perf session: Fix infinite loop in __perf_session__process_events
authorArnaldo Carvalho de Melo <acme@redhat.com>
Mon, 10 Jan 2011 23:37:57 +0000 (21:37 -0200)
committerArnaldo Carvalho de Melo <acme@redhat.com>
Tue, 11 Jan 2011 00:23:08 +0000 (22:23 -0200)
In this if statement:

        if (head + event->header.size >= mmap_size) {
                if (mmaps[map_idx]) {
                        munmap(mmaps[map_idx], mmap_size);
                        mmaps[map_idx] = NULL;
                }

                page_offset = page_size * (head / page_size);
                file_offset += page_offset;
                head -= page_offset;
                goto remap;
        }

With, for instance, these values:

head=2992
event->header.size=48
mmap_size=3040

We end up endlessly looping back to remap. Off by one.

Problem introduced in 55b4462.

Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Reported-by: Ingo Molnar <mingo@elte.hu>
Reported-by: David Ahern <daahern@cisco.com>
Bisected-by: David Ahern <daahern@cisco.com>
Tested-by: David Ahern <daahern@cisco.com>
Cc: David Ahern <daahern@cisco.com>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tom Zanussi <tzanussi@gmail.com>
LKML-Reference: <new-submission>
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
tools/perf/util/session.c

index 6fb4694..313dac2 100644 (file)
@@ -1007,7 +1007,7 @@ more:
        if (size == 0)
                size = 8;
 
-       if (head + event->header.size >= mmap_size) {
+       if (head + event->header.size > mmap_size) {
                if (mmaps[map_idx]) {
                        munmap(mmaps[map_idx], mmap_size);
                        mmaps[map_idx] = NULL;