lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <8b973b8a-a563-a5e0-71b4-a8b4aa5d7308@linux.intel.com>
Date:   Wed, 2 Dec 2020 09:26:48 +0800
From:   "Jin, Yao" <yao.jin@...ux.intel.com>
To:     Adrian Hunter <adrian.hunter@...el.com>, acme@...nel.org,
        jolsa@...nel.org, peterz@...radead.org, mingo@...hat.com,
        alexander.shishkin@...ux.intel.com
Cc:     Linux-kernel@...r.kernel.org, ak@...ux.intel.com,
        kan.liang@...el.com, yao.jin@...el.com
Subject: Re: [PATCH] perf script: Fix overrun issue for dynamically-allocated
 pmu type number

Hi Adrian,

On 11/26/2020 10:47 PM, Jin, Yao wrote:
> Hi Adrian,
> 
> On 11/26/2020 4:36 PM, Adrian Hunter wrote:
>> On 26/11/20 9:06 am, Jin, Yao wrote:
>>> Hi Adrian,
>>>
>>> On 11/26/2020 2:51 PM, Adrian Hunter wrote:
>>>> On 26/11/20 5:24 am, Jin Yao wrote:
>>>>> When unpacking the event which is from dynamic pmu, the array
>>>>> output[OUTPUT_TYPE_MAX] may be overrun. For example, type number of
>>>>> SKL uncore_imc is 10, but OUTPUT_TYPE_MAX is 7 now (OUTPUT_TYPE_MAX =
>>>>> PERF_TYPE_MAX + 1).
>>>>>
>>>>> /* In builtin-script.c */
>>>>> process_event()
>>>>> {
>>>>>      unsigned int type = output_type(attr->type);
>>>>>
>>>>>      if (output[type].fields == 0)
>>>>>          return;
>>>>> }
>>>>>
>>>>> output[10] is overrun.
>>>>>
>>>>> Create a type OUTPUT_TYPE_OTHER for dynamic pmu events, then
>>>>> output_type(attr->type) will return OUTPUT_TYPE_OTHER here.
>>>>>
>>>>> Note that if PERF_TYPE_MAX ever changed, then there would be a conflict
>>>>> between old perf.data files that had a dynamicaliy allocated PMU number
>>>>> that would then be the same as a fixed PERF_TYPE.
>>>>>
>>>>> Example:
>>>>>
>>>>> perf record --switch-events -C 0 -e
>>>>> "{cpu-clock,uncore_imc/data_reads/,uncore_imc/data_writes/}:SD" -a --
>>>>> sleep 1
>>>>> perf script
>>>>>
>>>>> Before:
>>>>>            swapper     0 [000] 1479253.987551:     277766
>>>>> cpu-clock:  ffffffff9d4ddb6f cpuidle_enter_state+0xdf ([kernel.kallsyms])
>>>>>            swapper     0 [000] 1479253.987797:     246709
>>>>> cpu-clock:  ffffffff9d4ddb6f cpuidle_enter_state+0xdf ([kernel.kallsyms])
>>>>>            swapper     0 [000] 1479253.988127:     329883
>>>>> cpu-clock:  ffffffff9d4ddb6f cpuidle_enter_state+0xdf ([kernel.kallsyms])
>>>>>            swapper     0 [000] 1479253.988273:     146393
>>>>> cpu-clock:  ffffffff9d4ddb6f cpuidle_enter_state+0xdf ([kernel.kallsyms])
>>>>>            swapper     0 [000] 1479253.988523:     249977
>>>>> cpu-clock:  ffffffff9d4ddb6f cpuidle_enter_state+0xdf ([kernel.kallsyms])
>>>>>            swapper     0 [000] 1479253.988877:     354090
>>>>> cpu-clock:  ffffffff9d4ddb6f cpuidle_enter_state+0xdf ([kernel.kallsyms])
>>>>>            swapper     0 [000] 1479253.989023:     145940
>>>>> cpu-clock:  ffffffff9d4ddb6f cpuidle_enter_state+0xdf ([kernel.kallsyms])
>>>>>            swapper     0 [000] 1479253.989383:     359856
>>>>> cpu-clock:  ffffffff9d4ddb6f cpuidle_enter_state+0xdf ([kernel.kallsyms])
>>>>>            swapper     0 [000] 1479253.989523:     140082
>>>>> cpu-clock:  ffffffff9d4ddb6f cpuidle_enter_state+0xdf ([kernel.kallsyms])
>>>>>
>>>>> After:
>>>>>            swapper     0 [000] 1397040.402011:     272384
>>>>> cpu-clock:  ffffffff9d4ddb6f cpuidle_enter_state+0xdf ([kernel.kallsyms])
>>>>>            swapper     0 [000] 1397040.402011:       5396
>>>>> uncore_imc/data_reads/:
>>>>>            swapper     0 [000] 1397040.402011:        967
>>>>> uncore_imc/data_writes/:
>>>>>            swapper     0 [000] 1397040.402259:     249153
>>>>> cpu-clock:  ffffffff9d4ddb6f cpuidle_enter_state+0xdf ([kernel.kallsyms])
>>>>>            swapper     0 [000] 1397040.402259:       7231
>>>>> uncore_imc/data_reads/:
>>>>>            swapper     0 [000] 1397040.402259:       1297
>>>>> uncore_imc/data_writes/:
>>>>>            swapper     0 [000] 1397040.402508:     249108
>>>>> cpu-clock:  ffffffff9d4ddb6f cpuidle_enter_state+0xdf ([kernel.kallsyms])
>>>>>            swapper     0 [000] 1397040.402508:       5333
>>>>> uncore_imc/data_reads/:
>>>>>            swapper     0 [000] 1397040.402508:       1008
>>>>> uncore_imc/data_writes/:
>>>>>
>>>>> Fixes: 1405720d4f26 ("perf script: Add 'synth' event type for synthesized
>>>>> events")
>>>>
>>>> It does not look to me like the problem was introduced by that commit.  Are
>>>> you sure this Fixes tag is correct?
>>>>
>>>
>>> Commit 1405720d4f26 added the change:
>>>
>>> @@ -1215,8 +1253,9 @@ static void process_event(struct perf_script *script,
>>>   {
>>>          struct thread *thread = al->thread;
>>>          struct perf_event_attr *attr = &evsel->attr;
>>> +       unsigned int type = output_type(attr->type);
>>>
>>> -       if (output[attr->type].fields == 0)
>>> +       if (output[type].fields == 0)
>>>                  return;
>>
>> That is a nop if attr->type != PERF_TYPE_SYNTH
>> Given that PERF_TYPE_SYNTH is (INT_MAX + 1), it is a nop for all kernel
>> dynamically allocated PMU numbers.
>>
>>>
>>> But of course, we can also say the original "output[attr->type].fields"
>>> introduced the issue, I'm not sure. Maybe Arnaldo can help to make the
>>> decision. :)
>>
>> I think perf script has always had this problem.
>>
> 
> Since perf-script has always had this problem, I'm OK to remove the fixes tag from the patch 
> description.
> 
> Thanks
> Jin Yao

Can I get your ACK if the fixes tag is removed from this patch?

Do I need to post a new version which just removes the fixes tag?

Thanks
Jin Yao

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ