From: Frederic Weisbecker <fweisbec@gmail.com>
To: Oleg Nesterov <oleg@redhat.com>
Cc: Vince Weaver <vincent.weaver@maine.edu>,
linux-kernel@vger.kernel.org,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
Paul Mackerras <paulus@samba.org>, Ingo Molnar <mingo@redhat.com>,
Arnaldo Carvalho de Melo <acme@ghostprotocols.net>,
trinity@vger.kernel.org, Jiri Olsa <jolsa@redhat.com>
Subject: Re: [PATCH 1/2] hw_breakpoint: Fix cpu check in task_bp_pinned(cpu)
Date: Thu, 13 Jun 2013 16:20:28 +0200 [thread overview]
Message-ID: <20130613142026.GC16339@somewhere> (raw)
In-Reply-To: <20130601182120.GB4861@redhat.com>
On Sat, Jun 01, 2013 at 08:21:20PM +0200, Oleg Nesterov wrote:
> trinity fuzzer triggered WARN_ONCE("Can't find any breakpoint slot")
> in arch_install_hw_breakpoint() but the problem is not arch-specific.
>
> The problem is, task_bp_pinned(cpu) checks "cpu == iter->cpu" but
> this doesn't account the "all cpus" events with iter->cpu < 0.
>
> This means that, say, register_user_hw_breakpoint(tsk) can happily
> create the arbitrary number > HBP_NUM of breakpoints which can not
> be activated. toggle_bp_task_slot() is equally wrong by the same
> reason and nr_task_bp_pinned[] can have negative entries.
>
> Simple test:
>
> # perl -e 'sleep 1 while 1' &
> # perf record -e mem:0x10,mem:0x10,mem:0x10,mem:0x10,mem:0x10 -p `pidof perl`
>
> Before this patch this triggers the same problem/WARN_ON(), after
> the patch it correctly fails with -ENOSPC.
>
> Reported-by: Vince Weaver <vincent.weaver@maine.edu>
> Signed-off-by: Oleg Nesterov <oleg@redhat.com>
> Cc: <stable@vger.kernel.org>
Looks good, thanks!
Acked-by: Frederic Weisbecker <fweisbec@gmail.com>
> ---
> kernel/events/hw_breakpoint.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/kernel/events/hw_breakpoint.c b/kernel/events/hw_breakpoint.c
> index ed1c897..29d3abe 100644
> --- a/kernel/events/hw_breakpoint.c
> +++ b/kernel/events/hw_breakpoint.c
> @@ -120,7 +120,7 @@ static int task_bp_pinned(int cpu, struct perf_event *bp, enum bp_type_idx type)
> list_for_each_entry(iter, &bp_task_head, hw.bp_list) {
> if (iter->hw.bp_target == tsk &&
> find_slot_idx(iter) == type &&
> - cpu == iter->cpu)
> + (iter->cpu < 0 || cpu == iter->cpu))
> count += hw_breakpoint_weight(iter);
> }
>
> --
> 1.5.5.1
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
next prev parent reply other threads:[~2013-06-13 14:20 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-20 16:19 WARN_ONCE in arch/x86/kernel/hw_breakpoint.c Vince Weaver
2013-05-28 17:00 ` Oleg Nesterov
2013-05-28 17:28 ` Oleg Nesterov
2013-05-28 18:47 ` Oleg Nesterov
2013-05-29 16:32 ` [MAYBEPATCH] : " Oleg Nesterov
2013-06-01 18:20 ` [PATCH 0/2]: " Oleg Nesterov
2013-06-01 18:21 ` [PATCH 1/2] hw_breakpoint: Fix cpu check in task_bp_pinned(cpu) Oleg Nesterov
2013-06-13 14:20 ` Frederic Weisbecker [this message]
2013-06-01 18:21 ` [PATCH 2/2] hw_breakpoint: Use cpu_possible_mask in {reserve,release}_bp_slot() Oleg Nesterov
2013-06-15 12:46 ` Frederic Weisbecker
2013-06-01 19:45 ` [PATCH 0/3] hw_breakpoint: cleanups Oleg Nesterov
2013-06-01 19:45 ` [PATCH 1/3] hw_breakpoint: Simplify list/idx mess in toggle_bp_slot() paths Oleg Nesterov
2013-06-15 12:59 ` Frederic Weisbecker
2013-06-01 19:46 ` [PATCH 2/3] hw_breakpoint: Simplify the "weight" usage " Oleg Nesterov
2013-06-15 13:14 ` Frederic Weisbecker
2013-06-01 19:46 ` [PATCH 3/3] hw_breakpoint: Introduce cpumask_of_bp() Oleg Nesterov
2013-06-15 13:29 ` Frederic Weisbecker
2013-06-13 14:01 ` [PATCH 0/3] hw_breakpoint: cleanups Frederic Weisbecker
2013-06-13 15:15 ` Oleg Nesterov
2013-06-13 15:24 ` Frederic Weisbecker
2013-06-02 19:49 ` [PATCH 0/2] hw_breakpoint: more cleanups Oleg Nesterov
2013-06-02 19:50 ` [PATCH 1/2] hw_breakpoint: Simplify *register_wide_hw_breakpoint() Oleg Nesterov
2013-06-18 0:12 ` Frederic Weisbecker
2013-06-02 19:50 ` [PATCH 2/2] hw_breakpoint: Introduce "struct bp_cpuinfo" Oleg Nesterov
2013-06-18 12:37 ` Frederic Weisbecker
2013-06-18 14:42 ` Oleg Nesterov
2013-06-18 17:01 ` Frederic Weisbecker
2013-06-19 15:54 ` Oleg Nesterov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130613142026.GC16339@somewhere \
--to=fweisbec@gmail.com \
--cc=a.p.zijlstra@chello.nl \
--cc=acme@ghostprotocols.net \
--cc=jolsa@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=oleg@redhat.com \
--cc=paulus@samba.org \
--cc=trinity@vger.kernel.org \
--cc=vincent.weaver@maine.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.