From: Peter Zijlstra <peterz@infradead.org>
To: mingo@kernel.org, eranian@google.com, jolsa@redhat.com
Cc: linux-kernel@vger.kernel.org, tonyj@suse.com,
nelson.dsouza@intel.com, peterz@infradead.org
Subject: [PATCH 1/8] perf/x86/intel: Fix memory corruption
Date: Thu, 14 Mar 2019 14:01:14 +0100 [thread overview]
Message-ID: <20190314130705.441549378@infradead.org> (raw)
In-Reply-To: 20190314130113.919278615@infradead.org
Through:
validate_event()
x86_pmu.get_event_constraints(.idx=-1)
tfa_get_event_constraints()
dyn_constraint()
We use cpuc->constraint_list[-1], which is an obvious out-of-bound
access.
In this case, simply skip the TFA constraint code, there is no event
constraint with just PMC3, therefore the code will never result in the
empty set.
Reported-by: Tony Jones <tonyj@suse.com>
Reported-by: "DSouza, Nelson" <nelson.dsouza@intel.com>
Tested-by: Tony Jones <tonyj@suse.com>
Tested-by: "DSouza, Nelson" <nelson.dsouza@intel.com>
Cc: stable@kernel.org
Fixes: 400816f60c54 ("perf/x86/intel: Implement support for TSX Force Abort")
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
---
arch/x86/events/intel/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/events/intel/core.c
+++ b/arch/x86/events/intel/core.c
@@ -3410,7 +3410,7 @@ tfa_get_event_constraints(struct cpu_hw_
/*
* Without TFA we must not use PMC3.
*/
- if (!allow_tsx_force_abort && test_bit(3, c->idxmsk)) {
+ if (!allow_tsx_force_abort && test_bit(3, c->idxmsk) && idx >= 0) {
c = dyn_constraint(cpuc, c, idx);
c->idxmsk64 &= ~(1ULL << 3);
c->weight--;
next prev parent reply other threads:[~2019-03-14 13:12 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-14 13:01 [RFC][PATCH 0/8] perf/x86: event scheduling cleanups Peter Zijlstra
2019-03-14 13:01 ` Peter Zijlstra [this message]
2019-03-15 11:29 ` [tip:perf/urgent] perf/x86/intel: Fix memory corruption tip-bot for Peter Zijlstra
2019-03-19 6:29 ` [PATCH 1/8] " Stephane Eranian
2019-03-19 11:05 ` Peter Zijlstra
2019-03-19 17:52 ` Stephane Eranian
2019-03-19 18:20 ` Peter Zijlstra
2019-03-20 20:47 ` Stephane Eranian
2019-03-20 20:52 ` Stephane Eranian
2019-03-20 22:22 ` Peter Zijlstra
2019-03-21 12:38 ` Peter Zijlstra
2019-03-21 16:45 ` Thomas Gleixner
2019-03-21 17:10 ` Peter Zijlstra
2019-03-21 17:17 ` Thomas Gleixner
2019-03-21 18:20 ` Peter Zijlstra
2019-03-21 19:42 ` Tony Jones
2019-03-21 19:47 ` DSouza, Nelson
2019-03-21 20:07 ` Peter Zijlstra
2019-03-21 23:16 ` DSouza, Nelson
2019-03-22 22:14 ` DSouza, Nelson
2019-03-21 17:23 ` Stephane Eranian
2019-03-21 17:51 ` Thomas Gleixner
2019-03-22 19:04 ` Stephane Eranian
2019-04-03 7:32 ` Peter Zijlstra
2019-04-03 10:40 ` [tip:perf/urgent] perf/x86/intel: Initialize TFA MSR tip-bot for Peter Zijlstra
2019-04-03 11:30 ` Thomas Gleixner
2019-04-03 12:23 ` Vince Weaver
2019-03-14 13:01 ` [RFC][PATCH 2/8] perf/x86/intel: Simplify intel_tfa_commit_scheduling() Peter Zijlstra
2019-03-14 13:01 ` [RFC][PATCH 3/8] perf/x86: Simplify x86_pmu.get_constraints() interface Peter Zijlstra
2019-03-19 21:21 ` Stephane Eranian
2019-03-14 13:01 ` [RFC][PATCH 4/8] perf/x86: Remove PERF_X86_EVENT_COMMITTED Peter Zijlstra
2019-03-19 20:48 ` Stephane Eranian
2019-03-19 21:00 ` Peter Zijlstra
2019-03-20 13:14 ` Peter Zijlstra
2019-03-20 12:23 ` Peter Zijlstra
2019-03-14 13:01 ` [RFC][PATCH 5/8] perf/x86/intel: Optimize intel_get_excl_constraints() Peter Zijlstra
2019-03-19 23:43 ` Stephane Eranian
2019-03-14 13:01 ` [RFC][PATCH 6/8] perf/x86: Clear ->event_constraint[] on put Peter Zijlstra
2019-03-19 21:50 ` Stephane Eranian
2019-03-20 12:25 ` Peter Zijlstra
2019-03-14 13:01 ` [RFC][PATCH 7/8] perf/x86: Optimize x86_schedule_events() Peter Zijlstra
2019-03-19 23:55 ` Stephane Eranian
2019-03-20 13:11 ` Peter Zijlstra
2019-03-20 19:30 ` Stephane Eranian
2019-03-14 13:01 ` [RFC][PATCH 8/8] perf/x86: Add sanity checks to x86_schedule_events() Peter Zijlstra
2019-03-15 7:15 ` [RFC][PATCH 0/8] perf/x86: event scheduling cleanups Stephane Eranian
2019-03-15 7:15 ` Stephane Eranian
2019-03-15 8:01 ` Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190314130705.441549378@infradead.org \
--to=peterz@infradead.org \
--cc=eranian@google.com \
--cc=jolsa@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=nelson.dsouza@intel.com \
--cc=tonyj@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.