> -----Original Message----- > From: Andi Kleen [mailto:a...@linux.intel.com] > Sent: Friday, October 2, 2020 12:07 PM > To: Song Bao Hua (Barry Song) <song.bao....@hisilicon.com> > Cc: linux-kernel@vger.kernel.org; Linuxarm <linux...@huawei.com>; Peter > Zijlstra <pet...@infradead.org>; Ingo Molnar <mi...@redhat.com>; Arnaldo > Carvalho de Melo <a...@kernel.org>; Mark Rutland > <mark.rutl...@arm.com>; Alexander Shishkin > <alexander.shish...@linux.intel.com>; Jiri Olsa <jo...@redhat.com>; > Namhyung Kim <namhy...@kernel.org>; Adrian Hunter > <adrian.hun...@intel.com>; Alexey Budankov > <alexey.budan...@linux.intel.com> > Subject: Re: [PATCH] perf evlist: fix memory corruption for Kernel PMU event > > On Fri, Oct 02, 2020 at 12:57:29AM +1300, Barry Song wrote: > > Commit 7736627b865d ("perf stat: Use affinity for closing file > > descriptors") will use FD(evsel, cpu, thread) to read and write file > > descriptors xyarray. For a kernel PMU event, this leads to serious > > memory corruption and perf crash. > > I have seen evlist->core.cpus->nr is 1 while evsel has cpus->nr with > > the total number of CPUs. so xyarray which is allocated by > > evlist->core.cpus->nr will get overflow. This leads to various > > segmentation faults in perf tool for kernel PMU events, eg: > > ./perf stat -e bus_cycles sleep 1 > > *** Error in `./perf': free(): invalid next size (fast): > > 0x00000000401e6370 *** Aborted (core dumped) > > Thanks. > > I believe there is already a patch queued for this. Andi, thanks! Could you share the link or the commit ID? I'd like to take a look at the fix. I could still reproduce this issue in the latest linus' tree and I didn't find any commit related to this issue in linux-next and tip/perf/core. > > The problem seems to only happen on ARM64. My platform which has this issue is really ARM64. Thanks Barry
