]>
Commit | Line | Data |
---|---|---|
f688f459 SL |
1 | From 0e922cd8b549ea6bad39a08a97d12436e4385f33 Mon Sep 17 00:00:00 2001 |
2 | From: Arnaldo Carvalho de Melo <acme@redhat.com> | |
3 | Date: Tue, 12 Feb 2019 10:18:36 -0300 | |
4 | Subject: perf trace: Check if the 'fd' is negative when mapping it to pathname | |
5 | MIME-Version: 1.0 | |
6 | Content-Type: text/plain; charset=UTF-8 | |
7 | Content-Transfer-Encoding: 8bit | |
8 | ||
9 | [ Upstream commit 051074867434cc520c08f188479d4757dcfdaef8 ] | |
10 | ||
11 | We were crashing when processing a negative fd: | |
12 | ||
13 | Program received signal SIGSEGV, Segmentation fault. | |
14 | 0x0000000000609bbf in syscall_arg__scnprintf_ioctl_cmd (bf=0x1172eca "", size=2038, arg=0x7fffffff8360) at trace/beauty/ioctl.c:182 | |
15 | 182 if (file->dev_maj == USB_DEVICE_MAJOR) | |
16 | Missing separate debuginfos, use: dnf debuginfo-install bzip2-libs-1.0.6-28.fc29.x86_64 elfutils-libelf-0.174-5.fc29.x86_64 elfutils-libs-0.174-5.fc29.x86_64 glib2-2.58.3-1.fc29.x86_64 libbabeltrace-1.5.6-1.fc29.x86_64 libunwind-1.2.1-6.fc29.x86_64 libuuid-2.32.1-1.fc29.x86_64 libxcrypt-4.4.3-2.fc29.x86_64 numactl-libs-2.0.12-1.fc29.x86_64 openssl-libs-1.1.1a-1.fc29.x86_64 pcre-8.42-6.fc29.x86_64 perl-libs-5.28.1-427.fc29.x86_64 popt-1.16-15.fc29.x86_64 python2-libs-2.7.15-11.fc29.x86_64 slang-2.3.2-4.fc29.x86_64 xz-libs-5.2.4-3.fc29.x86_64 | |
17 | (gdb) bt | |
18 | #0 0x0000000000609bbf in syscall_arg__scnprintf_ioctl_cmd (bf=0x1172eca "", size=2038, arg=0x7fffffff8360) at trace/beauty/ioctl.c:182 | |
19 | #1 0x000000000048e295 in syscall__scnprintf_val (sc=0x123b500, bf=0x1172eca "", size=2038, arg=0x7fffffff8360, val=21519) | |
20 | at builtin-trace.c:1594 | |
21 | #2 0x000000000048e60d in syscall__scnprintf_args (sc=0x123b500, bf=0x1172ec6 "-1, ", size=2042, args=0x7ffff6a7c034 "\377\377\377\377", | |
22 | augmented_args=0x7ffff6a7c064, augmented_args_size=4, trace=0x7fffffffa8d0, thread=0x1175cd0) at builtin-trace.c:1661 | |
23 | #3 0x000000000048f04e in trace__sys_enter (trace=0x7fffffffa8d0, evsel=0xb260b0, event=0x7ffff6a7bfe8, sample=0x7fffffff84f0) | |
24 | at builtin-trace.c:1880 | |
25 | #4 0x00000000004915a4 in trace__handle_event (trace=0x7fffffffa8d0, event=0x7ffff6a7bfe8, sample=0x7fffffff84f0) at builtin-trace.c:2590 | |
26 | #5 0x0000000000491eed in __trace__deliver_event (trace=0x7fffffffa8d0, event=0x7ffff6a7bfe8) at builtin-trace.c:2818 | |
27 | #6 0x0000000000492030 in trace__deliver_event (trace=0x7fffffffa8d0, event=0x7ffff6a7bfe8) at builtin-trace.c:2845 | |
28 | #7 0x0000000000492896 in trace__run (trace=0x7fffffffa8d0, argc=0, argv=0x7fffffffdb58) at builtin-trace.c:3040 | |
29 | #8 0x000000000049603a in cmd_trace (argc=0, argv=0x7fffffffdb58) at builtin-trace.c:3952 | |
30 | #9 0x00000000004d5103 in main (argc=1, argv=0x7fffffffdb58) at perf.c:474 | |
31 | (gdb) p fd | |
32 | $1 = -1 | |
33 | (gdb) p file | |
34 | $7 = (struct file *) 0xfffffffffffffff0 | |
35 | (gdb) p ((struct thread_trace *)arg->thread)->files.table + fd | |
36 | $8 = (struct file *) 0xfffffffffffffff0 | |
37 | (gdb) | |
38 | ||
39 | Check for that and return NULL instead. | |
40 | ||
41 | This problem was introduced recently, the other codepaths leading to | |
42 | thread_trace__files_entry() check for negative fds, like thread__fd_path(), | |
43 | but we need to do it at thread_trace__files_entry() as more users are now | |
44 | calling it directly. | |
45 | ||
46 | Cc: Adrian Hunter <adrian.hunter@intel.com> | |
47 | Cc: Jiri Olsa <jolsa@kernel.org> | |
48 | Cc: Luis Cláudio Gonçalves <lclaudio@redhat.com> | |
49 | Cc: Namhyung Kim <namhyung@kernel.org> | |
50 | Cc: Wang Nan <wangnan0@huawei.com> | |
51 | Fixes: 2d473389f87a ("perf trace beauty: Export function to get the files for a thread") | |
52 | Link: https://lkml.kernel.org/n/tip-oq7bvaaf07gsd4yqty3107u2@git.kernel.org | |
53 | Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> | |
54 | Signed-off-by: Sasha Levin <sashal@kernel.org> | |
55 | --- | |
56 | tools/perf/builtin-trace.c | 3 +++ | |
57 | 1 file changed, 3 insertions(+) | |
58 | ||
59 | diff --git a/tools/perf/builtin-trace.c b/tools/perf/builtin-trace.c | |
60 | index b36061cd1ab8..2776ff8c3e81 100644 | |
61 | --- a/tools/perf/builtin-trace.c | |
62 | +++ b/tools/perf/builtin-trace.c | |
63 | @@ -1039,6 +1039,9 @@ static const size_t trace__entry_str_size = 2048; | |
64 | ||
65 | static struct file *thread_trace__files_entry(struct thread_trace *ttrace, int fd) | |
66 | { | |
67 | + if (fd < 0) | |
68 | + return NULL; | |
69 | + | |
70 | if (fd > ttrace->files.max) { | |
71 | struct file *nfiles = realloc(ttrace->files.table, (fd + 1) * sizeof(struct file)); | |
72 | ||
73 | -- | |
74 | 2.19.1 | |
75 |