session__delete (session=0x19a3b90) at 
util/session.c:181  
  ▒
#8  0x004363f3 in cmd_report (argc=0, argv=0x7fffdeb0, prefix=0x0) 
at builtin-report.c:984 
 ▒
#9

Re: [PATCH 2/2] perf tools: Fix fault in error patch of intel_pt_process_auxtrace_info()

2016-02-02 Thread Adrian Hunter

This patch does not fix the problem because the thread__zput() will still
segfault later if the error path is not taken.

Sorry, I didn't look closely at this patch because I was not expecting it
to be taken because of the fix I had already sent:

http://marc.info/?l=linux-kernel=145431692623940

However if you want to keep the struct thread rbtree / list union, the
simple fix would be to reinstate the list initialization in this particular
case i.e.:


diff --git a/tools/perf/util/intel-pt.c b/tools/perf/util/intel-pt.c
index 81a2eb7..18245b8 100644
--- a/tools/perf/util/intel-pt.c
+++ b/tools/perf/util/intel-pt.c
@@ -2068,6 +2068,7 @@ int intel_pt_process_auxtrace_info(union perf_event
err = -ENOMEM;
goto err_free_queues;
}
+   INIT_LIST_HEAD(>unknown_thread->node);
err = thread__set_comm(pt->unknown_thread, "unknown", 0);
if (err)
goto err_delete_thread;



On 01/02/16 19:13, Arnaldo Carvalho de Melo wrote:
> From: Wang Nan 
> 
> In error processing path of intel_pt_process_auxtrace_info() it calls
> thread__zput() to clean and free pt->unknown_thread which is created by
> thread__new(). However, when error raise, a segfault happen:
> 
>   # perf record -I -e intel_pt/tsc=1,noretcomp=1/u /bin/ls
>   0  a  anaconda-ks.cfg  bin   perf.data  perf.data.old  
> perf-f23-bringup.todo
>   [ perf record: Woken up 1 times to write data ]
>   [ perf record: Captured and wrote 0.217 MB perf.data ]
>   #
>   # perf script -F event,comm,pid,tid,time,addr,ip,sym,dso,iregs
>   Samples for 'instructions:u' event do not have IREGS attribute set. Cannot 
> print 'iregs' field.
>   intel_pt_synth_events: failed to synthesize 'instructions' event type
>   Segmentation fault (core dumped)
>   #
> 
> The problem is: there's a union in 'struct thread' combines a list_head
> and a rb_node. The standard life cycle of a thread is: init rb_node during
> creating, inserted into machine->threads rbtree uses rb_node, move to
> machine->dead_threads using list_head, clean by thread__put:
> list_del_init(>node).
> 
> In the above command, it clean a thread before adding it into list,
> causes the above segfault.
> 
> This patch gives a fake list_head and link the thread into it before
> calling thread__zput(), get rid of the segfault.
> 
> After this patch:
> 
>   # perf script -F event,comm,pid,tid,time,addr,ip,sym,dso,iregs
>   Samples for 'instructions:u' event do not have IREGS attribute set. Cannot 
> print 'iregs' field.
>   intel_pt_synth_events: failed to synthesize 'instructions' event type
>   0x248 [0x88]: failed to process type: 70
>   #
> 
> Reported-by: Tong Zhang 
> Signed-off-by: Wang Nan 
> Tested-by: Arnaldo Carvalho de Melo 
> Cc: Adrian Hunter 
> Cc: Josh Poimboeuf 
> Link: 
> http://lkml.kernel.org/r/1454296865-19749-1-git-send-email-wangn...@huawei.com
> Signed-off-by: Arnaldo Carvalho de Melo 
> ---
>  tools/perf/util/intel-pt.c | 4 
>  1 file changed, 4 insertions(+)
> 
> diff --git a/tools/perf/util/intel-pt.c b/tools/perf/util/intel-pt.c
> index 81a2eb77ba7f..e2add6376fec 100644
> --- a/tools/perf/util/intel-pt.c
> +++ b/tools/perf/util/intel-pt.c
> @@ -2013,6 +2013,7 @@ int intel_pt_process_auxtrace_info(union perf_event 
> *event,
>   struct auxtrace_info_event *auxtrace_info = >auxtrace_info;
>   size_t min_sz = sizeof(u64) * INTEL_PT_PER_CPU_MMAPS;
>   struct intel_pt *pt;
> + struct list_head dead_thread;
>   int err;
>  
>   if (auxtrace_info->header.size < sizeof(struct auxtrace_info_event) +
> @@ -2153,6 +2154,9 @@ int intel_pt_process_auxtrace_info(union perf_event 
> *event,
>   return 0;
>  
>  err_delete_thread:
> + RB_CLEAR_NODE(>unknown_thread->rb_node);
> + INIT_LIST_HEAD(_thread);
> + list_add(>unknown_thread->node, _thread);
>   thread__zput(pt->unknown_thread);
>  err_free_queues:
>   intel_pt_log_disable();
>

Re: [PATCH 2/2] perf tools: Fix fault in error patch of intel_pt_process_auxtrace_info()

2016-02-02 Thread Arnaldo Carvalho de Melo

Em Tue, Feb 02, 2016 at 12:24:19PM +0200, Adrian Hunter escreveu:
> This patch does not fix the problem because the thread__zput() will still
> segfault later if the error path is not taken.
> 
> Sorry, I didn't look closely at this patch because I was not expecting it
> to be taken because of the fix I had already sent:
> 
>   http://marc.info/?l=linux-kernel=145431692623940
> 
> However if you want to keep the struct thread rbtree / list union, the
> simple fix would be to reinstate the list initialization in this particular
> case i.e.:

So, can I go with the following patch+description+authorship?

>From 3a4acda1ecbd290973de08250d7dcdfaf5b2fe0f Mon Sep 17 00:00:00 2001
From: Adrian Hunter 
Date: Mon, 1 Feb 2016 03:21:04 +
Subject: [PATCH 1/1] perf tools: Fix thread lifetime related segfaut in intel_pt

intel_pt_process_auxtrace_info() creates a pt->unknown_thread thread
that eventually needs to be freed by the last thread__put() on it, when
its refcount hits zero, which may happen in
intel_pt_process_auxtrace_info() error handling path and triggers the
following segfault, which would happen as well at intel_pt_free, when
tools using this intel_pt codebase frees up resources:

  # perf record -I -e intel_pt/tsc=1,noretcomp=1/u /bin/ls
  0  a  anaconda-ks.cfg  bin   perf.dataperf.data.old  
perf-f23-bringup.todo
  [ perf record: Woken up 1 times to write data ]
  [ perf record: Captured and wrote 0.217 MB perf.data ]
  #
  # perf script -F event,comm,pid,tid,time,addr,ip,sym,dso,iregs
  Samples for 'instructions:u' event do not have IREGS attribute set. Cannot 
print 'iregs' field.
  intel_pt_synth_events: failed to synthesize 'instructions' event type
  Segmentation fault (core dumped)
  #

The problem is: there's a union in 'struct thread' combines a list_head
and a rb_node. The standard life cycle of a thread is: init rb_node in
the constructor, insert it into machine->threads rbtree using rb_node,
move it to machine->dead_threads using list_head, clean in the last
thread__put: list_del_init(>node).

In the above command, it clean a thread before adding it into list,
causes the above segfault.

Since pt->unknown_thread will never live in an rbtree, initialize its
list node so that when list_del_init() is done on it we don't segfault.

After this patch:

  # perf script -F event,comm,pid,tid,time,addr,ip,sym,dso,iregs
  Samples for 'instructions:u' event do not have IREGS attribute set. Cannot 
print 'iregs' field.
  intel_pt_synth_events: failed to synthesize 'instructions' event type
  0x248 [0x88]: failed to process type: 70
  #

Reported-by: Tong Zhang 
Reported-by: Wang Nan 
Signed-off-by: Adrian Hunter 
Tested-by: Arnaldo Carvalho de Melo 
Cc: Josh Poimboeuf 
Link: 
http://lkml.kernel.org/r/1454296865-19749-1-git-send-email-wangn...@huawei.com
Signed-off-by: Arnaldo Carvalho de Melo 
---
 tools/perf/util/intel-pt.c | 9 +
 1 file changed, 9 insertions(+)

diff --git a/tools/perf/util/intel-pt.c b/tools/perf/util/intel-pt.c
index 81a2eb77ba7f..05d815851be1 100644
--- a/tools/perf/util/intel-pt.c
+++ b/tools/perf/util/intel-pt.c
@@ -2068,6 +2068,15 @@ int intel_pt_process_auxtrace_info(union perf_event 
*event,
err = -ENOMEM;
goto err_free_queues;
}
+
+   /*
+* Since this thread will not be kept in any rbtree not in a
+* list, initialize its list node so that at thread__put() the
+* current thread lifetime assuption is kept and we don't segfault
+* at list_del_init().
+*/
+   INIT_LIST_HEAD(>unknown_thread->node);
+
err = thread__set_comm(pt->unknown_thread, "unknown", 0);
if (err)
goto err_delete_thread;
-- 
2.5.0

Re: [PATCH 2/2] perf tools: Fix fault in error patch of intel_pt_process_auxtrace_info()

2016-02-02 Thread Adrian Hunter


On 2/02/2016 5:52 p.m., Arnaldo Carvalho de Melo wrote:

Em Tue, Feb 02, 2016 at 12:24:19PM +0200, Adrian Hunter escreveu:

This patch does not fix the problem because the thread__zput() will still
segfault later if the error path is not taken.

Sorry, I didn't look closely at this patch because I was not expecting it
to be taken because of the fix I had already sent:

http://marc.info/?l=linux-kernel=145431692623940

However if you want to keep the struct thread rbtree / list union, the
simple fix would be to reinstate the list initialization in this particular
case i.e.:


So, can I go with the following patch+description+authorship?


Fine by me.  Thank you!



 From 3a4acda1ecbd290973de08250d7dcdfaf5b2fe0f Mon Sep 17 00:00:00 2001
From: Adrian Hunter 
Date: Mon, 1 Feb 2016 03:21:04 +
Subject: [PATCH 1/1] perf tools: Fix thread lifetime related segfaut in intel_pt

intel_pt_process_auxtrace_info() creates a pt->unknown_thread thread
that eventually needs to be freed by the last thread__put() on it, when
its refcount hits zero, which may happen in
intel_pt_process_auxtrace_info() error handling path and triggers the
following segfault, which would happen as well at intel_pt_free, when
tools using this intel_pt codebase frees up resources:

   # perf record -I -e intel_pt/tsc=1,noretcomp=1/u /bin/ls
   0  a  anaconda-ks.cfg  bin   perf.data   perf.data.old  
perf-f23-bringup.todo
   [ perf record: Woken up 1 times to write data ]
   [ perf record: Captured and wrote 0.217 MB perf.data ]
   #
   # perf script -F event,comm,pid,tid,time,addr,ip,sym,dso,iregs
   Samples for 'instructions:u' event do not have IREGS attribute set. Cannot 
print 'iregs' field.
   intel_pt_synth_events: failed to synthesize 'instructions' event type
   Segmentation fault (core dumped)
   #

The problem is: there's a union in 'struct thread' combines a list_head
and a rb_node. The standard life cycle of a thread is: init rb_node in
the constructor, insert it into machine->threads rbtree using rb_node,
move it to machine->dead_threads using list_head, clean in the last
thread__put: list_del_init(>node).

In the above command, it clean a thread before adding it into list,
causes the above segfault.

Since pt->unknown_thread will never live in an rbtree, initialize its
list node so that when list_del_init() is done on it we don't segfault.

After this patch:

   # perf script -F event,comm,pid,tid,time,addr,ip,sym,dso,iregs
   Samples for 'instructions:u' event do not have IREGS attribute set. Cannot 
print 'iregs' field.
   intel_pt_synth_events: failed to synthesize 'instructions' event type
   0x248 [0x88]: failed to process type: 70
   #

Reported-by: Tong Zhang 
Reported-by: Wang Nan 
Signed-off-by: Adrian Hunter 
Tested-by: Arnaldo Carvalho de Melo 
Cc: Josh Poimboeuf 
Link: 
http://lkml.kernel.org/r/1454296865-19749-1-git-send-email-wangn...@huawei.com
Signed-off-by: Arnaldo Carvalho de Melo 
---
  tools/perf/util/intel-pt.c | 9 +
  1 file changed, 9 insertions(+)

diff --git a/tools/perf/util/intel-pt.c b/tools/perf/util/intel-pt.c
index 81a2eb77ba7f..05d815851be1 100644
--- a/tools/perf/util/intel-pt.c
+++ b/tools/perf/util/intel-pt.c
@@ -2068,6 +2068,15 @@ int intel_pt_process_auxtrace_info(union perf_event 
*event,
err = -ENOMEM;
goto err_free_queues;
}
+
+   /*
+* Since this thread will not be kept in any rbtree not in a
+* list, initialize its list node so that at thread__put() the
+* current thread lifetime assuption is kept and we don't segfault
+* at list_del_init().
+*/
+   INIT_LIST_HEAD(>unknown_thread->node);
+
err = thread__set_comm(pt->unknown_thread, "unknown", 0);
if (err)
goto err_delete_thread;

Re: [PATCH 2/2] perf tools: Fix fault in error patch of intel_pt_process_auxtrace_info()

2016-02-02 Thread Wangnan (F)




On 2016/2/2 23:52, Arnaldo Carvalho de Melo wrote:

Em Tue, Feb 02, 2016 at 12:24:19PM +0200, Adrian Hunter escreveu:

This patch does not fix the problem because the thread__zput() will still
segfault later if the error path is not taken.

Sorry, I didn't look closely at this patch because I was not expecting it
to be taken because of the fix I had already sent:

http://marc.info/?l=linux-kernel=145431692623940

However if you want to keep the struct thread rbtree / list union, the
simple fix would be to reinstate the list initialization in this particular
case i.e.:

So, can I go with the following patch+description+authorship?


I didn't really understand the lifecycle of unknown_thread, and though
it would go to an rbtree in normal path. I think the patch you posted
is good.

Thank you.


 From 3a4acda1ecbd290973de08250d7dcdfaf5b2fe0f Mon Sep 17 00:00:00 2001
From: Adrian Hunter 
Date: Mon, 1 Feb 2016 03:21:04 +
Subject: [PATCH 1/1] perf tools: Fix thread lifetime related segfaut in intel_pt

intel_pt_process_auxtrace_info() creates a pt->unknown_thread thread
that eventually needs to be freed by the last thread__put() on it, when
its refcount hits zero, which may happen in
intel_pt_process_auxtrace_info() error handling path and triggers the
following segfault, which would happen as well at intel_pt_free, when
tools using this intel_pt codebase frees up resources:

   # perf record -I -e intel_pt/tsc=1,noretcomp=1/u /bin/ls
   0  a  anaconda-ks.cfg  bin   perf.data   perf.data.old  
perf-f23-bringup.todo
   [ perf record: Woken up 1 times to write data ]
   [ perf record: Captured and wrote 0.217 MB perf.data ]
   #
   # perf script -F event,comm,pid,tid,time,addr,ip,sym,dso,iregs
   Samples for 'instructions:u' event do not have IREGS attribute set. Cannot 
print 'iregs' field.
   intel_pt_synth_events: failed to synthesize 'instructions' event type
   Segmentation fault (core dumped)
   #

The problem is: there's a union in 'struct thread' combines a list_head
and a rb_node. The standard life cycle of a thread is: init rb_node in
the constructor, insert it into machine->threads rbtree using rb_node,
move it to machine->dead_threads using list_head, clean in the last
thread__put: list_del_init(>node).

In the above command, it clean a thread before adding it into list,
causes the above segfault.

Since pt->unknown_thread will never live in an rbtree, initialize its
list node so that when list_del_init() is done on it we don't segfault.

After this patch:

   # perf script -F event,comm,pid,tid,time,addr,ip,sym,dso,iregs
   Samples for 'instructions:u' event do not have IREGS attribute set. Cannot 
print 'iregs' field.
   intel_pt_synth_events: failed to synthesize 'instructions' event type
   0x248 [0x88]: failed to process type: 70
   #

Reported-by: Tong Zhang 
Reported-by: Wang Nan 
Signed-off-by: Adrian Hunter 
Tested-by: Arnaldo Carvalho de Melo 
Cc: Josh Poimboeuf 
Link: 
http://lkml.kernel.org/r/1454296865-19749-1-git-send-email-wangn...@huawei.com
Signed-off-by: Arnaldo Carvalho de Melo 
---
  tools/perf/util/intel-pt.c | 9 +
  1 file changed, 9 insertions(+)

diff --git a/tools/perf/util/intel-pt.c b/tools/perf/util/intel-pt.c
index 81a2eb77ba7f..05d815851be1 100644
--- a/tools/perf/util/intel-pt.c
+++ b/tools/perf/util/intel-pt.c
@@ -2068,6 +2068,15 @@ int intel_pt_process_auxtrace_info(union perf_event 
*event,
err = -ENOMEM;
goto err_free_queues;
}
+
+   /*
+* Since this thread will not be kept in any rbtree not in a
+* list, initialize its list node so that at thread__put() the
+* current thread lifetime assuption is kept and we don't segfault
+* at list_del_init().
+*/
+   INIT_LIST_HEAD(>unknown_thread->node);
+
err = thread__set_comm(pt->unknown_thread, "unknown", 0);
if (err)
goto err_delete_thread;

Re: [PATCH 2/2] perf tools: Fix fault in error patch of intel_pt_process_auxtrace_info()

2016-02-02 Thread Arnaldo Carvalho de Melo

Em Tue, Feb 02, 2016 at 12:24:19PM +0200, Adrian Hunter escreveu:
> This patch does not fix the problem because the thread__zput() will still
> segfault later if the error path is not taken.
> 
> Sorry, I didn't look closely at this patch because I was not expecting it
> to be taken because of the fix I had already sent:
> 
>   http://marc.info/?l=linux-kernel=145431692623940
> 
> However if you want to keep the struct thread rbtree / list union, the
> simple fix would be to reinstate the list initialization in this particular
> case i.e.:

Right, so it keeps the existing thread lifetime assumptions both in the
error path, as Wang did, and in the normal pt->unknown_thread end of
life at intel_pt_free(), I'm replacing the patch...

- Arnaldo
 
> 
> diff --git a/tools/perf/util/intel-pt.c b/tools/perf/util/intel-pt.c
> index 81a2eb7..18245b8 100644
> --- a/tools/perf/util/intel-pt.c
> +++ b/tools/perf/util/intel-pt.c
> @@ -2068,6 +2068,7 @@ int intel_pt_process_auxtrace_info(union perf_event
> err = -ENOMEM;
> goto err_free_queues;
> }
> +   INIT_LIST_HEAD(>unknown_thread->node);
> err = thread__set_comm(pt->unknown_thread, "unknown", 0);
> if (err)
> goto err_delete_thread;
> 
> 
> 
> On 01/02/16 19:13, Arnaldo Carvalho de Melo wrote:
> > From: Wang Nan 
> > 
> > In error processing path of intel_pt_process_auxtrace_info() it calls
> > thread__zput() to clean and free pt->unknown_thread which is created by
> > thread__new(). However, when error raise, a segfault happen:
> > 
> >   # perf record -I -e intel_pt/tsc=1,noretcomp=1/u /bin/ls
> >   0  a  anaconda-ks.cfg  bin   perf.dataperf.data.old  
> > perf-f23-bringup.todo
> >   [ perf record: Woken up 1 times to write data ]
> >   [ perf record: Captured and wrote 0.217 MB perf.data ]
> >   #
> >   # perf script -F event,comm,pid,tid,time,addr,ip,sym,dso,iregs
> >   Samples for 'instructions:u' event do not have IREGS attribute set. 
> > Cannot print 'iregs' field.
> >   intel_pt_synth_events: failed to synthesize 'instructions' event type
> >   Segmentation fault (core dumped)
> >   #
> > 
> > The problem is: there's a union in 'struct thread' combines a list_head
> > and a rb_node. The standard life cycle of a thread is: init rb_node during
> > creating, inserted into machine->threads rbtree uses rb_node, move to
> > machine->dead_threads using list_head, clean by thread__put:
> > list_del_init(>node).
> > 
> > In the above command, it clean a thread before adding it into list,
> > causes the above segfault.
> > 
> > This patch gives a fake list_head and link the thread into it before
> > calling thread__zput(), get rid of the segfault.
> > 
> > After this patch:
> > 
> >   # perf script -F event,comm,pid,tid,time,addr,ip,sym,dso,iregs
> >   Samples for 'instructions:u' event do not have IREGS attribute set. 
> > Cannot print 'iregs' field.
> >   intel_pt_synth_events: failed to synthesize 'instructions' event type
> >   0x248 [0x88]: failed to process type: 70
> >   #
> > 
> > Reported-by: Tong Zhang 
> > Signed-off-by: Wang Nan 
> > Tested-by: Arnaldo Carvalho de Melo 
> > Cc: Adrian Hunter 
> > Cc: Josh Poimboeuf 
> > Link: 
> > http://lkml.kernel.org/r/1454296865-19749-1-git-send-email-wangn...@huawei.com
> > Signed-off-by: Arnaldo Carvalho de Melo 
> > ---
> >  tools/perf/util/intel-pt.c | 4 
> >  1 file changed, 4 insertions(+)
> > 
> > diff --git a/tools/perf/util/intel-pt.c b/tools/perf/util/intel-pt.c
> > index 81a2eb77ba7f..e2add6376fec 100644
> > --- a/tools/perf/util/intel-pt.c
> > +++ b/tools/perf/util/intel-pt.c
> > @@ -2013,6 +2013,7 @@ int intel_pt_process_auxtrace_info(union perf_event 
> > *event,
> > struct auxtrace_info_event *auxtrace_info = >auxtrace_info;
> > size_t min_sz = sizeof(u64) * INTEL_PT_PER_CPU_MMAPS;
> > struct intel_pt *pt;
> > +   struct list_head dead_thread;
> > int err;
> >  
> > if (auxtrace_info->header.size < sizeof(struct auxtrace_info_event) +
> > @@ -2153,6 +2154,9 @@ int intel_pt_process_auxtrace_info(union perf_event 
> > *event,
> > return 0;
> >  
> >  err_delete_thread:
> > +   RB_CLEAR_NODE(>unknown_thread->rb_node);
> > +   INIT_LIST_HEAD(_thread);
> > +   list_add(>unknown_thread->node, _thread);
> > thread__zput(pt->unknown_thread);
> >  err_free_queues:
> > intel_pt_log_disable();
> >

[PATCH 2/2] perf tools: Fix fault in error patch of intel_pt_process_auxtrace_info()

2016-02-01 Thread Arnaldo Carvalho de Melo

From: Wang Nan 

In error processing path of intel_pt_process_auxtrace_info() it calls
thread__zput() to clean and free pt->unknown_thread which is created by
thread__new(). However, when error raise, a segfault happen:

  # perf record -I -e intel_pt/tsc=1,noretcomp=1/u /bin/ls
  0  a  anaconda-ks.cfg  bin   perf.dataperf.data.old  
perf-f23-bringup.todo
  [ perf record: Woken up 1 times to write data ]
  [ perf record: Captured and wrote 0.217 MB perf.data ]
  #
  # perf script -F event,comm,pid,tid,time,addr,ip,sym,dso,iregs
  Samples for 'instructions:u' event do not have IREGS attribute set. Cannot 
print 'iregs' field.
  intel_pt_synth_events: failed to synthesize 'instructions' event type
  Segmentation fault (core dumped)
  #

The problem is: there's a union in 'struct thread' combines a list_head
and a rb_node. The standard life cycle of a thread is: init rb_node during
creating, inserted into machine->threads rbtree uses rb_node, move to
machine->dead_threads using list_head, clean by thread__put:
list_del_init(>node).

In the above command, it clean a thread before adding it into list,
causes the above segfault.

This patch gives a fake list_head and link the thread into it before
calling thread__zput(), get rid of the segfault.

After this patch:

  # perf script -F event,comm,pid,tid,time,addr,ip,sym,dso,iregs
  Samples for 'instructions:u' event do not have IREGS attribute set. Cannot 
print 'iregs' field.
  intel_pt_synth_events: failed to synthesize 'instructions' event type
  0x248 [0x88]: failed to process type: 70
  #

Reported-by: Tong Zhang 
Signed-off-by: Wang Nan 
Tested-by: Arnaldo Carvalho de Melo 
Cc: Adrian Hunter 
Cc: Josh Poimboeuf 
Link: 
http://lkml.kernel.org/r/1454296865-19749-1-git-send-email-wangn...@huawei.com
Signed-off-by: Arnaldo Carvalho de Melo 
---
 tools/perf/util/intel-pt.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/tools/perf/util/intel-pt.c b/tools/perf/util/intel-pt.c
index 81a2eb77ba7f..e2add6376fec 100644
--- a/tools/perf/util/intel-pt.c
+++ b/tools/perf/util/intel-pt.c
@@ -2013,6 +2013,7 @@ int intel_pt_process_auxtrace_info(union perf_event 
*event,
struct auxtrace_info_event *auxtrace_info = >auxtrace_info;
size_t min_sz = sizeof(u64) * INTEL_PT_PER_CPU_MMAPS;
struct intel_pt *pt;
+   struct list_head dead_thread;
int err;
 
if (auxtrace_info->header.size < sizeof(struct auxtrace_info_event) +
@@ -2153,6 +2154,9 @@ int intel_pt_process_auxtrace_info(union perf_event 
*event,
return 0;
 
 err_delete_thread:
+   RB_CLEAR_NODE(>unknown_thread->rb_node);
+   INIT_LIST_HEAD(_thread);
+   list_add(>unknown_thread->node, _thread);
thread__zput(pt->unknown_thread);
 err_free_queues:
intel_pt_log_disable();
-- 
2.5.0

[PATCH 2/2] perf tools: Fix fault in error patch of intel_pt_process_auxtrace_info()

2016-02-01 Thread Arnaldo Carvalho de Melo

From: Wang Nan 

In error processing path of intel_pt_process_auxtrace_info() it calls
thread__zput() to clean and free pt->unknown_thread which is created by
thread__new(). However, when error raise, a segfault happen:

  # perf record -I -e intel_pt/tsc=1,noretcomp=1/u /bin/ls
  0  a  anaconda-ks.cfg  bin   perf.dataperf.data.old  
perf-f23-bringup.todo
  [ perf record: Woken up 1 times to write data ]
  [ perf record: Captured and wrote 0.217 MB perf.data ]
  #
  # perf script -F event,comm,pid,tid,time,addr,ip,sym,dso,iregs
  Samples for 'instructions:u' event do not have IREGS attribute set. Cannot 
print 'iregs' field.
  intel_pt_synth_events: failed to synthesize 'instructions' event type
  Segmentation fault (core dumped)
  #

The problem is: there's a union in 'struct thread' combines a list_head
and a rb_node. The standard life cycle of a thread is: init rb_node during
creating, inserted into machine->threads rbtree uses rb_node, move to
machine->dead_threads using list_head, clean by thread__put:
list_del_init(>node).

In the above command, it clean a thread before adding it into list,
causes the above segfault.

This patch gives a fake list_head and link the thread into it before
calling thread__zput(), get rid of the segfault.

After this patch:

  # perf script -F event,comm,pid,tid,time,addr,ip,sym,dso,iregs
  Samples for 'instructions:u' event do not have IREGS attribute set. Cannot 
print 'iregs' field.
  intel_pt_synth_events: failed to synthesize 'instructions' event type
  0x248 [0x88]: failed to process type: 70
  #

Reported-by: Tong Zhang 
Signed-off-by: Wang Nan 
Tested-by: Arnaldo Carvalho de Melo 
Cc: Adrian Hunter 
Cc: Josh Poimboeuf 
Link: 
http://lkml.kernel.org/r/1454296865-19749-1-git-send-email-wangn...@huawei.com
Signed-off-by: Arnaldo Carvalho de Melo 
---
 tools/perf/util/intel-pt.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/tools/perf/util/intel-pt.c b/tools/perf/util/intel-pt.c
index 81a2eb77ba7f..e2add6376fec 100644
--- a/tools/perf/util/intel-pt.c
+++ b/tools/perf/util/intel-pt.c
@@ -2013,6 +2013,7 @@ int intel_pt_process_auxtrace_info(union perf_event 
*event,
struct auxtrace_info_event *auxtrace_info = >auxtrace_info;
size_t min_sz = sizeof(u64) * INTEL_PT_PER_CPU_MMAPS;
struct intel_pt *pt;
+   struct list_head dead_thread;
int err;
 
if (auxtrace_info->header.size < sizeof(struct auxtrace_info_event) +
@@ -2153,6 +2154,9 @@ int intel_pt_process_auxtrace_info(union perf_event 
*event,
return 0;
 
 err_delete_thread:
+   RB_CLEAR_NODE(>unknown_thread->rb_node);
+   INIT_LIST_HEAD(_thread);
+   list_add(>unknown_thread->node, _thread);
thread__zput(pt->unknown_thread);
 err_free_queues:
intel_pt_log_disable();
-- 
2.5.0

Re: [PATCH 2/2] perf tools: Fix fault in error patch of intel_pt_process_auxtrace_info()

Re: [PATCH 2/2] perf tools: Fix fault in error patch of intel_pt_process_auxtrace_info()

Re: [PATCH 2/2] perf tools: Fix fault in error patch of intel_pt_process_auxtrace_info()

Re: [PATCH 2/2] perf tools: Fix fault in error patch of intel_pt_process_auxtrace_info()

Re: [PATCH 2/2] perf tools: Fix fault in error patch of intel_pt_process_auxtrace_info()

Re: [PATCH 2/2] perf tools: Fix fault in error patch of intel_pt_process_auxtrace_info()

Re: [PATCH 2/2] perf tools: Fix fault in error patch of intel_pt_process_auxtrace_info()

Re: [PATCH 2/2] perf tools: Fix fault in error patch of intel_pt_process_auxtrace_info()

Re: [PATCH 2/2] perf tools: Fix fault in error patch of intel_pt_process_auxtrace_info()

Re: [PATCH 2/2] perf tools: Fix fault in error patch of intel_pt_process_auxtrace_info()

Re: [PATCH 2/2] perf tools: Fix fault in error patch of intel_pt_process_auxtrace_info()

Re: [PATCH 2/2] perf tools: Fix fault in error patch of intel_pt_process_auxtrace_info()

[PATCH 2/2] perf tools: Fix fault in error patch of intel_pt_process_auxtrace_info()

[PATCH 2/2] perf tools: Fix fault in error patch of intel_pt_process_auxtrace_info()

14 matches

Site Navigation

Mail list logo

Footer information