linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] perf/cgroup: correct indirection in perf_less_group_idx
@ 2020-03-21  1:38 Ian Rogers
  2020-03-21 13:25 ` Peter Zijlstra
  0 siblings, 1 reply; 3+ messages in thread
From: Ian Rogers @ 2020-03-21  1:38 UTC (permalink / raw)
  To: Peter Zijlstra, Ingo Molnar, Arnaldo Carvalho de Melo,
	Mark Rutland, Alexander Shishkin, Jiri Olsa, Namhyung Kim,
	Kan Liang, linux-kernel
  Cc: Stephane Eranian, Ian Rogers

The void* in perf_less_group_idx is to a cell in the array which points
at a perf_event*, as such it is a perf_event**.

Fixes: 6eef8a7116de ("perf/core: Use min_heap in visit_groups_merge()")
Author: John Sperbeck <jsperbeck@google.com>
Signed-off-by: Ian Rogers <irogers@google.com>
---
 kernel/events/core.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/kernel/events/core.c b/kernel/events/core.c
index d22e4ba59dfa..a758c2311c53 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -3503,7 +3503,8 @@ static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx,
 
 static bool perf_less_group_idx(const void *l, const void *r)
 {
-	const struct perf_event *le = l, *re = r;
+	const struct perf_event *le = *(const struct perf_event **)l;
+	const struct perf_event *re = *(const struct perf_event **)r;
 
 	return le->group_index < re->group_index;
 }
-- 
2.25.1.696.g5e7596f4ac-goog


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] perf/cgroup: correct indirection in perf_less_group_idx
  2020-03-21  1:38 [PATCH] perf/cgroup: correct indirection in perf_less_group_idx Ian Rogers
@ 2020-03-21 13:25 ` Peter Zijlstra
  2020-03-21 16:47   ` Ian Rogers
  0 siblings, 1 reply; 3+ messages in thread
From: Peter Zijlstra @ 2020-03-21 13:25 UTC (permalink / raw)
  To: Ian Rogers
  Cc: Ingo Molnar, Arnaldo Carvalho de Melo, Mark Rutland,
	Alexander Shishkin, Jiri Olsa, Namhyung Kim, Kan Liang,
	linux-kernel, Stephane Eranian

On Fri, Mar 20, 2020 at 06:38:39PM -0700, Ian Rogers wrote:
> The void* in perf_less_group_idx is to a cell in the array which points
> at a perf_event*, as such it is a perf_event**.
> 
> Fixes: 6eef8a7116de ("perf/core: Use min_heap in visit_groups_merge()")
> Author: John Sperbeck <jsperbeck@google.com>

That doesn't make sense, did he write the patch? Then there needs to be
a From: him and a SoB: him, If he reported the issue, it should be
Reported-by: him.

> Signed-off-by: Ian Rogers <irogers@google.com>
> ---
>  kernel/events/core.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/kernel/events/core.c b/kernel/events/core.c
> index d22e4ba59dfa..a758c2311c53 100644
> --- a/kernel/events/core.c
> +++ b/kernel/events/core.c
> @@ -3503,7 +3503,8 @@ static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx,
>  
>  static bool perf_less_group_idx(const void *l, const void *r)
>  {
> -	const struct perf_event *le = l, *re = r;
> +	const struct perf_event *le = *(const struct perf_event **)l;
> +	const struct perf_event *re = *(const struct perf_event **)r;

How did this not insta explode?

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] perf/cgroup: correct indirection in perf_less_group_idx
  2020-03-21 13:25 ` Peter Zijlstra
@ 2020-03-21 16:47   ` Ian Rogers
  0 siblings, 0 replies; 3+ messages in thread
From: Ian Rogers @ 2020-03-21 16:47 UTC (permalink / raw)
  To: Peter Zijlstra
  Cc: Ingo Molnar, Arnaldo Carvalho de Melo, Mark Rutland,
	Alexander Shishkin, Jiri Olsa, Namhyung Kim, Kan Liang, LKML,
	Stephane Eranian

On Sat, Mar 21, 2020 at 6:25 AM Peter Zijlstra <peterz@infradead.org> wrote:
>
> On Fri, Mar 20, 2020 at 06:38:39PM -0700, Ian Rogers wrote:
> > The void* in perf_less_group_idx is to a cell in the array which points
> > at a perf_event*, as such it is a perf_event**.
> >
> > Fixes: 6eef8a7116de ("perf/core: Use min_heap in visit_groups_merge()")
> > Author: John Sperbeck <jsperbeck@google.com>
>
> That doesn't make sense, did he write the patch? Then there needs to be
> a From: him and a SoB: him, If he reported the issue, it should be
> Reported-by: him.

Done.
https://lkml.org/lkml/2020/3/21/295

> > Signed-off-by: Ian Rogers <irogers@google.com>
> > ---
> >  kernel/events/core.c | 3 ++-
> >  1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/kernel/events/core.c b/kernel/events/core.c
> > index d22e4ba59dfa..a758c2311c53 100644
> > --- a/kernel/events/core.c
> > +++ b/kernel/events/core.c
> > @@ -3503,7 +3503,8 @@ static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx,
> >
> >  static bool perf_less_group_idx(const void *l, const void *r)
> >  {
> > -     const struct perf_event *le = l, *re = r;
> > +     const struct perf_event *le = *(const struct perf_event **)l;
> > +     const struct perf_event *re = *(const struct perf_event **)r;
>
> How did this not insta explode?

Agreed, a cgroup depth of at least 3 is needed for a heap allocation
and we saw this with kasan. CONFIG_KASAN_STACK should have been able
to catch this in the normal case.

Thanks,
Ian

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-03-21 16:47 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-03-21  1:38 [PATCH] perf/cgroup: correct indirection in perf_less_group_idx Ian Rogers
2020-03-21 13:25 ` Peter Zijlstra
2020-03-21 16:47   ` Ian Rogers

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).