Re: Oops (NULL pointer) with 'perf record' of selftest 'null_syscall'

[Athira Rajeev]

On 16-Jun-2021, at 11:56 AM, Christophe Leroy <christophe.le...@csgroup.eu> wrote: Le 16/06/2021 à 05:40, Athira Rajeev a écrit : On 16-Jun-2021, at 8:53 AM, Madhavan Srinivasan <ma...@linux.ibm.com> wrote: On 6/15/21 8:35 PM, Christophe Leroy wrote: For your information, I'm getting the following Oops. Detected with 5.13-rc6, it also oopses on 5.12 and 5.11. Runs ok on 5.10. I'm starting bisecting now. Thanks for reporting, got the issue. What has happened in this case is that, pmu device is not registered and trying to access the instruction point which will land in perf_instruction_pointer(). And recently I have added a workaround patch for power10 DD1 which has caused this breakage. My bad. We are working on a fix patch for the same and will post it out. Sorry again. Hi Christophe, Can you please try with below patch in your environment and test if it works for you. From 55d3afc9369dfbe28a7152c8e9f856c11c7fe43d Mon Sep 17 00:00:00 2001 From: Athira Rajeev <atraj...@linux.vnet.ibm.com> Date: Tue, 15 Jun 2021 22:28:11 -0400 Subject: [PATCH] powerpc/perf: Fix crash with 'perf_instruction_pointer' when pmu is not set On systems without any specific PMU driver support registered, running perf record causes oops: [   38.841073] NIP [c00000000013af54] perf_instruction_pointer+0x24/0x100 [   38.841079] LR [c0000000003c7358] perf_prepare_sample+0x4e8/0x820 [   38.841085] --- interrupt: 300 [   38.841088] [c00000001cf03440] [c0000000003c6ef8] perf_prepare_sample+0x88/0x820 (unreliable) [   38.841096] [c00000001cf034a0] [c0000000003c76d0] perf_event_output_forward+0x40/0xc0 [   38.841104] [c00000001cf03520] [c0000000003b45e8] __perf_event_overflow+0x88/0x1b0 [   38.841112] [c00000001cf03570] [c0000000003b480c] perf_swevent_hrtimer+0xfc/0x1a0 [   38.841119] [c00000001cf03740] [c0000000002399cc] __hrtimer_run_queues+0x17c/0x380 [   38.841127] [c00000001cf037c0] [c00000000023a5f8] hrtimer_interrupt+0x128/0x2f0 [   38.841135] [c00000001cf03870] [c00000000002962c] timer_interrupt+0x13c/0x370 [   38.841143i] [c00000001cf038d0] [c000000000009ba4] decrementer_common_virt+0x1a4/0x1b0 [   38.841151] --- interrupt: 900 at copypage_power7+0xd4/0x1c0 During perf record session, perf_instruction_pointer() is called to capture the sample ip. This function in core-book3s accesses ppmu->flags. If a platform specific PMU driver is not registered, ppmu is set to NULL and accessing its members results in a crash. Fix this crash by checking if ppmu is set. Signed-off-by: Athira Rajeev <atraj...@linux.vnet.ibm.com> Reported-by: Christophe Leroy <christophe.le...@csgroup.eu> Fixes: 2ca13a4cc56c ("powerpc/perf: Use regs->nip when SIAR is zero") Cc: sta...@vger.kernel.org Tested-by: Christophe Leroy <christophe.le...@csgroup.eu> Hi Christophe, Thanks for testing with the change. I have a newer version where I have added braces around the check. Can you please check once and can I add your tested-by for the below patch. From 621cd0449c8503a016c0b1ae63639061aa5134a8 Mon Sep 17 00:00:00 2001 From: Athira Rajeev <atraj...@linux.vnet.ibm.com> Date: Tue, 15 Jun 2021 22:28:11 -0400 Subject: [PATCH] powerpc/perf: Fix crash with 'perf_instruction_pointer' when pmu is not set On systems without any specific PMU driver support registered, running perf record causes Oops. The relevant portion from call trace: BUG: Kernel NULL pointer dereference on read at 0x00000040 Faulting instruction address: 0xc0021f0c Oops: Kernel access of bad area, sig: 11 [#1] BE PAGE_SIZE=4K PREEMPT CMPCPRO SAF3000 DIE NOTIFICATION CPU: 0 PID: 442 Comm: null_syscall Not tainted 5.13.0-rc6-s3k-dev-01645-g7649ee3d2957 #5164 NIP:  c0021f0c LR: c00e8ad8 CTR: c00d8a5c NIP [c0021f0c] perf_instruction_pointer+0x10/0x60 LR [c00e8ad8] perf_prepare_sample+0x344/0x674 Call Trace: [e6775880] [c00e8810] perf_prepare_sample+0x7c/0x674 (unreliable) [e67758c0] [c00e8e44] perf_event_output_forward+0x3c/0x94 [e6775910] [c00dea8c] __perf_event_overflow+0x74/0x14c [e6775930] [c00dec5c] perf_swevent_hrtimer+0xf8/0x170 [e6775a40] [c008c8d0] __hrtimer_run_queues.constprop.0+0x160/0x318 [e6775a90] [c008d94c] hrtimer_interrupt+0x148/0x3b0 [e6775ae0] [c000c0c0] timer_interrupt+0xc4/0x22c [e6775b10] [c00046f0] Decrementer_virt+0xb8/0xbc During perf record session, perf_instruction_pointer() is called to capture the sample ip. This function in core-book3s accesses ppmu->flags. If a platform specific PMU driver is not registered, ppmu is set to NULL and accessing its members results in a crash. Fix this crash by checking if ppmu is set. Fixes: 2ca13a4cc56c ("powerpc/perf: Use regs->nip when SIAR is zero") Signed-off-by: Athira Rajeev <atraj...@linux.vnet.ibm.com> Reported-by: Christophe Leroy <christophe.le...@csgroup.eu> --- arch/powerpc/perf/core-book3s.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/powerpc/perf/core-book3s.c b/arch/powerpc/perf/core-book3s.c index 16d4d1b..5162241 100644 --- a/arch/powerpc/perf/core-book3s.c +++ b/arch/powerpc/perf/core-book3s.c @@ -2254,7 +2254,7 @@ unsigned long perf_instruction_pointer(struct pt_regs *regs) bool use_siar = regs_use_siar(regs); unsigned long siar = mfspr(SPRN_SIAR); - if (ppmu->flags & PPMU_P10_DD1) { + if (ppmu && (ppmu->flags & PPMU_P10_DD1)) { if (siar) return siar; else -- 1.8.3.1 Thanks Athira --- arch/powerpc/perf/core-book3s.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/powerpc/perf/core-book3s.c b/arch/powerpc/perf/core-book3s.c index 16d4d1b6a1ff..816756588cb7 100644 --- a/arch/powerpc/perf/core-book3s.c +++ b/arch/powerpc/perf/core-book3s.c @@ -2254,7 +2254,7 @@ unsigned long perf_instruction_pointer(struct pt_regs *regs) bool use_siar = regs_use_siar(regs); unsigned long siar = mfspr(SPRN_SIAR); - if (ppmu->flags & PPMU_P10_DD1) { + if (ppmu && ppmu->flags & PPMU_P10_DD1) { if (siar) return siar; else