linux/tools/perf
Jiri Olsa e3ebaa4651 perf report: Fix memory corruption in --branch-history mode --branch-history
Jin Yao reported memory corrupton in perf report with
branch info used for stack trace:

  > Following command lines will cause perf crash.

  > perf record -j call -g -a <application>
  > perf report --branch-history
  >
  > *** Error in `perf': double free or corruption (!prev): 0x00000000104aa040 ***
  > ======= Backtrace: =========
  > /lib/x86_64-linux-gnu/libc.so.6(+0x77725)[0x7f6b37254725]
  > /lib/x86_64-linux-gnu/libc.so.6(+0x7ff4a)[0x7f6b3725cf4a]
  > /lib/x86_64-linux-gnu/libc.so.6(cfree+0x4c)[0x7f6b37260abc]
  > perf[0x51b914]
  > perf(hist_entry_iter__add+0x1e5)[0x51f305]
  > perf[0x43cf01]
  > perf[0x4fa3bf]
  > perf[0x4fa923]
  > perf[0x4fd396]
  > perf[0x4f9614]
  > perf(perf_session__process_events+0x89e)[0x4fc38e]
  > perf(cmd_report+0x15d2)[0x43f202]
  > perf[0x4a059f]
  > perf(main+0x631)[0x427b71]
  > /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7f6b371fd830]
  > perf(_start+0x29)[0x427d89]

For the cumulative output, we allocate the he_cache array based on the
--max-stack option value and populate it with data from 'callchain_cursor'.

The --max-stack option value does not ensure now the limit for number of
callchain_cursor nodes, so the cumulative iter code will allocate smaller array
than it's actually needed and cause above corruption.

I think the --max-stack limit does not apply here anyway, because we add
callchain data as normal hist entries, while the --max-stack control the limit
of single entry callchain depth.

Using the callchain_cursor.nr as he_cache array count to fix this. Also
removing struct hist_entry_iter::max_stack, because there's no longer any use
for it.

We need more fixes to ensure that the branch stack code follows properly the
logic of --max-stack, which is not the case at the moment.

Original-patch-by: Jin Yao <yao.jin@linux.intel.com>
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Reported-by: Jin Yao <yao.jin@linux.intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Kan Liang <kan.liang@intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: http://lkml.kernel.org/r/20180216123619.GA9945@krava
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
2018-02-16 14:55:47 -03:00
..
arch perf cs-etm: Properly deal with cpu maps 2018-02-16 14:55:41 -03:00
bench perf perf: Remove duplicate includes 2017-12-27 12:15:49 -03:00
Documentation perf report: Fix description for --mem-mode 2018-02-16 14:55:46 -03:00
jvmti perf jvmti: Generate correct debug information for inlined code 2017-12-18 11:54:08 -03:00
pmu-events perf vendor events aarch64: Add JSON metrics for ARM Cortex-A53 Processor 2018-02-15 09:49:44 -03:00
python License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
scripts perf script python: Add script to profile and resolve physical mem type 2018-01-12 11:06:57 -03:00
tests perf tests: Use arch__compare_symbol_names to compare symbols 2018-02-16 14:26:01 -03:00
trace perf trace beauty flock: Move to separate object file 2018-01-25 06:37:31 -03:00
ui perf report: Fix wrong jump arrow 2018-02-16 14:55:47 -03:00
util perf report: Fix memory corruption in --branch-history mode --branch-history 2018-02-16 14:55:47 -03:00
.gitignore perf tools: Add trace/beauty/generated/ into .gitignore 2018-02-05 13:58:02 -03:00
Build perf trace: Remove audit-libs dependency if syscall tables are present 2018-01-23 09:51:38 -03:00
builtin-annotate.c Merge branch 'linus' into perf/core, to fix conflicts 2017-11-07 10:30:18 +01:00
builtin-bench.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
builtin-buildid-cache.c perf buildid-cache: Update help text for purge command 2017-11-16 14:49:54 -03:00
builtin-buildid-list.c Merge branch 'linus' into perf/core, to fix conflicts 2017-11-07 10:30:18 +01:00
builtin-c2c.c perf hists browser: Add parameter to disable lost event warning 2018-02-15 09:56:26 -03:00
builtin-config.c Merge branch 'linus' into perf/core, to fix conflicts 2017-11-07 10:30:18 +01:00
builtin-data.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
builtin-diff.c Merge branch 'linus' into perf/core, to fix conflicts 2017-11-07 10:30:18 +01:00
builtin-evlist.c Merge branch 'linus' into perf/core, to fix conflicts 2017-11-07 10:30:18 +01:00
builtin-ftrace.c tools include: Adopt strstarts() from the kernel 2017-07-20 15:46:10 -03:00
builtin-help.c perf trace: Remove audit-libs dependency if syscall tables are present 2018-01-23 09:51:38 -03:00
builtin-inject.c perf tools: Get rid of unused 'swapped' parameter from perf_event__synthesize_sample() 2018-01-18 09:01:23 -03:00
builtin-kallsyms.c perf tools: Including missing inttypes.h header 2017-04-19 13:01:46 -03:00
builtin-kmem.c mm: remove __GFP_COLD 2017-11-15 18:21:06 -08:00
builtin-kvm.c perf evlist: Remove fcntl.h from evlist.h 2018-01-25 06:37:30 -03:00
builtin-list.c Merge branch 'linus' into perf/core, to fix conflicts 2017-11-07 10:30:18 +01:00
builtin-lock.c Merge branch 'linus' into perf/core, to fix conflicts 2017-11-07 10:30:18 +01:00
builtin-mem.c Merge branch 'linus' into perf/core, to fix conflicts 2017-11-07 10:30:18 +01:00
builtin-probe.c perf buildid-cache: Support binary objects from other namespaces 2017-07-18 23:14:11 -03:00
builtin-record.c perf record: Put new line after target override warning 2018-02-16 10:09:23 -03:00
builtin-report.c perf report: Add support to display group output for non group events 2018-02-16 10:09:24 -03:00
builtin-sched.c Merge branch 'linus' into perf/core, to fix conflicts 2017-11-07 10:30:18 +01:00
builtin-script.c perf script: Add --show-round-event to display PERF_RECORD_FINISHED_ROUND 2018-02-16 10:09:23 -03:00
builtin-stat.c perf stat: Add support to print counts after a period of time 2018-02-16 10:18:06 -03:00
builtin-timechart.c perf tools: Add struct perf_data_file 2017-10-30 13:37:37 -03:00
builtin-top.c perf top: Check the latency of perf_top__mmap_read() 2018-02-15 09:57:06 -03:00
builtin-trace.c perf trace: Fix call-graph output 2018-02-05 13:53:45 -03:00
builtin-version.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
builtin.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
check-headers.sh Revert "tools include s390: Grab a copy of arch/s390/include/uapi/asm/unistd.h" 2018-02-15 10:06:15 -03:00
command-list.txt perf tools: Missing c2c command in command-list 2017-03-13 10:59:31 -03:00
CREDITS
design.txt
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
Makefile.config perf tools: Integrating the CoreSight decoding library 2018-01-25 06:37:23 -03:00
Makefile.perf perf tools: Integrating the CoreSight decoding library 2018-01-25 06:37:23 -03:00
MANIFEST perf tools: Get all of tools/{arch,include}/ in the MANIFEST 2017-09-25 10:39:43 -03:00
perf-archive.sh License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
perf-completion.sh perf tools: Auto-complete for events with ':' 2017-12-27 12:16:00 -03:00
perf-read-vdso.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
perf-sys.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
perf-with-kcore.sh perf tools: Fix perf-with-kcore handling of arguments containing spaces 2015-08-06 16:48:27 -03:00
perf.c perf trace: Remove audit-libs dependency if syscall tables are present 2018-01-23 09:51:38 -03:00
perf.h perf record: Fix period option handling 2018-02-05 12:18:28 -03:00