lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 20 Jun 2019 19:57:16 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-kernel@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, stable@...r.kernel.org, Yabin Cui <yabinc@...gle.com>, "Peter Zijlstra (Intel)" <peterz@...radead.org>, Alexander Shishkin <alexander.shishkin@...ux.intel.com>, Arnaldo Carvalho de Melo <acme@...hat.com>, Jiri Olsa <jolsa@...hat.com>, Linus Torvalds <torvalds@...ux-foundation.org>, Stephane Eranian <eranian@...gle.com>, Thomas Gleixner <tglx@...utronix.de>, Vince Weaver <vincent.weaver@...ne.edu>, acme@...nel.org, mark.rutland@....com, namhyung@...nel.org, Ingo Molnar <mingo@...nel.org>, Sasha Levin <sashal@...nel.org> Subject: [PATCH 5.1 49/98] perf/ring_buffer: Add ordering to rb->nest increment [ Upstream commit 3f9fbe9bd86c534eba2faf5d840fd44c6049f50e ] Similar to how decrementing rb->next too early can cause data_head to (temporarily) be observed to go backward, so too can this happen when we increment too late. This barrier() ensures the rb->head load happens after the increment, both the one in the 'goto again' path, as the one from perf_output_get_handle() -- albeit very unlikely to matter for the latter. Suggested-by: Yabin Cui <yabinc@...gle.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@...radead.org> Cc: Alexander Shishkin <alexander.shishkin@...ux.intel.com> Cc: Arnaldo Carvalho de Melo <acme@...hat.com> Cc: Jiri Olsa <jolsa@...hat.com> Cc: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Peter Zijlstra <peterz@...radead.org> Cc: Stephane Eranian <eranian@...gle.com> Cc: Thomas Gleixner <tglx@...utronix.de> Cc: Vince Weaver <vincent.weaver@...ne.edu> Cc: acme@...nel.org Cc: mark.rutland@....com Cc: namhyung@...nel.org Fixes: ef60777c9abd ("perf: Optimize the perf_output() path by removing IRQ-disables") Link: http://lkml.kernel.org/r/20190517115418.309516009@infradead.org Signed-off-by: Ingo Molnar <mingo@...nel.org> Signed-off-by: Sasha Levin <sashal@...nel.org> --- kernel/events/ring_buffer.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/kernel/events/ring_buffer.c b/kernel/events/ring_buffer.c index 009467a60578..4b5f8d932400 100644 --- a/kernel/events/ring_buffer.c +++ b/kernel/events/ring_buffer.c @@ -48,6 +48,15 @@ static void perf_output_put_handle(struct perf_output_handle *handle) unsigned long head; again: + /* + * In order to avoid publishing a head value that goes backwards, + * we must ensure the load of @rb->head happens after we've + * incremented @rb->nest. + * + * Otherwise we can observe a @rb->head value before one published + * by an IRQ/NMI happening between the load and the increment. + */ + barrier(); head = local_read(&rb->head); /* -- 2.20.1
Powered by blists - more mailing lists