From: Ben Hutchings <ben@decadent.org.uk> To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: akpm@linux-foundation.org, Denis Kirjanov <kda@linux-powerpc.org>, mpe@ellerman.id.au, "Ravi Bangoria" <ravi.bangoria@linux.ibm.com>, "Thomas Gleixner" <tglx@linutronix.de>, "Arnaldo Carvalho de Melo" <acme@redhat.com>, "Ingo Molnar" <mingo@kernel.org>, linuxppc-dev@lists.ozlabs.org, "Stephane Eranian" <eranian@google.com>, maddy@linux.vnet.ibm.com, "Peter Zijlstra (Intel)" <peterz@infradead.org>, "Alexander Shishkin" <alexander.shishkin@linux.intel.com>, "Vince Weaver" <vincent.weaver@maine.edu>, acme@kernel.org, "Jiri Olsa" <jolsa@redhat.com>, "Linus Torvalds" <torvalds@linux-foundation.org> Subject: [PATCH 3.16 76/87] perf/ioctl: Add check for the sample_period value Date: Wed, 02 Oct 2019 20:06:51 +0100 [thread overview] Message-ID: <lsq.1570043211.910896713@decadent.org.uk> (raw) In-Reply-To: <lsq.1570043210.379046399@decadent.org.uk> 3.16.75-rc1 review patch. If anyone has any objections, please let me know. ------------------ From: Ravi Bangoria <ravi.bangoria@linux.ibm.com> commit 913a90bc5a3a06b1f04c337320e9aeee2328dd77 upstream. perf_event_open() limits the sample_period to 63 bits. See: 0819b2e30ccb ("perf: Limit perf_event_attr::sample_period to 63 bits") Make ioctl() consistent with it. Also on PowerPC, negative sample_period could cause a recursive PMIs leading to a hang (reported when running perf-fuzzer). Signed-off-by: Ravi Bangoria <ravi.bangoria@linux.ibm.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Arnaldo Carvalho de Melo <acme@redhat.com> Cc: Jiri Olsa <jolsa@redhat.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Stephane Eranian <eranian@google.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Vince Weaver <vincent.weaver@maine.edu> Cc: acme@kernel.org Cc: linuxppc-dev@lists.ozlabs.org Cc: maddy@linux.vnet.ibm.com Cc: mpe@ellerman.id.au Fixes: 0819b2e30ccb ("perf: Limit perf_event_attr::sample_period to 63 bits") Link: https://lkml.kernel.org/r/20190604042953.914-1-ravi.bangoria@linux.ibm.com Signed-off-by: Ingo Molnar <mingo@kernel.org> [bwh: Backported to 3.16: adjust context] Signed-off-by: Ben Hutchings <ben@decadent.org.uk> --- kernel/events/core.c | 3 +++ 1 file changed, 3 insertions(+) --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -3823,6 +3823,9 @@ static int perf_event_period(struct perf if (perf_event_check_period(event, value)) return -EINVAL; + if (!event->attr.freq && (value & (1ULL << 63))) + return -EINVAL; + task = ctx->task; pe.value = value;
WARNING: multiple messages have this Message-ID (diff)
From: Ben Hutchings <ben@decadent.org.uk> To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Ravi Bangoria <ravi.bangoria@linux.ibm.com>, maddy@linux.vnet.ibm.com, Vince Weaver <vincent.weaver@maine.edu>, "Peter Zijlstra \(Intel\)" <peterz@infradead.org>, Denis Kirjanov <kda@linux-powerpc.org>, Linus Torvalds <torvalds@linux-foundation.org>, Stephane Eranian <eranian@google.com>, Ingo Molnar <mingo@kernel.org>, Arnaldo Carvalho de Melo <acme@redhat.com>, Alexander Shishkin <alexander.shishkin@linux.intel.com>, acme@kernel.org, Jiri Olsa <jolsa@redhat.com>, akpm@linux-foundation.org, linuxppc-dev@lists.ozlabs.org, Thomas Gleixner <tglx@linutronix.de> Subject: [PATCH 3.16 76/87] perf/ioctl: Add check for the sample_period value Date: Wed, 02 Oct 2019 20:06:51 +0100 [thread overview] Message-ID: <lsq.1570043211.910896713@decadent.org.uk> (raw) In-Reply-To: <lsq.1570043210.379046399@decadent.org.uk> 3.16.75-rc1 review patch. If anyone has any objections, please let me know. ------------------ From: Ravi Bangoria <ravi.bangoria@linux.ibm.com> commit 913a90bc5a3a06b1f04c337320e9aeee2328dd77 upstream. perf_event_open() limits the sample_period to 63 bits. See: 0819b2e30ccb ("perf: Limit perf_event_attr::sample_period to 63 bits") Make ioctl() consistent with it. Also on PowerPC, negative sample_period could cause a recursive PMIs leading to a hang (reported when running perf-fuzzer). Signed-off-by: Ravi Bangoria <ravi.bangoria@linux.ibm.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Arnaldo Carvalho de Melo <acme@redhat.com> Cc: Jiri Olsa <jolsa@redhat.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Stephane Eranian <eranian@google.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Vince Weaver <vincent.weaver@maine.edu> Cc: acme@kernel.org Cc: linuxppc-dev@lists.ozlabs.org Cc: maddy@linux.vnet.ibm.com Cc: mpe@ellerman.id.au Fixes: 0819b2e30ccb ("perf: Limit perf_event_attr::sample_period to 63 bits") Link: https://lkml.kernel.org/r/20190604042953.914-1-ravi.bangoria@linux.ibm.com Signed-off-by: Ingo Molnar <mingo@kernel.org> [bwh: Backported to 3.16: adjust context] Signed-off-by: Ben Hutchings <ben@decadent.org.uk> --- kernel/events/core.c | 3 +++ 1 file changed, 3 insertions(+) --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -3823,6 +3823,9 @@ static int perf_event_period(struct perf if (perf_event_check_period(event, value)) return -EINVAL; + if (!event->attr.freq && (value & (1ULL << 63))) + return -EINVAL; + task = ctx->task; pe.value = value;
next prev parent reply other threads:[~2019-10-02 19:08 UTC|newest] Thread overview: 101+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-10-02 19:06 [PATCH 3.16 00/87] 3.16.75-rc1 review Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 27/87] genwqe: Prevent an integer overflow in the ioctl Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 52/87] ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 61/87] cfg80211: fix memory leak of wiphy device name Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 10/87] drm/gma500/cdv: Check vbt config bits when detecting lvds panels Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 04/87] ASoC: cs42xx8: Add regcache mask dirty Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 80/87] bonding: Always enable vlan tx offload Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 59/87] fs/ocfs2: fix race in ocfs2_dentry_attach_lock() Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 41/87] kernel/signal.c: trace_signal_deliver when signal_group_exit Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 21/87] ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 26/87] gpio: fix gpio-adp5588 build errors Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 40/87] net-gro: fix use-after-free read in napi_gro_frags() Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 42/87] USB: usb-storage: Add new ID to ums-realtek Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 66/87] perf/core: Fix perf_sample_regs_user() mm check Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 57/87] libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 47/87] net: rds: fix memory leak in rds_ib_flush_mr_pool Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 63/87] btrfs: start readahead also in seed devices Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 82/87] sctp: change to hold sk after auth shkey is created successfully Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 20/87] ipv4/igmp: fix another memory leak in igmpv3_del_delrec() Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 62/87] Btrfs: fix race between readahead and device replace/removal Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 05/87] scsi: bnx2fc: fix incorrect cast to u64 on shift operation Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 75/87] be2net: fix link failure after ethtool offline test Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 58/87] cifs: add spinlock for the openFileList to cifsInodeInfo Ben Hutchings 2019-10-28 22:19 ` Pavel Shilovskiy 2019-10-29 13:15 ` Ben Hutchings 2019-11-19 14:49 ` Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 55/87] KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 69/87] net: netem: fix backlog accounting for corrupted GSO frames Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 16/87] usb: xhci: avoid null pointer deref when bos field is NULL Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 36/87] usbip: usbip_host: fix stub_dev lock context imbalance regression Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 81/87] bonding: Add vlan tx offload to hw_enc_features Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 48/87] pktgen: do not sleep with the thread lock held Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 03/87] Btrfs: fix race between ranged fsync and writeback of adjacent ranges Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 13/87] tty: max310x: Fix external crystal register setup Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 23/87] Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 67/87] SMB3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 72/87] net/af_iucv: always register net_device notifier Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 44/87] s390/qeth: fix VLAN attribute in bridge_hostnotify udev event Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 12/87] serial: sh-sci: disable DMA for uart_console Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 17/87] net: stmmac: fix reset gpio free missing Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 01/87] net/mlx4_core: Change the error print to info print Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 32/87] configfs: Fix use-after-free when accessing sd->s_dentry Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 70/87] scsi: ufs: Avoid runtime suspend possibly being blocked forever Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 09/87] USB: rio500: fix memory leak in close after disconnect Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 85/87] scsi: target/iblock: Fix overrun in WRITE SAME emulation Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 46/87] parisc: Use implicit space register selection for loading the coherence index of I/O pdirs Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 11/87] USB: serial: pl2303: add Allied Telesis VT-Kit3 Ben Hutchings 2019-10-02 19:06 ` Ben Hutchings [this message] 2019-10-02 19:06 ` [PATCH 3.16 76/87] perf/ioctl: Add check for the sample_period value Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 15/87] powerpc/perf: Fix MMCRA corruption by bhrb_filter Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 38/87] scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 87/87] crypto: user - prevent operating on larval algorithms Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 50/87] can: af_can: Fix error path of can_init() Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 29/87] staging: iio: cdc: Don't put an else right after a return Ben Hutchings 2019-10-02 21:36 ` Joe Perches 2019-10-03 14:47 ` Ben Hutchings 2019-10-03 15:09 ` Joe Perches 2019-10-03 22:06 ` Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 39/87] signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 31/87] i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 35/87] s390/crypto: fix possible sleep during spinlock aquired Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 64/87] be2net: Fix number of Rx queues used for flow hashing Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 68/87] apparmor: enforce nullbyte at end of tag string Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 30/87] staging:iio:ad7150: fix threshold mode config bit Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 22/87] sbitmap: fix improper use of smp_mb__before_atomic() Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 43/87] USB: Fix chipmunk-like voice when using Logitech C270 for recording audio Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 49/87] can: flexcan: fix timeout when set small bitrate Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 06/87] USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 78/87] x86/speculation: Allow guests to use SSBD even if host does not Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 71/87] net/af_iucv: remove GFP_DMA restriction for HiperTransport Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 19/87] igmp: add a missing spin_lock_init() Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 73/87] scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 74/87] x86/apic: Fix integer overflow on 10 bit left shift of cpu_khz Ben Hutchings 2019-10-02 19:06 ` Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 24/87] perf/ring_buffer: Fix exposing a temporarily decreased data_head Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 79/87] cpu/speculation: Warn on unsupported mitigations= parameter Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 45/87] hwmon: (pmbus/core) Treat parameters as paged if on multiple pages Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 53/87] ptrace: restore smp_rmb() in __ptrace_may_access() Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 34/87] CIFS: cifs_read_allocate_pages: don't iterate through whole page array on ENOMEM Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 18/87] igmp: acquire pmc lock for ip_mc_clear_src() Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 25/87] perf/ring_buffer: Add ordering to rb->nest increment Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 02/87] spi: bitbang: Fix NULL pointer dereference in spi_unregister_master Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 37/87] scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 28/87] net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE() Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 56/87] bcache: fix stack corruption by PRECEDING_KEY() Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 86/87] lib/mpi: Fix karactx leak in mpi_powm Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 14/87] powerpc/perf: add missing put_cpu_var in power_pmu_event_init Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 77/87] MIPS: Add missing EHB in mtc0 -> mfc0 sequence Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 60/87] coredump: fix race condition between collapse_huge_page() and core dumping Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 84/87] tracing/snapshot: Resize spare buffer if size changed Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 51/87] can: purge socket error queue on sock destruct Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 65/87] neigh: fix use-after-free read in pneigh_get_next Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 08/87] usbip: usbip_host: fix BUG: sleeping function called from invalid context Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 33/87] llc: fix skb leak in llc_build_and_send_ui_pkt() Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 07/87] USB: Add LPM quirk for Surface Dock GigE adapter Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 54/87] i2c: acorn: fix i2c warning Ben Hutchings 2019-10-02 19:06 ` [PATCH 3.16 83/87] ALSA: seq: fix incorrect order of dest_client/dest_ports arguments Ben Hutchings 2019-10-03 12:54 ` [PATCH 3.16 00/87] 3.16.75-rc1 review Guenter Roeck 2019-10-03 22:25 ` Ben Hutchings 2019-10-04 23:09 ` Guenter Roeck 2019-10-05 20:29 ` Ben Hutchings
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=lsq.1570043211.910896713@decadent.org.uk \ --to=ben@decadent.org.uk \ --cc=acme@kernel.org \ --cc=acme@redhat.com \ --cc=akpm@linux-foundation.org \ --cc=alexander.shishkin@linux.intel.com \ --cc=eranian@google.com \ --cc=jolsa@redhat.com \ --cc=kda@linux-powerpc.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linuxppc-dev@lists.ozlabs.org \ --cc=maddy@linux.vnet.ibm.com \ --cc=mingo@kernel.org \ --cc=mpe@ellerman.id.au \ --cc=peterz@infradead.org \ --cc=ravi.bangoria@linux.ibm.com \ --cc=stable@vger.kernel.org \ --cc=tglx@linutronix.de \ --cc=torvalds@linux-foundation.org \ --cc=vincent.weaver@maine.edu \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.