From: David Carrillo-Cisneros <davi...@google.com> [ Upstream commit 1e0d4f0200e4dbdfc38d818f329d8a0955f7c6f5 ]
__perf_session__process_pipe_events reuses the same memory buffer to process all events in the pipe. When reordering is needed (e.g. -b option), events are not immediately flushed, but kept around until reordering is possible, causing memory corruption. The problem is usually observed by a "Unknown sample error" output. It can easily be reproduced by: perf record -o - noploop | perf inject -b > output Committer testing: Before: $ perf record -o - stress -t 2 -c 2 | perf inject -b > /dev/null stress: info: [8297] dispatching hogs: 2 cpu, 0 io, 0 vm, 0 hdd stress: info: [8297] successful run completed in 2s [ perf record: Woken up 3 times to write data ] [ perf record: Captured and wrote 0.000 MB - ] Warning: Found 1 unknown events! Is this an older tool processing a perf.data file generated by a more recent tool? If that is not the case, consider reporting to linux-kernel@vger.kernel.org. $ After: $ perf record -o - stress -t 2 -c 2 | perf inject -b > /dev/null stress: info: [9027] dispatching hogs: 2 cpu, 0 io, 0 vm, 0 hdd stress: info: [9027] successful run completed in 2s [ perf record: Woken up 3 times to write data ] [ perf record: Captured and wrote 0.000 MB - ] no symbols found in /usr/bin/stress, maybe install a debug package? no symbols found in /usr/bin/stress, maybe install a debug package? $ Signed-off-by: David Carrillo-Cisneros <davi...@google.com> Tested-by: Arnaldo Carvalho de Melo <a...@redhat.com> Acked-by: Jiri Olsa <jo...@kernel.org> Cc: Alexander Shishkin <alexander.shish...@linux.intel.com> Cc: Andi Kleen <a...@linux.intel.com> Cc: He Kuang <heku...@huawei.com> Cc: Masami Hiramatsu <mhira...@kernel.org> Cc: Paul Turner <p...@google.com> Cc: Peter Zijlstra <pet...@infradead.org> Cc: Simon Que <s...@chromium.org> Cc: Stephane Eranian <eran...@google.com> Cc: Wang Nan <wangn...@huawei.com> Link: http://lkml.kernel.org/r/20170410201432.24807-3-davi...@google.com Signed-off-by: Arnaldo Carvalho de Melo <a...@redhat.com> Signed-off-by: Sasha Levin <alexander.le...@microsoft.com> --- tools/perf/util/ordered-events.c | 3 ++- tools/perf/util/session.c | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/tools/perf/util/ordered-events.c b/tools/perf/util/ordered-events.c index fd4be94125fb..e2c53bb0e476 100644 --- a/tools/perf/util/ordered-events.c +++ b/tools/perf/util/ordered-events.c @@ -80,7 +80,7 @@ static union perf_event *dup_event(struct ordered_events *oe, static void free_dup_event(struct ordered_events *oe, union perf_event *event) { - if (oe->copy_on_queue) { + if (event && oe->copy_on_queue) { oe->cur_alloc_size -= event->header.size; free(event); } @@ -151,6 +151,7 @@ void ordered_events__delete(struct ordered_events *oe, struct ordered_event *eve list_move(&event->list, &oe->cache); oe->nr_events--; free_dup_event(oe, event->event); + event->event = NULL; } static int __ordered_events__flush(struct perf_session *s, diff --git a/tools/perf/util/session.c b/tools/perf/util/session.c index 80dbba095f30..e798b58971bf 100644 --- a/tools/perf/util/session.c +++ b/tools/perf/util/session.c @@ -1080,6 +1080,7 @@ static int __perf_session__process_pipe_events(struct perf_session *session, buf = malloc(cur_size); if (!buf) return -errno; + ordered_events__set_copy_on_queue(oe, true); more: event = buf; err = readn(fd, event, sizeof(struct perf_event_header)); -- 2.14.1
