Google Git
Sign in
android / platform / external / trace-cmd / c2fc2bc
commitc2fc2bc296f7cf59a6614f942880d0060ac4178e[log] [tgz]
authorTzvetomir Stoyanov <tstoyanov@vmware.com>Wed Jun 05 14:50:46 2019 +0300
committerSteven Rostedt (VMware) <rostedt@goodmis.org>Wed Jun 05 07:53:17 2019 -0400
treeab5a391e120263f1e74fe9a5fb7d744aaf6115d2
parent0c957d2d85787350083ac990b35428e665f392a5 [diff]
trace-cmd: Fix crash when trace-cmd is executed with args "profile -F sleep 1"

When trace-cmd is running in "profile" mode, trace files are not generated.
Instead, pipes are used to collect trace data from recorder threads. Some
internal functions, originally designed for working with files, are reused
in pipes use case:
 init_cpu()
 allocate_page()
 get_next_page()
There was an undesired behaviour in those functions, when working with pipes,
which causes the segmentation fault.

Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=203411
Link: http://lore.kernel.org/linux-trace-devel/20190605115046.20444-1-tstoyanov@vmware.com

Fixes: 62e82cc6cdc9 ("trace-cmd: Use lookup table instead of link list for pages")

./trace-cmd profile -F sleep 1
Segmentation fault (core dumped)
back trace:
0  allocate_page (handle=0x4a1a10, cpu=0, offset=12288) at trace-input.c:927
1  0x000000000042d2aa in get_page (handle=0x4a1a10, cpu=0, offset=12288) at trace-input.c:1116
2  0x000000000042d40d in get_next_page (handle=0x4a1a10, cpu=0) at trace-input.c:1142
3  0x000000000042e339 in tracecmd_peek_data (handle=0x4a1a10, cpu=0) at trace-input.c:1776
4  0x000000000042e6d4 in tracecmd_read_data (handle=0x4a1a10, cpu=0) at trace-input.c:1841
5  0x0000000000424d82 in trace_stream_read (pids=0x47b7d0, nr_pids=8, tv=0x7fffffffd3c0) at trace-stream.c:105
6  0x000000000040aa1f in trace_waitpid (type=TRACE_TYPE_STREAM, pid=24759, status=0x7fffffffd408, options=1) at trace-record.c:1114
7  0x000000000040b151 in run_cmd (type=TRACE_TYPE_STREAM, argc=2, argv=0x7fffffffd600) at trace-record.c:1331
8  0x0000000000412ffd in record_trace (argc=5, argv=0x7fffffffd5e8, ctx=0x7fffffffd470) at trace-record.c:5065
9  0x000000000041338d in trace_profile (argc=5, argv=0x7fffffffd5e8) at trace-record.c:5199
10 0x0000000000408bc5 in main (argc=5, argv=0x7fffffffd5e8) at trace-cmd.c:118

The problem seems to be in the lookup table "struct page **pages" in struct cpu_data.
In case pipes are used with this tracecmd_input handler, only a single page is
allocated in this lookup table. Later, when get_page() is called, there is use
case where more pages are addressed (in the backtrace above, the page with
index 3 is addressed, cpu_data->pages[3])

trace-cmd: current (git20190424)

Signed-off-by: Tzvetomir Stoyanov <tstoyanov@vmware.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
1 file changed
tree: ab5a391e120263f1e74fe9a5fb7d744aaf6115d2
  1. Documentation/
  2. include/
  3. kernel-shark/
  4. lib/
  5. LICENSES/
  6. plugins/
  7. python/
  8. scripts/
  9. tracecmd/
  10. .gitattributes
  11. .gitignore
  12. COPYING
  13. COPYING.LIB
  14. DCO
  15. features.mk
  16. Makefile
  17. README