Re: [PATCH] perf evlist: fix memory corruption for Kernel PMU event

From: Andi Kleen
Date: Thu Oct 01 2020 - 19:06:58 EST

Next message: Thomas Gleixner: "Re: [PATCH 5/7] Traffic control using high-resolution timer issue"
Previous message: Daniel Winkler: "[PATCH v4 3/5] Bluetooth: Use intervals and tx power from mgmt cmds"
In reply to: Barry Song: "[PATCH] perf evlist: fix memory corruption for Kernel PMU event"
Next in thread: Song Bao Hua (Barry Song): "RE: [PATCH] perf evlist: fix memory corruption for Kernel PMU event"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Oct 02, 2020 at 12:57:29AM +1300, Barry Song wrote:
> Commit 7736627b865d ("perf stat: Use affinity for closing file
> descriptors") will use FD(evsel, cpu, thread) to read and write
> file descriptors xyarray. For a kernel PMU event, this leads to
> serious memory corruption and perf crash.
> I have seen evlist->core.cpus->nr is 1 while evsel has cpus->nr
> with the total number of CPUs. so xyarray which is allocated by
> evlist->core.cpus->nr will get overflow. This leads to various
> segmentation faults in perf tool for kernel PMU events, eg:
> ./perf stat -e bus_cycles sleep 1
> *** Error in `./perf': free(): invalid next size (fast): 0x00000000401e6370 ***
> Aborted (core dumped)

Thanks.

I believe there is already a patch queued for this.

The problem seems to only happen on ARM64.

-Andi

Next message: Thomas Gleixner: "Re: [PATCH 5/7] Traffic control using high-resolution timer issue"
Previous message: Daniel Winkler: "[PATCH v4 3/5] Bluetooth: Use intervals and tx power from mgmt cmds"
In reply to: Barry Song: "[PATCH] perf evlist: fix memory corruption for Kernel PMU event"
Next in thread: Song Bao Hua (Barry Song): "RE: [PATCH] perf evlist: fix memory corruption for Kernel PMU event"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]