lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 1 Dec 2017 10:35:56 +0530
From:   Madhavan Srinivasan <maddy@...ux.vnet.ibm.com>
To:     Ravi Bangoria <ravi.bangoria@...ux.vnet.ibm.com>,
        mpe@...erman.id.au
Cc:     benh@...nel.crashing.org, paulus@...ba.org, tglx@...utronix.de,
        kan.liang@...el.com, sukadev@...ux.vnet.ibm.com,
        linuxppc-dev@...ts.ozlabs.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] powerpc/perf: Fix oops when grouping different pmu events



On Thursday 30 November 2017 02:03 PM, Ravi Bangoria wrote:
> When user tries to group imc (In-Memory Collections) event with
> normal event, (sometime) kernel crashes with following log:
>
>      Faulting instruction address: 0x00000000
>      [link register   ] c00000000010ce88 power_check_constraints+0x128/0x980
>      ...
>      c00000000010e238 power_pmu_event_init+0x268/0x6f0
>      c0000000002dc60c perf_try_init_event+0xdc/0x1a0
>      c0000000002dce88 perf_event_alloc+0x7b8/0xac0
>      c0000000002e92e0 SyS_perf_event_open+0x530/0xda0
>      c00000000000b004 system_call+0x38/0xe0
>
> 'event_base' field of 'struct hw_perf_event' is used as flags for
> normal hw events and used as memory address for imc events. While
> grouping these two types of events, collect_events() tries to
> interpret imc 'event_base' as a flag, which causes a corruption
> resulting in a crash.
>
> Consider only those events which belongs to 'perf_hw_context' in
> collect_events().

Reviewed-By: Madhavan Srinivasan <maddy@...ux.vnet.ibm.com>

>
> Signed-off-by: Ravi Bangoria <ravi.bangoria@...ux.vnet.ibm.com>
> ---
>   arch/powerpc/perf/core-book3s.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/arch/powerpc/perf/core-book3s.c b/arch/powerpc/perf/core-book3s.c
> index 9e3da16..1538129 100644
> --- a/arch/powerpc/perf/core-book3s.c
> +++ b/arch/powerpc/perf/core-book3s.c
> @@ -1415,7 +1415,7 @@ static int collect_events(struct perf_event *group, int max_count,
>   	int n = 0;
>   	struct perf_event *event;
>
> -	if (!is_software_event(group)) {
> +	if (group->pmu->task_ctx_nr == perf_hw_context) {
>   		if (n >= max_count)
>   			return -1;
>   		ctrs[n] = group;
> @@ -1423,7 +1423,7 @@ static int collect_events(struct perf_event *group, int max_count,
>   		events[n++] = group->hw.config;
>   	}
>   	list_for_each_entry(event, &group->sibling_list, group_entry) {
> -		if (!is_software_event(event) &&
> +		if (event->pmu->task_ctx_nr == perf_hw_context &&
>   		    event->state != PERF_EVENT_STATE_OFF) {
>   			if (n >= max_count)
>   				return -1;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ