lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 15 May 2020 10:33:12 +0200
From:   Jiri Olsa <jolsa@...hat.com>
To:     "Jin, Yao" <yao.jin@...ux.intel.com>
Cc:     acme@...nel.org, jolsa@...nel.org, peterz@...radead.org,
        mingo@...hat.com, alexander.shishkin@...ux.intel.com,
        Linux-kernel@...r.kernel.org, ak@...ux.intel.com,
        kan.liang@...el.com, yao.jin@...el.com
Subject: Re: [PATCH] perf evsel: Get group fd from CPU0 for system wide event

On Fri, May 15, 2020 at 02:04:57PM +0800, Jin, Yao wrote:

SNIP

> I think I get the root cause. That should be a serious bug in get_group_fd, access violation!
> 
> For a group mixed with system-wide event and per-core event and the group
> leader is system-wide event, access violation will happen.
> 
> perf_evsel__alloc_fd allocates one FD member for system-wide event (only FD(evsel, 0, 0) is valid).
> 
> But for per core event, perf_evsel__alloc_fd allocates N FD members (N =
> ncpus). For example, for ncpus is 8, FD(evsel, 0, 0) to FD(evsel, 7, 0) are
> valid.
> 
> get_group_fd(struct evsel *evsel, int cpu, int thread)
> {
>     struct evsel *leader = evsel->leader;
> 
>     fd = FD(leader, cpu, thread);    /* access violation may happen here */
> }
> 
> If leader is system-wide event, only the FD(leader, 0, 0) is valid.
> 
> When get_group_fd accesses FD(leader, 1, 0), access violation happens.
> 
> My fix is:
> 
> diff --git a/tools/perf/util/evsel.c b/tools/perf/util/evsel.c
> index 28683b0eb738..db05b8a1e1a8 100644
> --- a/tools/perf/util/evsel.c
> +++ b/tools/perf/util/evsel.c
> @@ -1440,6 +1440,9 @@ static int get_group_fd(struct evsel *evsel, int cpu, int thread)
>         if (evsel__is_group_leader(evsel))
>                 return -1;
> 
> +       if (leader->core.system_wide && !evsel->core.system_wide)
> +               return -2;

so this effectively stops grouping system_wide events with others,
and I think it's correct, how about events that differ in cpumask?

should we perhaps ensure this before we call open? go throught all
groups and check they are on the same cpus?

thanks,
jirka


> +
>         /*
>          * Leader must be already processed/open,
>          * if not it's a bug.
> @@ -1665,6 +1668,11 @@ static int evsel__open_cpu(struct evsel *evsel, struct perf_cpu_map *cpus,
>                                 pid = perf_thread_map__pid(threads, thread);
> 
>                         group_fd = get_group_fd(evsel, cpu, thread);
> +                       if (group_fd == -2) {
> +                               errno = EINVAL;
> +                               err = -EINVAL;
> +                               goto out_close;
> +                       }
>  retry_open:
>                         test_attr__ready();
> 
> It enables the perf_evlist__reset_weak_group. And in the second_pass (in
> __run_perf_stat), the events will be opened successfully.
> 
> I have tested OK for this fix on cascadelakex.
> 
> Thanks
> Jin Yao
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ