[PATCH 7/8] perf stat: Fix memory corruption of xyarray when cpumask is used

From: Arnaldo Carvalho de Melo
Date: Tue Jan 21 2014 - 15:44:56 EST

Next message: Peter Zijlstra: "Re: [PATCH 8/9] sched/fair: Optimize cgroup pick_next_task_fair"
Previous message: Arnaldo Carvalho de Melo: "[PATCH 6/8] perf evsel: Remove duplicate member zeroing after free"
In reply to: Arnaldo Carvalho de Melo: "[PATCH 6/8] perf evsel: Remove duplicate member zeroing after free"
Next in thread: Arnaldo Carvalho de Melo: "[PATCH 1/8] perf timechart: Fix wrong SVG height"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Stephane Eranian <eranian@xxxxxxxxxx>

This patch fixes a memory corruption problem with the xyarray when the
evsel fds get closed at the end of the run_perf_stat() call.

It could be triggered with:

# perf stat -a -e power/energy-cores/ ls

When cpumask are used by events (.e.g, RAPL or uncores) then the evsel
fds are allocated based on the actual number of CPUs monitored. That
number can be smaller than the total number of CPUs on the system.

The problem arises at the end by perf stat closes the fds twice. When
fds are closed, their entry in the xyarray are set to -1.

The first close() on the evsel is made from __run_perf_stat() and it
uses the actual number of CPUS for the event which is how the xyarray
was allocated for.

The second is from perf_evlist_close() but that one is on the total
number of CPUs in the system, so it assume the xyarray was allocated to
cover it. However it was not, and some writes corrupt memory.

The fix is in perf_evlist_close() is to first try with the evsel->cpus
if present, if not use the evlist->cpus. That fixes the problem.

Signed-off-by: Stephane Eranian <eranian@xxxxxxxxxx>
Cc: David Ahern <dsahern@xxxxxxxxx>
Cc: Ingo Molnar <mingo@xxxxxxx>
Cc: Jiri Olsa <jolsa@xxxxxxxxxx>
Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
Link: http://lkml.kernel.org/r/1389972846-6566-3-git-send-email-eranian@xxxxxxxxxx
Signed-off-by: Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>
---
tools/perf/util/evlist.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/tools/perf/util/evlist.c b/tools/perf/util/evlist.c
index 40bd2c04df8a..59ef2802fcf6 100644
--- a/tools/perf/util/evlist.c
+++ b/tools/perf/util/evlist.c
@@ -1003,9 +1003,12 @@ void perf_evlist__close(struct perf_evlist *evlist)
struct perf_evsel *evsel;
int ncpus = cpu_map__nr(evlist->cpus);
int nthreads = thread_map__nr(evlist->threads);
+ int n;

- evlist__for_each_reverse(evlist, evsel)
- perf_evsel__close(evsel, ncpus, nthreads);
+ evlist__for_each_reverse(evlist, evsel) {
+ n = evsel->cpus ? evsel->cpus->nr : ncpus;
+ perf_evsel__close(evsel, n, nthreads);
+ }
}

int perf_evlist__open(struct perf_evlist *evlist)
--
1.8.1.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Peter Zijlstra: "Re: [PATCH 8/9] sched/fair: Optimize cgroup pick_next_task_fair"
Previous message: Arnaldo Carvalho de Melo: "[PATCH 6/8] perf evsel: Remove duplicate member zeroing after free"
In reply to: Arnaldo Carvalho de Melo: "[PATCH 6/8] perf evsel: Remove duplicate member zeroing after free"
Next in thread: Arnaldo Carvalho de Melo: "[PATCH 1/8] perf timechart: Fix wrong SVG height"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]