From: tip-bot for Peter Zijlstra <tipbot@zytor.com>
To: linux-tip-commits@vger.kernel.org
Cc: mingo@kernel.org, linux-kernel@vger.kernel.org,
peterz@infradead.org, hpa@zytor.com, tglx@linutronix.de,
nelson.dsouza@intel.com, tonyj@suse.com
Subject: [tip:perf/urgent] perf/x86/intel: Fix memory corruption
Date: Fri, 15 Mar 2019 04:29:07 -0700 [thread overview]
Message-ID: <tip-ede271b059463731cbd6dffe55ffd70d7dbe8392@git.kernel.org> (raw)
In-Reply-To: <20190314130705.441549378@infradead.org>
Commit-ID: ede271b059463731cbd6dffe55ffd70d7dbe8392
Gitweb: https://git.kernel.org/tip/ede271b059463731cbd6dffe55ffd70d7dbe8392
Author: Peter Zijlstra <peterz@infradead.org>
AuthorDate: Thu, 14 Mar 2019 14:01:14 +0100
Committer: Thomas Gleixner <tglx@linutronix.de>
CommitDate: Fri, 15 Mar 2019 12:22:51 +0100
perf/x86/intel: Fix memory corruption
Through:
validate_event()
x86_pmu.get_event_constraints(.idx=-1)
tfa_get_event_constraints()
dyn_constraint()
cpuc->constraint_list[-1] is used, which is an obvious out-of-bound access.
In this case, simply skip the TFA constraint code, there is no event
constraint with just PMC3, therefore the code will never result in the
empty set.
Fixes: 400816f60c54 ("perf/x86/intel: Implement support for TSX Force Abort")
Reported-by: Tony Jones <tonyj@suse.com>
Reported-by: "DSouza, Nelson" <nelson.dsouza@intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Tony Jones <tonyj@suse.com>
Tested-by: "DSouza, Nelson" <nelson.dsouza@intel.com>
Cc: eranian@google.com
Cc: jolsa@redhat.com
Cc: stable@kernel.org
Link: https://lkml.kernel.org/r/20190314130705.441549378@infradead.org
---
arch/x86/events/intel/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c
index 35102ecdfc8d..92dfeb343a6a 100644
--- a/arch/x86/events/intel/core.c
+++ b/arch/x86/events/intel/core.c
@@ -3410,7 +3410,7 @@ tfa_get_event_constraints(struct cpu_hw_events *cpuc, int idx,
/*
* Without TFA we must not use PMC3.
*/
- if (!allow_tsx_force_abort && test_bit(3, c->idxmsk)) {
+ if (!allow_tsx_force_abort && test_bit(3, c->idxmsk) && idx >= 0) {
c = dyn_constraint(cpuc, c, idx);
c->idxmsk64 &= ~(1ULL << 3);
c->weight--;
next prev parent reply other threads:[~2019-03-15 11:29 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-14 13:01 [RFC][PATCH 0/8] perf/x86: event scheduling cleanups Peter Zijlstra
2019-03-14 13:01 ` [PATCH 1/8] perf/x86/intel: Fix memory corruption Peter Zijlstra
2019-03-15 11:29 ` tip-bot for Peter Zijlstra [this message]
2019-03-19 6:29 ` Stephane Eranian
2019-03-19 11:05 ` Peter Zijlstra
2019-03-19 17:52 ` Stephane Eranian
2019-03-19 18:20 ` Peter Zijlstra
2019-03-20 20:47 ` Stephane Eranian
2019-03-20 20:52 ` Stephane Eranian
2019-03-20 22:22 ` Peter Zijlstra
2019-03-21 12:38 ` Peter Zijlstra
2019-03-21 16:45 ` Thomas Gleixner
2019-03-21 17:10 ` Peter Zijlstra
2019-03-21 17:17 ` Thomas Gleixner
2019-03-21 18:20 ` Peter Zijlstra
2019-03-21 19:42 ` Tony Jones
2019-03-21 19:47 ` DSouza, Nelson
2019-03-21 20:07 ` Peter Zijlstra
2019-03-21 23:16 ` DSouza, Nelson
2019-03-22 22:14 ` DSouza, Nelson
2019-03-21 17:23 ` Stephane Eranian
2019-03-21 17:51 ` Thomas Gleixner
2019-03-22 19:04 ` Stephane Eranian
2019-04-03 7:32 ` Peter Zijlstra
2019-04-03 10:40 ` [tip:perf/urgent] perf/x86/intel: Initialize TFA MSR tip-bot for Peter Zijlstra
2019-04-03 11:30 ` Thomas Gleixner
2019-04-03 12:23 ` Vince Weaver
2019-03-14 13:01 ` [RFC][PATCH 2/8] perf/x86/intel: Simplify intel_tfa_commit_scheduling() Peter Zijlstra
2019-03-14 13:01 ` [RFC][PATCH 3/8] perf/x86: Simplify x86_pmu.get_constraints() interface Peter Zijlstra
2019-03-19 21:21 ` Stephane Eranian
2019-03-14 13:01 ` [RFC][PATCH 4/8] perf/x86: Remove PERF_X86_EVENT_COMMITTED Peter Zijlstra
2019-03-19 20:48 ` Stephane Eranian
2019-03-19 21:00 ` Peter Zijlstra
2019-03-20 13:14 ` Peter Zijlstra
2019-03-20 12:23 ` Peter Zijlstra
2019-03-14 13:01 ` [RFC][PATCH 5/8] perf/x86/intel: Optimize intel_get_excl_constraints() Peter Zijlstra
2019-03-19 23:43 ` Stephane Eranian
2019-03-14 13:01 ` [RFC][PATCH 6/8] perf/x86: Clear ->event_constraint[] on put Peter Zijlstra
2019-03-19 21:50 ` Stephane Eranian
2019-03-20 12:25 ` Peter Zijlstra
2019-03-14 13:01 ` [RFC][PATCH 7/8] perf/x86: Optimize x86_schedule_events() Peter Zijlstra
2019-03-19 23:55 ` Stephane Eranian
2019-03-20 13:11 ` Peter Zijlstra
2019-03-20 19:30 ` Stephane Eranian
2019-03-14 13:01 ` [RFC][PATCH 8/8] perf/x86: Add sanity checks to x86_schedule_events() Peter Zijlstra
2019-03-15 7:15 ` [RFC][PATCH 0/8] perf/x86: event scheduling cleanups Stephane Eranian
2019-03-15 7:15 ` Stephane Eranian
2019-03-15 8:01 ` Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=tip-ede271b059463731cbd6dffe55ffd70d7dbe8392@git.kernel.org \
--to=tipbot@zytor.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-tip-commits@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=nelson.dsouza@intel.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=tonyj@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.