lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <9e2e2552-ac94-96e6-9a34-90c9252d419e@linux.intel.com>
Date:   Thu, 26 Nov 2020 22:47:18 +0800
From:   "Jin, Yao" <yao.jin@...ux.intel.com>
To:     Adrian Hunter <adrian.hunter@...el.com>, acme@...nel.org,
        jolsa@...nel.org, peterz@...radead.org, mingo@...hat.com,
        alexander.shishkin@...ux.intel.com
Cc:     Linux-kernel@...r.kernel.org, ak@...ux.intel.com,
        kan.liang@...el.com, yao.jin@...el.com
Subject: Re: [PATCH] perf script: Fix overrun issue for dynamically-allocated
 pmu type number

Hi Adrian,

On 11/26/2020 4:36 PM, Adrian Hunter wrote:
> On 26/11/20 9:06 am, Jin, Yao wrote:
>> Hi Adrian,
>>
>> On 11/26/2020 2:51 PM, Adrian Hunter wrote:
>>> On 26/11/20 5:24 am, Jin Yao wrote:
>>>> When unpacking the event which is from dynamic pmu, the array
>>>> output[OUTPUT_TYPE_MAX] may be overrun. For example, type number of
>>>> SKL uncore_imc is 10, but OUTPUT_TYPE_MAX is 7 now (OUTPUT_TYPE_MAX =
>>>> PERF_TYPE_MAX + 1).
>>>>
>>>> /* In builtin-script.c */
>>>> process_event()
>>>> {
>>>>      unsigned int type = output_type(attr->type);
>>>>
>>>>      if (output[type].fields == 0)
>>>>          return;
>>>> }
>>>>
>>>> output[10] is overrun.
>>>>
>>>> Create a type OUTPUT_TYPE_OTHER for dynamic pmu events, then
>>>> output_type(attr->type) will return OUTPUT_TYPE_OTHER here.
>>>>
>>>> Note that if PERF_TYPE_MAX ever changed, then there would be a conflict
>>>> between old perf.data files that had a dynamicaliy allocated PMU number
>>>> that would then be the same as a fixed PERF_TYPE.
>>>>
>>>> Example:
>>>>
>>>> perf record --switch-events -C 0 -e
>>>> "{cpu-clock,uncore_imc/data_reads/,uncore_imc/data_writes/}:SD" -a --
>>>> sleep 1
>>>> perf script
>>>>
>>>> Before:
>>>>            swapper     0 [000] 1479253.987551:     277766
>>>> cpu-clock:  ffffffff9d4ddb6f cpuidle_enter_state+0xdf ([kernel.kallsyms])
>>>>            swapper     0 [000] 1479253.987797:     246709
>>>> cpu-clock:  ffffffff9d4ddb6f cpuidle_enter_state+0xdf ([kernel.kallsyms])
>>>>            swapper     0 [000] 1479253.988127:     329883
>>>> cpu-clock:  ffffffff9d4ddb6f cpuidle_enter_state+0xdf ([kernel.kallsyms])
>>>>            swapper     0 [000] 1479253.988273:     146393
>>>> cpu-clock:  ffffffff9d4ddb6f cpuidle_enter_state+0xdf ([kernel.kallsyms])
>>>>            swapper     0 [000] 1479253.988523:     249977
>>>> cpu-clock:  ffffffff9d4ddb6f cpuidle_enter_state+0xdf ([kernel.kallsyms])
>>>>            swapper     0 [000] 1479253.988877:     354090
>>>> cpu-clock:  ffffffff9d4ddb6f cpuidle_enter_state+0xdf ([kernel.kallsyms])
>>>>            swapper     0 [000] 1479253.989023:     145940
>>>> cpu-clock:  ffffffff9d4ddb6f cpuidle_enter_state+0xdf ([kernel.kallsyms])
>>>>            swapper     0 [000] 1479253.989383:     359856
>>>> cpu-clock:  ffffffff9d4ddb6f cpuidle_enter_state+0xdf ([kernel.kallsyms])
>>>>            swapper     0 [000] 1479253.989523:     140082
>>>> cpu-clock:  ffffffff9d4ddb6f cpuidle_enter_state+0xdf ([kernel.kallsyms])
>>>>
>>>> After:
>>>>            swapper     0 [000] 1397040.402011:     272384
>>>> cpu-clock:  ffffffff9d4ddb6f cpuidle_enter_state+0xdf ([kernel.kallsyms])
>>>>            swapper     0 [000] 1397040.402011:       5396
>>>> uncore_imc/data_reads/:
>>>>            swapper     0 [000] 1397040.402011:        967
>>>> uncore_imc/data_writes/:
>>>>            swapper     0 [000] 1397040.402259:     249153
>>>> cpu-clock:  ffffffff9d4ddb6f cpuidle_enter_state+0xdf ([kernel.kallsyms])
>>>>            swapper     0 [000] 1397040.402259:       7231
>>>> uncore_imc/data_reads/:
>>>>            swapper     0 [000] 1397040.402259:       1297
>>>> uncore_imc/data_writes/:
>>>>            swapper     0 [000] 1397040.402508:     249108
>>>> cpu-clock:  ffffffff9d4ddb6f cpuidle_enter_state+0xdf ([kernel.kallsyms])
>>>>            swapper     0 [000] 1397040.402508:       5333
>>>> uncore_imc/data_reads/:
>>>>            swapper     0 [000] 1397040.402508:       1008
>>>> uncore_imc/data_writes/:
>>>>
>>>> Fixes: 1405720d4f26 ("perf script: Add 'synth' event type for synthesized
>>>> events")
>>>
>>> It does not look to me like the problem was introduced by that commit.  Are
>>> you sure this Fixes tag is correct?
>>>
>>
>> Commit 1405720d4f26 added the change:
>>
>> @@ -1215,8 +1253,9 @@ static void process_event(struct perf_script *script,
>>   {
>>          struct thread *thread = al->thread;
>>          struct perf_event_attr *attr = &evsel->attr;
>> +       unsigned int type = output_type(attr->type);
>>
>> -       if (output[attr->type].fields == 0)
>> +       if (output[type].fields == 0)
>>                  return;
> 
> That is a nop if attr->type != PERF_TYPE_SYNTH
> Given that PERF_TYPE_SYNTH is (INT_MAX + 1), it is a nop for all kernel
> dynamically allocated PMU numbers.
> 
>>
>> But of course, we can also say the original "output[attr->type].fields"
>> introduced the issue, I'm not sure. Maybe Arnaldo can help to make the
>> decision. :)
> 
> I think perf script has always had this problem.
> 

Since perf-script has always had this problem, I'm OK to remove the fixes tag from the patch 
description.

Thanks
Jin Yao

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ