* [PATCH 1/2] perf ioctl: Add check for the sample_period value
@ 2019-05-11 2:42 Ravi Bangoria
2019-05-11 2:42 ` [PATCH 2/2] powerpc/perf: Fix mmcra corruption by bhrb_filter Ravi Bangoria
2019-05-13 7:42 ` [PATCH 1/2] perf ioctl: Add check for the sample_period value Peter Zijlstra
0 siblings, 2 replies; 12+ messages in thread
From: Ravi Bangoria @ 2019-05-11 2:42 UTC (permalink / raw)
To: peterz, jolsa, mpe, maddy; +Cc: Ravi Bangoria, linuxppc-dev, linux-kernel, acme
Add a check for sample_period value sent from userspace. Negative
value does not make sense. And in powerpc arch code this could cause
a recursive PMI leading to a hang (reported when running perf-fuzzer).
Signed-off-by: Ravi Bangoria <ravi.bangoria@linux.ibm.com>
---
kernel/events/core.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/kernel/events/core.c b/kernel/events/core.c
index abbd4b3b96c2..e44c90378940 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -5005,6 +5005,9 @@ static int perf_event_period(struct perf_event *event, u64 __user *arg)
if (perf_event_check_period(event, value))
return -EINVAL;
+ if (!event->attr.freq && (value & (1ULL << 63)))
+ return -EINVAL;
+
event_function_call(event, __perf_event_period, &value);
return 0;
--
2.20.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH 2/2] powerpc/perf: Fix mmcra corruption by bhrb_filter
2019-05-11 2:42 [PATCH 1/2] perf ioctl: Add check for the sample_period value Ravi Bangoria
@ 2019-05-11 2:42 ` Ravi Bangoria
2019-05-11 2:47 ` Ravi Bangoria
` (2 more replies)
2019-05-13 7:42 ` [PATCH 1/2] perf ioctl: Add check for the sample_period value Peter Zijlstra
1 sibling, 3 replies; 12+ messages in thread
From: Ravi Bangoria @ 2019-05-11 2:42 UTC (permalink / raw)
To: peterz, jolsa, mpe, maddy; +Cc: Ravi Bangoria, linuxppc-dev, linux-kernel, acme
Consider a scenario where user creates two events:
1st event:
attr.sample_type |= PERF_SAMPLE_BRANCH_STACK;
attr.branch_sample_type = PERF_SAMPLE_BRANCH_ANY;
fd = perf_event_open(attr, 0, 1, -1, 0);
This sets cpuhw->bhrb_filter to 0 and returns valid fd.
2nd event:
attr.sample_type |= PERF_SAMPLE_BRANCH_STACK;
attr.branch_sample_type = PERF_SAMPLE_BRANCH_CALL;
fd = perf_event_open(attr, 0, 1, -1, 0);
It overrides cpuhw->bhrb_filter to -1 and returns with error.
Now if power_pmu_enable() gets called by any path other than
power_pmu_add(), ppmu->config_bhrb(-1) will set mmcra to -1.
Signed-off-by: Ravi Bangoria <ravi.bangoria@linux.ibm.com>
---
arch/powerpc/perf/core-book3s.c | 6 ++++--
arch/powerpc/perf/power8-pmu.c | 3 +++
arch/powerpc/perf/power9-pmu.c | 3 +++
3 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/perf/core-book3s.c b/arch/powerpc/perf/core-book3s.c
index b0723002a396..8eb5dc5df62b 100644
--- a/arch/powerpc/perf/core-book3s.c
+++ b/arch/powerpc/perf/core-book3s.c
@@ -1846,6 +1846,7 @@ static int power_pmu_event_init(struct perf_event *event)
int n;
int err;
struct cpu_hw_events *cpuhw;
+ u64 bhrb_filter;
if (!ppmu)
return -ENOENT;
@@ -1951,13 +1952,14 @@ static int power_pmu_event_init(struct perf_event *event)
err = power_check_constraints(cpuhw, events, cflags, n + 1);
if (has_branch_stack(event)) {
- cpuhw->bhrb_filter = ppmu->bhrb_filter_map(
+ bhrb_filter = ppmu->bhrb_filter_map(
event->attr.branch_sample_type);
- if (cpuhw->bhrb_filter == -1) {
+ if (bhrb_filter == -1) {
put_cpu_var(cpu_hw_events);
return -EOPNOTSUPP;
}
+ cpuhw->bhrb_filter = bhrb_filter;
}
put_cpu_var(cpu_hw_events);
diff --git a/arch/powerpc/perf/power8-pmu.c b/arch/powerpc/perf/power8-pmu.c
index d12a2db26353..d10feef93b6b 100644
--- a/arch/powerpc/perf/power8-pmu.c
+++ b/arch/powerpc/perf/power8-pmu.c
@@ -29,6 +29,7 @@ enum {
#define POWER8_MMCRA_IFM1 0x0000000040000000UL
#define POWER8_MMCRA_IFM2 0x0000000080000000UL
#define POWER8_MMCRA_IFM3 0x00000000C0000000UL
+#define POWER8_MMCRA_BHRB_MASK 0x00000000C0000000UL
/*
* Raw event encoding for PowerISA v2.07 (Power8):
@@ -243,6 +244,8 @@ static u64 power8_bhrb_filter_map(u64 branch_sample_type)
static void power8_config_bhrb(u64 pmu_bhrb_filter)
{
+ pmu_bhrb_filter &= POWER8_MMCRA_BHRB_MASK;
+
/* Enable BHRB filter in PMU */
mtspr(SPRN_MMCRA, (mfspr(SPRN_MMCRA) | pmu_bhrb_filter));
}
diff --git a/arch/powerpc/perf/power9-pmu.c b/arch/powerpc/perf/power9-pmu.c
index 030544e35959..f3987915cadc 100644
--- a/arch/powerpc/perf/power9-pmu.c
+++ b/arch/powerpc/perf/power9-pmu.c
@@ -92,6 +92,7 @@ enum {
#define POWER9_MMCRA_IFM1 0x0000000040000000UL
#define POWER9_MMCRA_IFM2 0x0000000080000000UL
#define POWER9_MMCRA_IFM3 0x00000000C0000000UL
+#define POWER9_MMCRA_BHRB_MASK 0x00000000C0000000UL
/* Nasty Power9 specific hack */
#define PVR_POWER9_CUMULUS 0x00002000
@@ -300,6 +301,8 @@ static u64 power9_bhrb_filter_map(u64 branch_sample_type)
static void power9_config_bhrb(u64 pmu_bhrb_filter)
{
+ pmu_bhrb_filter &= POWER9_MMCRA_BHRB_MASK;
+
/* Enable BHRB filter in PMU */
mtspr(SPRN_MMCRA, (mfspr(SPRN_MMCRA) | pmu_bhrb_filter));
}
--
2.20.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [PATCH 2/2] powerpc/perf: Fix mmcra corruption by bhrb_filter
2019-05-11 2:42 ` [PATCH 2/2] powerpc/perf: Fix mmcra corruption by bhrb_filter Ravi Bangoria
@ 2019-05-11 2:47 ` Ravi Bangoria
2019-05-22 5:01 ` Madhavan Srinivasan
2019-05-25 0:54 ` Michael Ellerman
2 siblings, 0 replies; 12+ messages in thread
From: Ravi Bangoria @ 2019-05-11 2:47 UTC (permalink / raw)
To: peterz, jolsa, mpe, maddy; +Cc: Ravi Bangoria, linuxppc-dev, linux-kernel, acme
On 5/11/19 8:12 AM, Ravi Bangoria wrote:
> Consider a scenario where user creates two events:
>
> 1st event:
> attr.sample_type |= PERF_SAMPLE_BRANCH_STACK;
> attr.branch_sample_type = PERF_SAMPLE_BRANCH_ANY;
> fd = perf_event_open(attr, 0, 1, -1, 0);
>
> This sets cpuhw->bhrb_filter to 0 and returns valid fd.
>
> 2nd event:
> attr.sample_type |= PERF_SAMPLE_BRANCH_STACK;
> attr.branch_sample_type = PERF_SAMPLE_BRANCH_CALL;
> fd = perf_event_open(attr, 0, 1, -1, 0);
>
> It overrides cpuhw->bhrb_filter to -1 and returns with error.
>
> Now if power_pmu_enable() gets called by any path other than
> power_pmu_add(), ppmu->config_bhrb(-1) will set mmcra to -1.
>
> Signed-off-by: Ravi Bangoria <ravi.bangoria@linux.ibm.com>
Fixes: 3925f46bb590 ("powerpc/perf: Enable branch stack sampling framework")
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 1/2] perf ioctl: Add check for the sample_period value
2019-05-11 2:42 [PATCH 1/2] perf ioctl: Add check for the sample_period value Ravi Bangoria
2019-05-11 2:42 ` [PATCH 2/2] powerpc/perf: Fix mmcra corruption by bhrb_filter Ravi Bangoria
@ 2019-05-13 7:42 ` Peter Zijlstra
2019-05-13 8:56 ` Peter Zijlstra
1 sibling, 1 reply; 12+ messages in thread
From: Peter Zijlstra @ 2019-05-13 7:42 UTC (permalink / raw)
To: Ravi Bangoria; +Cc: maddy, linuxppc-dev, linux-kernel, acme, jolsa
On Sat, May 11, 2019 at 08:12:16AM +0530, Ravi Bangoria wrote:
> Add a check for sample_period value sent from userspace. Negative
> value does not make sense. And in powerpc arch code this could cause
> a recursive PMI leading to a hang (reported when running perf-fuzzer).
>
> Signed-off-by: Ravi Bangoria <ravi.bangoria@linux.ibm.com>
> ---
> kernel/events/core.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/kernel/events/core.c b/kernel/events/core.c
> index abbd4b3b96c2..e44c90378940 100644
> --- a/kernel/events/core.c
> +++ b/kernel/events/core.c
> @@ -5005,6 +5005,9 @@ static int perf_event_period(struct perf_event *event, u64 __user *arg)
> if (perf_event_check_period(event, value))
> return -EINVAL;
>
> + if (!event->attr.freq && (value & (1ULL << 63)))
> + return -EINVAL;
Well, perf_event_attr::sample_period is __u64. Would not be the site
using it as signed be the one in error?
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 1/2] perf ioctl: Add check for the sample_period value
2019-05-13 7:42 ` [PATCH 1/2] perf ioctl: Add check for the sample_period value Peter Zijlstra
@ 2019-05-13 8:56 ` Peter Zijlstra
2019-05-13 10:07 ` Ravi Bangoria
0 siblings, 1 reply; 12+ messages in thread
From: Peter Zijlstra @ 2019-05-13 8:56 UTC (permalink / raw)
To: Ravi Bangoria; +Cc: maddy, linuxppc-dev, linux-kernel, acme, jolsa
On Mon, May 13, 2019 at 09:42:13AM +0200, Peter Zijlstra wrote:
> On Sat, May 11, 2019 at 08:12:16AM +0530, Ravi Bangoria wrote:
> > Add a check for sample_period value sent from userspace. Negative
> > value does not make sense. And in powerpc arch code this could cause
> > a recursive PMI leading to a hang (reported when running perf-fuzzer).
> >
> > Signed-off-by: Ravi Bangoria <ravi.bangoria@linux.ibm.com>
> > ---
> > kernel/events/core.c | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > diff --git a/kernel/events/core.c b/kernel/events/core.c
> > index abbd4b3b96c2..e44c90378940 100644
> > --- a/kernel/events/core.c
> > +++ b/kernel/events/core.c
> > @@ -5005,6 +5005,9 @@ static int perf_event_period(struct perf_event *event, u64 __user *arg)
> > if (perf_event_check_period(event, value))
> > return -EINVAL;
> >
> > + if (!event->attr.freq && (value & (1ULL << 63)))
> > + return -EINVAL;
>
> Well, perf_event_attr::sample_period is __u64. Would not be the site
> using it as signed be the one in error?
You forgot to mention commit: 0819b2e30ccb9, so I guess this just makes
it consistent and is fine.
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 1/2] perf ioctl: Add check for the sample_period value
2019-05-13 8:56 ` Peter Zijlstra
@ 2019-05-13 10:07 ` Ravi Bangoria
2019-05-28 9:50 ` Michael Ellerman
0 siblings, 1 reply; 12+ messages in thread
From: Ravi Bangoria @ 2019-05-13 10:07 UTC (permalink / raw)
To: Peter Zijlstra
Cc: Ravi Bangoria, maddy, linuxppc-dev, linux-kernel, acme, jolsa
On 5/13/19 2:26 PM, Peter Zijlstra wrote:
> On Mon, May 13, 2019 at 09:42:13AM +0200, Peter Zijlstra wrote:
>> On Sat, May 11, 2019 at 08:12:16AM +0530, Ravi Bangoria wrote:
>>> Add a check for sample_period value sent from userspace. Negative
>>> value does not make sense. And in powerpc arch code this could cause
>>> a recursive PMI leading to a hang (reported when running perf-fuzzer).
>>>
>>> Signed-off-by: Ravi Bangoria <ravi.bangoria@linux.ibm.com>
>>> ---
>>> kernel/events/core.c | 3 +++
>>> 1 file changed, 3 insertions(+)
>>>
>>> diff --git a/kernel/events/core.c b/kernel/events/core.c
>>> index abbd4b3b96c2..e44c90378940 100644
>>> --- a/kernel/events/core.c
>>> +++ b/kernel/events/core.c
>>> @@ -5005,6 +5005,9 @@ static int perf_event_period(struct perf_event *event, u64 __user *arg)
>>> if (perf_event_check_period(event, value))
>>> return -EINVAL;
>>>
>>> + if (!event->attr.freq && (value & (1ULL << 63)))
>>> + return -EINVAL;
>>
>> Well, perf_event_attr::sample_period is __u64. Would not be the site
>> using it as signed be the one in error?
>
> You forgot to mention commit: 0819b2e30ccb9, so I guess this just makes
> it consistent and is fine.
>
Yeah, I was about to reply :)
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 2/2] powerpc/perf: Fix mmcra corruption by bhrb_filter
2019-05-11 2:42 ` [PATCH 2/2] powerpc/perf: Fix mmcra corruption by bhrb_filter Ravi Bangoria
2019-05-11 2:47 ` Ravi Bangoria
@ 2019-05-22 5:01 ` Madhavan Srinivasan
2019-05-25 0:54 ` Michael Ellerman
2 siblings, 0 replies; 12+ messages in thread
From: Madhavan Srinivasan @ 2019-05-22 5:01 UTC (permalink / raw)
To: Ravi Bangoria, peterz, jolsa, mpe; +Cc: linuxppc-dev, linux-kernel, acme
On 11/05/19 8:12 AM, Ravi Bangoria wrote:
> Consider a scenario where user creates two events:
>
> 1st event:
> attr.sample_type |= PERF_SAMPLE_BRANCH_STACK;
> attr.branch_sample_type = PERF_SAMPLE_BRANCH_ANY;
> fd = perf_event_open(attr, 0, 1, -1, 0);
>
> This sets cpuhw->bhrb_filter to 0 and returns valid fd.
>
> 2nd event:
> attr.sample_type |= PERF_SAMPLE_BRANCH_STACK;
> attr.branch_sample_type = PERF_SAMPLE_BRANCH_CALL;
> fd = perf_event_open(attr, 0, 1, -1, 0);
>
> It overrides cpuhw->bhrb_filter to -1 and returns with error.
>
> Now if power_pmu_enable() gets called by any path other than
> power_pmu_add(), ppmu->config_bhrb(-1) will set mmcra to -1.
Reviewed-by: Madhavan Srinivasan <maddy@linux.vnet.ibm.com>
> Signed-off-by: Ravi Bangoria <ravi.bangoria@linux.ibm.com>
> ---
> arch/powerpc/perf/core-book3s.c | 6 ++++--
> arch/powerpc/perf/power8-pmu.c | 3 +++
> arch/powerpc/perf/power9-pmu.c | 3 +++
> 3 files changed, 10 insertions(+), 2 deletions(-)
>
> diff --git a/arch/powerpc/perf/core-book3s.c b/arch/powerpc/perf/core-book3s.c
> index b0723002a396..8eb5dc5df62b 100644
> --- a/arch/powerpc/perf/core-book3s.c
> +++ b/arch/powerpc/perf/core-book3s.c
> @@ -1846,6 +1846,7 @@ static int power_pmu_event_init(struct perf_event *event)
> int n;
> int err;
> struct cpu_hw_events *cpuhw;
> + u64 bhrb_filter;
>
> if (!ppmu)
> return -ENOENT;
> @@ -1951,13 +1952,14 @@ static int power_pmu_event_init(struct perf_event *event)
> err = power_check_constraints(cpuhw, events, cflags, n + 1);
>
> if (has_branch_stack(event)) {
> - cpuhw->bhrb_filter = ppmu->bhrb_filter_map(
> + bhrb_filter = ppmu->bhrb_filter_map(
> event->attr.branch_sample_type);
>
> - if (cpuhw->bhrb_filter == -1) {
> + if (bhrb_filter == -1) {
> put_cpu_var(cpu_hw_events);
> return -EOPNOTSUPP;
> }
> + cpuhw->bhrb_filter = bhrb_filter;
> }
>
> put_cpu_var(cpu_hw_events);
> diff --git a/arch/powerpc/perf/power8-pmu.c b/arch/powerpc/perf/power8-pmu.c
> index d12a2db26353..d10feef93b6b 100644
> --- a/arch/powerpc/perf/power8-pmu.c
> +++ b/arch/powerpc/perf/power8-pmu.c
> @@ -29,6 +29,7 @@ enum {
> #define POWER8_MMCRA_IFM1 0x0000000040000000UL
> #define POWER8_MMCRA_IFM2 0x0000000080000000UL
> #define POWER8_MMCRA_IFM3 0x00000000C0000000UL
> +#define POWER8_MMCRA_BHRB_MASK 0x00000000C0000000UL
>
> /*
> * Raw event encoding for PowerISA v2.07 (Power8):
> @@ -243,6 +244,8 @@ static u64 power8_bhrb_filter_map(u64 branch_sample_type)
>
> static void power8_config_bhrb(u64 pmu_bhrb_filter)
> {
> + pmu_bhrb_filter &= POWER8_MMCRA_BHRB_MASK;
> +
> /* Enable BHRB filter in PMU */
> mtspr(SPRN_MMCRA, (mfspr(SPRN_MMCRA) | pmu_bhrb_filter));
> }
> diff --git a/arch/powerpc/perf/power9-pmu.c b/arch/powerpc/perf/power9-pmu.c
> index 030544e35959..f3987915cadc 100644
> --- a/arch/powerpc/perf/power9-pmu.c
> +++ b/arch/powerpc/perf/power9-pmu.c
> @@ -92,6 +92,7 @@ enum {
> #define POWER9_MMCRA_IFM1 0x0000000040000000UL
> #define POWER9_MMCRA_IFM2 0x0000000080000000UL
> #define POWER9_MMCRA_IFM3 0x00000000C0000000UL
> +#define POWER9_MMCRA_BHRB_MASK 0x00000000C0000000UL
>
> /* Nasty Power9 specific hack */
> #define PVR_POWER9_CUMULUS 0x00002000
> @@ -300,6 +301,8 @@ static u64 power9_bhrb_filter_map(u64 branch_sample_type)
>
> static void power9_config_bhrb(u64 pmu_bhrb_filter)
> {
> + pmu_bhrb_filter &= POWER9_MMCRA_BHRB_MASK;
> +
> /* Enable BHRB filter in PMU */
> mtspr(SPRN_MMCRA, (mfspr(SPRN_MMCRA) | pmu_bhrb_filter));
> }
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 2/2] powerpc/perf: Fix mmcra corruption by bhrb_filter
2019-05-11 2:42 ` [PATCH 2/2] powerpc/perf: Fix mmcra corruption by bhrb_filter Ravi Bangoria
2019-05-11 2:47 ` Ravi Bangoria
2019-05-22 5:01 ` Madhavan Srinivasan
@ 2019-05-25 0:54 ` Michael Ellerman
2 siblings, 0 replies; 12+ messages in thread
From: Michael Ellerman @ 2019-05-25 0:54 UTC (permalink / raw)
To: Ravi Bangoria, peterz, jolsa, maddy
Cc: Ravi Bangoria, linuxppc-dev, linux-kernel, acme
On Sat, 2019-05-11 at 02:42:17 UTC, Ravi Bangoria wrote:
> Consider a scenario where user creates two events:
>
> 1st event:
> attr.sample_type |= PERF_SAMPLE_BRANCH_STACK;
> attr.branch_sample_type = PERF_SAMPLE_BRANCH_ANY;
> fd = perf_event_open(attr, 0, 1, -1, 0);
>
> This sets cpuhw->bhrb_filter to 0 and returns valid fd.
>
> 2nd event:
> attr.sample_type |= PERF_SAMPLE_BRANCH_STACK;
> attr.branch_sample_type = PERF_SAMPLE_BRANCH_CALL;
> fd = perf_event_open(attr, 0, 1, -1, 0);
>
> It overrides cpuhw->bhrb_filter to -1 and returns with error.
>
> Now if power_pmu_enable() gets called by any path other than
> power_pmu_add(), ppmu->config_bhrb(-1) will set mmcra to -1.
>
> Signed-off-by: Ravi Bangoria <ravi.bangoria@linux.ibm.com>
> Reviewed-by: Madhavan Srinivasan <maddy@linux.vnet.ibm.com>
Applied to powerpc fixes, thanks.
https://git.kernel.org/powerpc/c/3202e35ec1c8fc19cea24253ff83edf7
cheers
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 1/2] perf ioctl: Add check for the sample_period value
2019-05-13 10:07 ` Ravi Bangoria
@ 2019-05-28 9:50 ` Michael Ellerman
2019-06-04 4:29 ` [PATCH v2] " Ravi Bangoria
0 siblings, 1 reply; 12+ messages in thread
From: Michael Ellerman @ 2019-05-28 9:50 UTC (permalink / raw)
To: Ravi Bangoria, Peter Zijlstra
Cc: Ravi Bangoria, maddy, jolsa, linux-kernel, acme, linuxppc-dev
Ravi Bangoria <ravi.bangoria@linux.ibm.com> writes:
> On 5/13/19 2:26 PM, Peter Zijlstra wrote:
>> On Mon, May 13, 2019 at 09:42:13AM +0200, Peter Zijlstra wrote:
>>> On Sat, May 11, 2019 at 08:12:16AM +0530, Ravi Bangoria wrote:
>>>> Add a check for sample_period value sent from userspace. Negative
>>>> value does not make sense. And in powerpc arch code this could cause
>>>> a recursive PMI leading to a hang (reported when running perf-fuzzer).
>>>>
>>>> Signed-off-by: Ravi Bangoria <ravi.bangoria@linux.ibm.com>
>>>> ---
>>>> kernel/events/core.c | 3 +++
>>>> 1 file changed, 3 insertions(+)
>>>>
>>>> diff --git a/kernel/events/core.c b/kernel/events/core.c
>>>> index abbd4b3b96c2..e44c90378940 100644
>>>> --- a/kernel/events/core.c
>>>> +++ b/kernel/events/core.c
>>>> @@ -5005,6 +5005,9 @@ static int perf_event_period(struct perf_event *event, u64 __user *arg)
>>>> if (perf_event_check_period(event, value))
>>>> return -EINVAL;
>>>>
>>>> + if (!event->attr.freq && (value & (1ULL << 63)))
>>>> + return -EINVAL;
>>>
>>> Well, perf_event_attr::sample_period is __u64. Would not be the site
>>> using it as signed be the one in error?
>>
>> You forgot to mention commit: 0819b2e30ccb9, so I guess this just makes
>> it consistent and is fine.
>>
>
> Yeah, I was about to reply :)
I've taken patch 2. You should probably do a v2 of patch 1 with an
updated change log that explains things fully?
cheers
^ permalink raw reply [flat|nested] 12+ messages in thread
* [PATCH v2] perf ioctl: Add check for the sample_period value
2019-05-28 9:50 ` Michael Ellerman
@ 2019-06-04 4:29 ` Ravi Bangoria
2019-06-17 8:38 ` Ravi Bangoria
0 siblings, 1 reply; 12+ messages in thread
From: Ravi Bangoria @ 2019-06-04 4:29 UTC (permalink / raw)
To: mpe, peterz; +Cc: Ravi Bangoria, maddy, jolsa, linux-kernel, acme, linuxppc-dev
perf_event_open() limits the sample_period to 63 bits. See
commit 0819b2e30ccb ("perf: Limit perf_event_attr::sample_period
to 63 bits"). Make ioctl() consistent with it.
Also on powerpc, negative sample_period could cause a recursive
PMIs leading to a hang (reported when running perf-fuzzer).
Signed-off-by: Ravi Bangoria <ravi.bangoria@linux.ibm.com>
---
kernel/events/core.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/kernel/events/core.c b/kernel/events/core.c
index abbd4b3b96c2..e44c90378940 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -5005,6 +5005,9 @@ static int perf_event_period(struct perf_event *event, u64 __user *arg)
if (perf_event_check_period(event, value))
return -EINVAL;
+ if (!event->attr.freq && (value & (1ULL << 63)))
+ return -EINVAL;
+
event_function_call(event, __perf_event_period, &value);
return 0;
--
2.20.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [PATCH v2] perf ioctl: Add check for the sample_period value
2019-06-04 4:29 ` [PATCH v2] " Ravi Bangoria
@ 2019-06-17 8:38 ` Ravi Bangoria
2019-06-18 12:28 ` Michael Ellerman
0 siblings, 1 reply; 12+ messages in thread
From: Ravi Bangoria @ 2019-06-17 8:38 UTC (permalink / raw)
To: mpe, peterz; +Cc: Ravi Bangoria, maddy, jolsa, linux-kernel, acme, linuxppc-dev
Peter / mpe,
Is the v2 looks good? If so, can anyone of you please pick this up.
On 6/4/19 9:59 AM, Ravi Bangoria wrote:
> perf_event_open() limits the sample_period to 63 bits. See
> commit 0819b2e30ccb ("perf: Limit perf_event_attr::sample_period
> to 63 bits"). Make ioctl() consistent with it.
>
> Also on powerpc, negative sample_period could cause a recursive
> PMIs leading to a hang (reported when running perf-fuzzer).
>
> Signed-off-by: Ravi Bangoria <ravi.bangoria@linux.ibm.com>
> ---
> kernel/events/core.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/kernel/events/core.c b/kernel/events/core.c
> index abbd4b3b96c2..e44c90378940 100644
> --- a/kernel/events/core.c
> +++ b/kernel/events/core.c
> @@ -5005,6 +5005,9 @@ static int perf_event_period(struct perf_event *event, u64 __user *arg)
> if (perf_event_check_period(event, value))
> return -EINVAL;
>
> + if (!event->attr.freq && (value & (1ULL << 63)))
> + return -EINVAL;
> +
> event_function_call(event, __perf_event_period, &value);
>
> return 0;
>
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH v2] perf ioctl: Add check for the sample_period value
2019-06-17 8:38 ` Ravi Bangoria
@ 2019-06-18 12:28 ` Michael Ellerman
0 siblings, 0 replies; 12+ messages in thread
From: Michael Ellerman @ 2019-06-18 12:28 UTC (permalink / raw)
To: Ravi Bangoria, peterz
Cc: Ravi Bangoria, maddy, jolsa, linux-kernel, acme, linuxppc-dev
Ravi Bangoria <ravi.bangoria@linux.ibm.com> writes:
> Peter / mpe,
>
> Is the v2 looks good? If so, can anyone of you please pick this up.
I usually wouldn't take it, it's generic perf code. Unless
peter/ingo/acme tell me otherwise.
It's sort of a bug fix for 0819b2e30ccb, should it have a fixes and/or
stable tag?
Fixes: 0819b2e30ccb ("perf: Limit perf_event_attr::sample_period to 63 bits")
Cc: stable@vger.kernel.org # v3.15+
cheers
> On 6/4/19 9:59 AM, Ravi Bangoria wrote:
>> perf_event_open() limits the sample_period to 63 bits. See
>> commit 0819b2e30ccb ("perf: Limit perf_event_attr::sample_period
>> to 63 bits"). Make ioctl() consistent with it.
>>
>> Also on powerpc, negative sample_period could cause a recursive
>> PMIs leading to a hang (reported when running perf-fuzzer).
>>
>> Signed-off-by: Ravi Bangoria <ravi.bangoria@linux.ibm.com>
>> ---
>> kernel/events/core.c | 3 +++
>> 1 file changed, 3 insertions(+)
>>
>> diff --git a/kernel/events/core.c b/kernel/events/core.c
>> index abbd4b3b96c2..e44c90378940 100644
>> --- a/kernel/events/core.c
>> +++ b/kernel/events/core.c
>> @@ -5005,6 +5005,9 @@ static int perf_event_period(struct perf_event *event, u64 __user *arg)
>> if (perf_event_check_period(event, value))
>> return -EINVAL;
>>
>> + if (!event->attr.freq && (value & (1ULL << 63)))
>> + return -EINVAL;
>> +
>> event_function_call(event, __perf_event_period, &value);
>>
>> return 0;
>>
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2019-06-18 12:30 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-05-11 2:42 [PATCH 1/2] perf ioctl: Add check for the sample_period value Ravi Bangoria
2019-05-11 2:42 ` [PATCH 2/2] powerpc/perf: Fix mmcra corruption by bhrb_filter Ravi Bangoria
2019-05-11 2:47 ` Ravi Bangoria
2019-05-22 5:01 ` Madhavan Srinivasan
2019-05-25 0:54 ` Michael Ellerman
2019-05-13 7:42 ` [PATCH 1/2] perf ioctl: Add check for the sample_period value Peter Zijlstra
2019-05-13 8:56 ` Peter Zijlstra
2019-05-13 10:07 ` Ravi Bangoria
2019-05-28 9:50 ` Michael Ellerman
2019-06-04 4:29 ` [PATCH v2] " Ravi Bangoria
2019-06-17 8:38 ` Ravi Bangoria
2019-06-18 12:28 ` Michael Ellerman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).