From: Ben Hutchings <ben@decadent.org.uk>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: akpm@linux-foundation.org, Denis Kirjanov <kda@linux-powerpc.org>,
"Jan Stancek" <jstancek@redhat.com>,
"Michael Ellerman" <mpe@ellerman.id.au>
Subject: [PATCH 3.16 14/87] powerpc/perf: add missing put_cpu_var in power_pmu_event_init
Date: Wed, 02 Oct 2019 20:06:51 +0100 [thread overview]
Message-ID: <lsq.1570043211.926004973@decadent.org.uk> (raw)
In-Reply-To: <lsq.1570043210.379046399@decadent.org.uk>
3.16.75-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Jan Stancek <jstancek@redhat.com>
commit 68de8867ea5d99127e836c23f6bccf4d44859623 upstream.
One path in power_pmu_event_init() calls get_cpu_var(), but is
missing matching call to put_cpu_var(), which causes preemption
imbalance and crash in user-space:
Page fault in user mode with in_atomic() = 1 mm = c000001fefa5a280
NIP = 3fff9bf2cae0 MSR = 900000014280f032
Oops: Weird page fault, sig: 11 [#23]
SMP NR_CPUS=2048 NUMA PowerNV
Modules linked in: <snip>
CPU: 43 PID: 10285 Comm: a.out Tainted: G D 4.0.0-rc5+ #1
task: c000001fe82c9200 ti: c000001fe835c000 task.ti: c000001fe835c000
NIP: 00003fff9bf2cae0 LR: 00003fff9bee4898 CTR: 00003fff9bf2cae0
REGS: c000001fe835fea0 TRAP: 0401 Tainted: G D (4.0.0-rc5+)
MSR: 900000014280f032 <SF,HV,VEC,VSX,EE,PR,FP,ME,IR,DR,RI> CR: 22000028 XER: 00000000
CFAR: 00003fff9bee4894 SOFTE: 1
GPR00: 00003fff9bee494c 00003fffe01c2ee0 00003fff9c084410 0000000010020068
GPR04: 0000000000000000 0000000000000002 0000000000000008 0000000000000001
GPR08: 0000000000000001 00003fff9c074a30 00003fff9bf2cae0 00003fff9bf2cd70
GPR12: 0000000052000022 00003fff9c10b700
NIP [00003fff9bf2cae0] 0x3fff9bf2cae0
LR [00003fff9bee4898] 0x3fff9bee4898
Call Trace:
---[ end trace 5d3d952b5d4185d4 ]---
BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:41
in_atomic(): 1, irqs_disabled(): 0, pid: 10285, name: a.out
INFO: lockdep is turned off.
CPU: 43 PID: 10285 Comm: a.out Tainted: G D 4.0.0-rc5+ #1
Call Trace:
[c000001fe835f990] [c00000000089c014] .dump_stack+0x98/0xd4 (unreliable)
[c000001fe835fa10] [c0000000000e4138] .___might_sleep+0x1d8/0x2e0
[c000001fe835faa0] [c000000000888da8] .down_read+0x38/0x110
[c000001fe835fb30] [c0000000000bf2f4] .exit_signals+0x24/0x160
[c000001fe835fbc0] [c0000000000abde0] .do_exit+0xd0/0xe70
[c000001fe835fcb0] [c00000000001f4c4] .die+0x304/0x450
[c000001fe835fd60] [c00000000088e1f4] .do_page_fault+0x2d4/0x900
[c000001fe835fe30] [c000000000008664] handle_page_fault+0x10/0x30
note: a.out[10285] exited with preempt_count 1
Reproducer:
#include <stdio.h>
#include <unistd.h>
#include <syscall.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <linux/perf_event.h>
#include <linux/hw_breakpoint.h>
static struct perf_event_attr event = {
.type = PERF_TYPE_RAW,
.size = sizeof(struct perf_event_attr),
.sample_type = PERF_SAMPLE_BRANCH_STACK,
.branch_sample_type = PERF_SAMPLE_BRANCH_ANY_RETURN,
};
int main()
{
syscall(__NR_perf_event_open, &event, 0, -1, -1, 0);
}
Signed-off-by: Jan Stancek <jstancek@redhat.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
arch/powerpc/perf/core-book3s.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/arch/powerpc/perf/core-book3s.c
+++ b/arch/powerpc/perf/core-book3s.c
@@ -1825,8 +1825,10 @@ static int power_pmu_event_init(struct p
cpuhw->bhrb_filter = ppmu->bhrb_filter_map(
event->attr.branch_sample_type);
- if(cpuhw->bhrb_filter == -1)
+ if (cpuhw->bhrb_filter == -1) {
+ put_cpu_var(cpu_hw_events);
return -EOPNOTSUPP;
+ }
}
put_cpu_var(cpu_hw_events);
next prev parent reply other threads:[~2019-10-02 19:13 UTC|newest]
Thread overview: 99+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-02 19:06 [PATCH 3.16 00/87] 3.16.75-rc1 review Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 27/87] genwqe: Prevent an integer overflow in the ioctl Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 52/87] ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 61/87] cfg80211: fix memory leak of wiphy device name Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 10/87] drm/gma500/cdv: Check vbt config bits when detecting lvds panels Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 04/87] ASoC: cs42xx8: Add regcache mask dirty Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 80/87] bonding: Always enable vlan tx offload Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 59/87] fs/ocfs2: fix race in ocfs2_dentry_attach_lock() Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 41/87] kernel/signal.c: trace_signal_deliver when signal_group_exit Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 21/87] ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 26/87] gpio: fix gpio-adp5588 build errors Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 40/87] net-gro: fix use-after-free read in napi_gro_frags() Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 42/87] USB: usb-storage: Add new ID to ums-realtek Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 66/87] perf/core: Fix perf_sample_regs_user() mm check Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 57/87] libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 47/87] net: rds: fix memory leak in rds_ib_flush_mr_pool Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 63/87] btrfs: start readahead also in seed devices Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 82/87] sctp: change to hold sk after auth shkey is created successfully Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 20/87] ipv4/igmp: fix another memory leak in igmpv3_del_delrec() Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 62/87] Btrfs: fix race between readahead and device replace/removal Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 05/87] scsi: bnx2fc: fix incorrect cast to u64 on shift operation Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 75/87] be2net: fix link failure after ethtool offline test Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 58/87] cifs: add spinlock for the openFileList to cifsInodeInfo Ben Hutchings
2019-10-28 22:19 ` Pavel Shilovskiy
2019-10-29 13:15 ` Ben Hutchings
2019-11-19 14:49 ` Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 55/87] KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 69/87] net: netem: fix backlog accounting for corrupted GSO frames Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 16/87] usb: xhci: avoid null pointer deref when bos field is NULL Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 36/87] usbip: usbip_host: fix stub_dev lock context imbalance regression Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 81/87] bonding: Add vlan tx offload to hw_enc_features Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 48/87] pktgen: do not sleep with the thread lock held Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 03/87] Btrfs: fix race between ranged fsync and writeback of adjacent ranges Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 13/87] tty: max310x: Fix external crystal register setup Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 23/87] Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 67/87] SMB3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 72/87] net/af_iucv: always register net_device notifier Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 44/87] s390/qeth: fix VLAN attribute in bridge_hostnotify udev event Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 12/87] serial: sh-sci: disable DMA for uart_console Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 17/87] net: stmmac: fix reset gpio free missing Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 01/87] net/mlx4_core: Change the error print to info print Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 32/87] configfs: Fix use-after-free when accessing sd->s_dentry Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 70/87] scsi: ufs: Avoid runtime suspend possibly being blocked forever Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 09/87] USB: rio500: fix memory leak in close after disconnect Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 85/87] scsi: target/iblock: Fix overrun in WRITE SAME emulation Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 46/87] parisc: Use implicit space register selection for loading the coherence index of I/O pdirs Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 11/87] USB: serial: pl2303: add Allied Telesis VT-Kit3 Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 76/87] perf/ioctl: Add check for the sample_period value Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 15/87] powerpc/perf: Fix MMCRA corruption by bhrb_filter Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 38/87] scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 87/87] crypto: user - prevent operating on larval algorithms Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 50/87] can: af_can: Fix error path of can_init() Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 29/87] staging: iio: cdc: Don't put an else right after a return Ben Hutchings
2019-10-02 21:36 ` Joe Perches
2019-10-03 14:47 ` Ben Hutchings
2019-10-03 15:09 ` Joe Perches
2019-10-03 22:06 ` Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 39/87] signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 31/87] i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 35/87] s390/crypto: fix possible sleep during spinlock aquired Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 64/87] be2net: Fix number of Rx queues used for flow hashing Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 68/87] apparmor: enforce nullbyte at end of tag string Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 30/87] staging:iio:ad7150: fix threshold mode config bit Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 22/87] sbitmap: fix improper use of smp_mb__before_atomic() Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 43/87] USB: Fix chipmunk-like voice when using Logitech C270 for recording audio Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 49/87] can: flexcan: fix timeout when set small bitrate Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 06/87] USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 78/87] x86/speculation: Allow guests to use SSBD even if host does not Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 71/87] net/af_iucv: remove GFP_DMA restriction for HiperTransport Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 19/87] igmp: add a missing spin_lock_init() Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 73/87] scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 74/87] x86/apic: Fix integer overflow on 10 bit left shift of cpu_khz Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 24/87] perf/ring_buffer: Fix exposing a temporarily decreased data_head Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 79/87] cpu/speculation: Warn on unsupported mitigations= parameter Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 45/87] hwmon: (pmbus/core) Treat parameters as paged if on multiple pages Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 53/87] ptrace: restore smp_rmb() in __ptrace_may_access() Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 34/87] CIFS: cifs_read_allocate_pages: don't iterate through whole page array on ENOMEM Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 18/87] igmp: acquire pmc lock for ip_mc_clear_src() Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 25/87] perf/ring_buffer: Add ordering to rb->nest increment Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 02/87] spi: bitbang: Fix NULL pointer dereference in spi_unregister_master Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 37/87] scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 28/87] net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE() Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 56/87] bcache: fix stack corruption by PRECEDING_KEY() Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 86/87] lib/mpi: Fix karactx leak in mpi_powm Ben Hutchings
2019-10-02 19:06 ` Ben Hutchings [this message]
2019-10-02 19:06 ` [PATCH 3.16 77/87] MIPS: Add missing EHB in mtc0 -> mfc0 sequence Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 60/87] coredump: fix race condition between collapse_huge_page() and core dumping Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 84/87] tracing/snapshot: Resize spare buffer if size changed Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 51/87] can: purge socket error queue on sock destruct Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 65/87] neigh: fix use-after-free read in pneigh_get_next Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 08/87] usbip: usbip_host: fix BUG: sleeping function called from invalid context Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 33/87] llc: fix skb leak in llc_build_and_send_ui_pkt() Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 07/87] USB: Add LPM quirk for Surface Dock GigE adapter Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 54/87] i2c: acorn: fix i2c warning Ben Hutchings
2019-10-02 19:06 ` [PATCH 3.16 83/87] ALSA: seq: fix incorrect order of dest_client/dest_ports arguments Ben Hutchings
2019-10-03 12:54 ` [PATCH 3.16 00/87] 3.16.75-rc1 review Guenter Roeck
2019-10-03 22:25 ` Ben Hutchings
2019-10-04 23:09 ` Guenter Roeck
2019-10-05 20:29 ` Ben Hutchings
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=lsq.1570043211.926004973@decadent.org.uk \
--to=ben@decadent.org.uk \
--cc=akpm@linux-foundation.org \
--cc=jstancek@redhat.com \
--cc=kda@linux-powerpc.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mpe@ellerman.id.au \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).