| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 29 May 2024 08:50:59 -0500
From: George Kennedy <george.kennedy@...cle.com>
To: peterz@...radead.org, mingo@...hat.com, acme@...nel.org,
namhyung@...nel.org, mark.rutland@....com,
alexander.shishkin@...ux.intel.com, jolsa@...nel.org,
irogers@...gle.com, adrian.hunter@...el.com, kan.liang@...ux.intel.com,
tglx@...utronix.de, bp@...en8.de, dave.hansen@...ux.intel.com,
x86@...nel.org, hpa@...or.com, linux-perf-users@...r.kernel.org,
linux-kernel@...r.kernel.org
Cc: george.kennedy@...cle.com, harshit.m.mogalapalli@...cle.com
Subject: [PATCH] perf/x86/amd: check event before enable to avoid GPF
Events can be deleted and the entry can be NULL.
Check event for NULL in amd_pmu_enable_all() before enable to avoid a GPF.
This appears to be an AMD only issue.
Syzkaller reported a GPF in amd_pmu_enable_all.
INFO: NMI handler (perf_event_nmi_handler) took too long to run: 13.170
msecs
perf: interrupt took too long (191950 > 156435), lowering
kernel.perf_event_max_sample_rate to 1000
Oops: general protection fault, probably for non-canonical address
0xdffffc0000000034: 0000 [#1] PREEMPT SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x00000000000001a0-0x00000000000001a7]
Call Trace:
<IRQ>
amd_pmu_enable_all (arch/x86/events/amd/core.c:1341)
x86_pmu_enable (arch/x86/events/core.c:1276 arch/x86/events/core.c:1335)
__pmu_ctx_sched_out (kernel/events/core.c:8314 (discriminator 1))
ctx_sched_out (kernel/events/core.c:8328)
__perf_install_in_context (kernel/events/core.c:6235)
remote_function (./arch/x86/include/asm/atomic64_64.h:20)
__flush_smp_call_function_queue (kernel/smp.c:189 (discriminator 20)
kernel/smp.c:197 (discriminator 20) kernel/smp.c:540 (discriminator 20))
__sysvec_call_function_single (arch/x86/kernel/smp.c:193 (discriminator 1))
sysvec_call_function_single (lib/maple_tree.c:3155 (discriminator 2))
asm_sysvec_call_function_single (./arch/x86/include/asm/idtentry.h:709)
Reported-by: syzkaller <syzkaller@...glegroups.com>
Signed-off-by: George Kennedy <george.kennedy@...cle.com>
---
arch/x86/events/amd/core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/x86/events/amd/core.c b/arch/x86/events/amd/core.c
index 1fc4ce44e743..0ead72d3e206 100644
--- a/arch/x86/events/amd/core.c
+++ b/arch/x86/events/amd/core.c
@@ -760,7 +760,8 @@ static void amd_pmu_enable_all(int added)
if (!test_bit(idx, cpuc->active_mask))
continue;
- amd_pmu_enable_event(cpuc->events[idx]);
+ if (cpuc->events[idx])
+ amd_pmu_enable_event(cpuc->events[idx]);
}
}
--
2.39.3
Powered by blists - more mailing lists