lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.DEB.2.10.1305291516310.2609@vincent-weaver-1.um.maine.edu>
Date:	Wed, 29 May 2013 15:18:32 -0400 (EDT)
From:	Vince Weaver <vincent.weaver@...ne.edu>
To:	Peter Zijlstra <peterz@...radead.org>
cc:	Vince Weaver <vincent.weaver@...ne.edu>,
	Al Viro <viro@...iv.linux.org.uk>,
	linux-kernel@...r.kernel.org, Paul Mackerras <paulus@...ba.org>,
	Ingo Molnar <mingo@...hat.com>,
	Arnaldo Carvalho de Melo <acme@...stprotocols.net>,
	trinity@...r.kernel.org
Subject: Re: OOPS in perf_mmap_close()

On Wed, 29 May 2013, Peter Zijlstra wrote:
> 
> Hurm.. I don't suppose you have an easy reproducer handy eh? I'll go
> stare at it. At least the current state is better than before, but
> clearly we're not quite there yet.

OK, below is an easy reproducer.  Just run it two or three times.
It leaks 129 pages in user->locked_vm each time you run it.

It took me a while to bisect this down from 10,000 syscalls to just 3.
I now have a tool that can generate valid perf test_cases from my fuzzer 
traces, which should be useful.

Vince

/* log_to_code output from bisect19.log */
/* by Vince Weaver <vincent.weaver _at_ maine.edu */

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <sys/mman.h>
#include <sys/syscall.h>
#include <sys/ioctl.h>
#include <linux/hw_breakpoint.h>
#include <linux/perf_event.h>

int fd[1024];
struct perf_event_attr pe[1024];
char *mmap_result[1024];

int perf_event_open(struct perf_event_attr *hw_event_uptr,
	pid_t pid, int cpu, int group_fd, unsigned long flags) {

	return syscall(__NR_perf_event_open,hw_event_uptr, pid, cpu,
		group_fd, flags);
}

int main(int argc, char **argv) {

	memset(&pe[7],0,sizeof(struct perf_event_attr));
	pe[7].type=PERF_TYPE_BREAKPOINT;
	pe[7].size=96;
	pe[7].config=0x0;
	pe[7].sample_type=0; /* 0 */
	pe[7].read_format=PERF_FORMAT_ID; /* 4 */
	pe[7].inherit=1;
	pe[7].pinned=1;
	pe[7].exclusive=1;
	pe[7].exclude_idle=1;
	pe[7].mmap=1;
	pe[7].comm=1;
	pe[7].task=1;
	pe[7].precise_ip=3; /* must have zero skid */
	pe[7].exclude_host=1;
	pe[7].wakeup_events=1886953739;
	pe[7].bp_type=HW_BREAKPOINT_R|HW_BREAKPOINT_W; /*3*/
	pe[7].bp_addr=0x60ac86c7;
	pe[7].bp_len=0x1;

	fd[7]=perf_event_open(&pe[7],0,0,-1,0 /*0*/ );

	mmap_result[7]=mmap(NULL, 129*4096,PROT_READ|PROT_WRITE, MAP_SHARED,fd[7], 0);
	if (mmap_result[7]==MAP_FAILED) {
		printf("MMAP FAILED!\n");
		exit(1);
	}

	memset(&pe[8],0,sizeof(struct perf_event_attr));
	pe[8].type=PERF_TYPE_HARDWARE;
	pe[8].size=96;
	pe[8].config=PERF_COUNT_HW_BUS_CYCLES;
	pe[8].sample_type=0; /* 0 */
	pe[8].read_format=PERF_FORMAT_ID; /* 4 */
	pe[8].disabled=1;
	pe[8].inherit=1;
	pe[8].pinned=1;
	pe[8].exclude_kernel=1;
	pe[8].comm=1;
	pe[8].watermark=1;
	pe[8].precise_ip=0; /* arbitrary skid */
	pe[8].sample_id_all=1;
	pe[8].exclude_guest=1;
	pe[8].wakeup_watermark=1153443849;
	pe[8].bp_type=HW_BREAKPOINT_EMPTY;

	fd[8]=perf_event_open(&pe[8],0,0,fd[7],PERF_FLAG_FD_NO_GROUP|PERF_FLAG_FD_OUTPUT /*3*/ );

	/* Replayed 3 syscalls */
	return 0;
}
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ