> -----Original Message----- > From: Andi Kleen [mailto:[email protected]] > Sent: Friday, October 2, 2020 12:07 PM > To: Song Bao Hua (Barry Song) <[email protected]> > Cc: [email protected]; Linuxarm <[email protected]>; Peter > Zijlstra <[email protected]>; Ingo Molnar <[email protected]>; Arnaldo > Carvalho de Melo <[email protected]>; Mark Rutland > <[email protected]>; Alexander Shishkin > <[email protected]>; Jiri Olsa <[email protected]>; > Namhyung Kim <[email protected]>; Adrian Hunter > <[email protected]>; Alexey Budankov > <[email protected]> > Subject: Re: [PATCH] perf evlist: fix memory corruption for Kernel PMU event > > On Fri, Oct 02, 2020 at 12:57:29AM +1300, Barry Song wrote: > > Commit 7736627b865d ("perf stat: Use affinity for closing file > > descriptors") will use FD(evsel, cpu, thread) to read and write file > > descriptors xyarray. For a kernel PMU event, this leads to serious > > memory corruption and perf crash. > > I have seen evlist->core.cpus->nr is 1 while evsel has cpus->nr with > > the total number of CPUs. so xyarray which is allocated by > > evlist->core.cpus->nr will get overflow. This leads to various > > segmentation faults in perf tool for kernel PMU events, eg: > > ./perf stat -e bus_cycles sleep 1 > > *** Error in `./perf': free(): invalid next size (fast): > > 0x00000000401e6370 *** Aborted (core dumped) > > Thanks. > > I believe there is already a patch queued for this. Andi, thanks! Could you share the link or the commit ID? I'd like to take a look at the fix. I could still reproduce this issue in the latest linus' tree and I didn't find any commit related to this issue in linux-next and tip/perf/core. > > The problem seems to only happen on ARM64. My platform which has this issue is really ARM64. Thanks Barry
