[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAP-5=fVa=cv54h3=zmqkGBJp2ygoCiYceC_7jiZyG+BDt2azMA@mail.gmail.com>
Date: Sat, 21 Mar 2020 09:47:41 -0700
From: Ian Rogers <irogers@...gle.com>
To: Peter Zijlstra <peterz@...radead.org>
Cc: Ingo Molnar <mingo@...hat.com>,
Arnaldo Carvalho de Melo <acme@...nel.org>,
Mark Rutland <mark.rutland@....com>,
Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
Jiri Olsa <jolsa@...hat.com>,
Namhyung Kim <namhyung@...nel.org>,
Kan Liang <kan.liang@...ux.intel.com>,
LKML <linux-kernel@...r.kernel.org>,
Stephane Eranian <eranian@...gle.com>
Subject: Re: [PATCH] perf/cgroup: correct indirection in perf_less_group_idx
On Sat, Mar 21, 2020 at 6:25 AM Peter Zijlstra <peterz@...radead.org> wrote:
>
> On Fri, Mar 20, 2020 at 06:38:39PM -0700, Ian Rogers wrote:
> > The void* in perf_less_group_idx is to a cell in the array which points
> > at a perf_event*, as such it is a perf_event**.
> >
> > Fixes: 6eef8a7116de ("perf/core: Use min_heap in visit_groups_merge()")
> > Author: John Sperbeck <jsperbeck@...gle.com>
>
> That doesn't make sense, did he write the patch? Then there needs to be
> a From: him and a SoB: him, If he reported the issue, it should be
> Reported-by: him.
Done.
https://lkml.org/lkml/2020/3/21/295
> > Signed-off-by: Ian Rogers <irogers@...gle.com>
> > ---
> > kernel/events/core.c | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/kernel/events/core.c b/kernel/events/core.c
> > index d22e4ba59dfa..a758c2311c53 100644
> > --- a/kernel/events/core.c
> > +++ b/kernel/events/core.c
> > @@ -3503,7 +3503,8 @@ static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx,
> >
> > static bool perf_less_group_idx(const void *l, const void *r)
> > {
> > - const struct perf_event *le = l, *re = r;
> > + const struct perf_event *le = *(const struct perf_event **)l;
> > + const struct perf_event *re = *(const struct perf_event **)r;
>
> How did this not insta explode?
Agreed, a cgroup depth of at least 3 is needed for a heap allocation
and we saw this with kasan. CONFIG_KASAN_STACK should have been able
to catch this in the normal case.
Thanks,
Ian
Powered by blists - more mailing lists