lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 22 May 2019 10:31:35 +0530
From:   Madhavan Srinivasan <maddy@...ux.vnet.ibm.com>
To:     Ravi Bangoria <ravi.bangoria@...ux.ibm.com>, peterz@...radead.org,
        jolsa@...hat.com, mpe@...erman.id.au
Cc:     acme@...nel.org, linux-kernel@...r.kernel.org,
        linuxppc-dev@...ts.ozlabs.org
Subject: Re: [PATCH 2/2] powerpc/perf: Fix mmcra corruption by bhrb_filter


On 11/05/19 8:12 AM, Ravi Bangoria wrote:
> Consider a scenario where user creates two events:
>
>    1st event:
>      attr.sample_type |= PERF_SAMPLE_BRANCH_STACK;
>      attr.branch_sample_type = PERF_SAMPLE_BRANCH_ANY;
>      fd = perf_event_open(attr, 0, 1, -1, 0);
>
>    This sets cpuhw->bhrb_filter to 0 and returns valid fd.
>
>    2nd event:
>      attr.sample_type |= PERF_SAMPLE_BRANCH_STACK;
>      attr.branch_sample_type = PERF_SAMPLE_BRANCH_CALL;
>      fd = perf_event_open(attr, 0, 1, -1, 0);
>
>    It overrides cpuhw->bhrb_filter to -1 and returns with error.
>
> Now if power_pmu_enable() gets called by any path other than
> power_pmu_add(), ppmu->config_bhrb(-1) will set mmcra to -1.

Reviewed-by: Madhavan Srinivasan <maddy@...ux.vnet.ibm.com>


> Signed-off-by: Ravi Bangoria <ravi.bangoria@...ux.ibm.com>
> ---
>   arch/powerpc/perf/core-book3s.c | 6 ++++--
>   arch/powerpc/perf/power8-pmu.c  | 3 +++
>   arch/powerpc/perf/power9-pmu.c  | 3 +++
>   3 files changed, 10 insertions(+), 2 deletions(-)
>
> diff --git a/arch/powerpc/perf/core-book3s.c b/arch/powerpc/perf/core-book3s.c
> index b0723002a396..8eb5dc5df62b 100644
> --- a/arch/powerpc/perf/core-book3s.c
> +++ b/arch/powerpc/perf/core-book3s.c
> @@ -1846,6 +1846,7 @@ static int power_pmu_event_init(struct perf_event *event)
>   	int n;
>   	int err;
>   	struct cpu_hw_events *cpuhw;
> +	u64 bhrb_filter;
>
>   	if (!ppmu)
>   		return -ENOENT;
> @@ -1951,13 +1952,14 @@ static int power_pmu_event_init(struct perf_event *event)
>   	err = power_check_constraints(cpuhw, events, cflags, n + 1);
>
>   	if (has_branch_stack(event)) {
> -		cpuhw->bhrb_filter = ppmu->bhrb_filter_map(
> +		bhrb_filter = ppmu->bhrb_filter_map(
>   					event->attr.branch_sample_type);
>
> -		if (cpuhw->bhrb_filter == -1) {
> +		if (bhrb_filter == -1) {
>   			put_cpu_var(cpu_hw_events);
>   			return -EOPNOTSUPP;
>   		}
> +		cpuhw->bhrb_filter = bhrb_filter;
>   	}
>
>   	put_cpu_var(cpu_hw_events);
> diff --git a/arch/powerpc/perf/power8-pmu.c b/arch/powerpc/perf/power8-pmu.c
> index d12a2db26353..d10feef93b6b 100644
> --- a/arch/powerpc/perf/power8-pmu.c
> +++ b/arch/powerpc/perf/power8-pmu.c
> @@ -29,6 +29,7 @@ enum {
>   #define	POWER8_MMCRA_IFM1		0x0000000040000000UL
>   #define	POWER8_MMCRA_IFM2		0x0000000080000000UL
>   #define	POWER8_MMCRA_IFM3		0x00000000C0000000UL
> +#define	POWER8_MMCRA_BHRB_MASK		0x00000000C0000000UL
>
>   /*
>    * Raw event encoding for PowerISA v2.07 (Power8):
> @@ -243,6 +244,8 @@ static u64 power8_bhrb_filter_map(u64 branch_sample_type)
>
>   static void power8_config_bhrb(u64 pmu_bhrb_filter)
>   {
> +	pmu_bhrb_filter &= POWER8_MMCRA_BHRB_MASK;
> +
>   	/* Enable BHRB filter in PMU */
>   	mtspr(SPRN_MMCRA, (mfspr(SPRN_MMCRA) | pmu_bhrb_filter));
>   }
> diff --git a/arch/powerpc/perf/power9-pmu.c b/arch/powerpc/perf/power9-pmu.c
> index 030544e35959..f3987915cadc 100644
> --- a/arch/powerpc/perf/power9-pmu.c
> +++ b/arch/powerpc/perf/power9-pmu.c
> @@ -92,6 +92,7 @@ enum {
>   #define POWER9_MMCRA_IFM1		0x0000000040000000UL
>   #define POWER9_MMCRA_IFM2		0x0000000080000000UL
>   #define POWER9_MMCRA_IFM3		0x00000000C0000000UL
> +#define POWER9_MMCRA_BHRB_MASK		0x00000000C0000000UL
>
>   /* Nasty Power9 specific hack */
>   #define PVR_POWER9_CUMULUS		0x00002000
> @@ -300,6 +301,8 @@ static u64 power9_bhrb_filter_map(u64 branch_sample_type)
>
>   static void power9_config_bhrb(u64 pmu_bhrb_filter)
>   {
> +	pmu_bhrb_filter &= POWER9_MMCRA_BHRB_MASK;
> +
>   	/* Enable BHRB filter in PMU */
>   	mtspr(SPRN_MMCRA, (mfspr(SPRN_MMCRA) | pmu_bhrb_filter));
>   }

Powered by blists - more mailing lists