From: Jiri Olsa <jolsa@redhat.com>
To: Andi Kleen <ak@linux.intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>,
Milind Chabbi <chabbi.milind@gmail.com>,
Jiri Olsa <jolsa@kernel.org>, Ingo Molnar <mingo@kernel.org>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
lkml <linux-kernel@vger.kernel.org>,
Namhyung Kim <namhyung@kernel.org>,
David Ahern <dsahern@gmail.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Michael Ellerman <mpe@ellerman.id.au>,
Hari Bathini <hbathini@linux.vnet.ibm.com>,
Jin Yao <yao.jin@linux.intel.com>,
Kan Liang <kan.liang@intel.com>,
Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>,
Oleg Nesterov <onestero@redhat.com>,
Will Deacon <will.deacon@arm.com>
Subject: Re: [PATCH 4/6] hw_breakpoint: Factor out __modify_user_hw_breakpoint function
Date: Tue, 28 Nov 2017 12:24:47 +0100 [thread overview]
Message-ID: <20171128112447.GA15683@krava> (raw)
In-Reply-To: <20171127230747.GC3070@tassilo.jf.intel.com>
On Mon, Nov 27, 2017 at 03:07:47PM -0800, Andi Kleen wrote:
> On Mon, Nov 27, 2017 at 11:01:28PM +0100, Peter Zijlstra wrote:
> > On Mon, Nov 27, 2017 at 01:50:30PM -0800, Milind Chabbi wrote:
> > > The possible checks is infinite
> >
> > struct perf_event_attr is very much a finite data type.
> >
> > Something as simple as:
> >
> > struct perf_event_attr tmp1 = new_attr, tmp2 = event->attr;
> >
> > tmp1.bp_type = tmp2.bp_type;
> > tmp1.bp_addr = tmp2.bp_addr;
> > tmp1.bp_len = tmp2.bp_len;
> >
> > if (memcmp(&tmp1, &tmp2, sizeof(tmp1)))
> > return -EINVAL;
> >
> > would actually do the checks __modify_user_hw_breakpoint() needs to do.
>
> It could fail with uninitialized padding.
I think that should be fine.. both attrs go through perf_copy_attr,
which should check on it.. I found we init attr.sample_max_stack
out of perf_copy_attr, but we can move it there (attached)
also modify_user_hw_breakpoint is exported.. not sure we can add
this contrain and potentionaly break some kernel module?
I check kernel all the current kernel users and they copy the whole
perf_event_attr into attr argument before they change the allowed
bp_* fields, so there's no harm.
thanks,
jirka
---
diff --git a/kernel/events/core.c b/kernel/events/core.c
index 799bb352d99f..028adb24bf7a 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -9673,6 +9673,9 @@ static int perf_copy_attr(struct perf_event_attr __user *uattr,
ret = -EINVAL;
}
+ if (!attr->sample_max_stack)
+ attr->sample_max_stack = sysctl_perf_event_max_stack;
+
if (attr->sample_type & PERF_SAMPLE_REGS_INTR)
ret = perf_reg_validate(attr->sample_regs_intr);
out:
@@ -9886,9 +9889,6 @@ SYSCALL_DEFINE5(perf_event_open,
perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN))
return -EACCES;
- if (!attr.sample_max_stack)
- attr.sample_max_stack = sysctl_perf_event_max_stack;
-
/*
* In cgroup mode, the pid argument is used to pass the fd
* opened to the cgroup directory in cgroupfs. The cpu argument
diff --git a/kernel/events/hw_breakpoint.c b/kernel/events/hw_breakpoint.c
index a556aba223da..7b85160393b7 100644
--- a/kernel/events/hw_breakpoint.c
+++ b/kernel/events/hw_breakpoint.c
@@ -468,6 +468,9 @@ static int __modify_user_hw_breakpoint(struct perf_event *bp, struct perf_event_
bp->attr.bp_type = attr->bp_type;
bp->attr.bp_len = attr->bp_len;
+ if (memcmp(&bp->attr, attr, sizeof(*attr)))
+ return -EINVAL;
+
err = validate_hw_breakpoint(bp);
if (!err && modify)
err = modify_bp_slot(bp, old_type);
next prev parent reply other threads:[~2017-11-28 11:24 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-27 16:21 [PATCH 0/6] hw_breakpoint: Breakpoint modification fixes Jiri Olsa
2017-11-27 16:21 ` [PATCH 1/6] hw_breakpoint: Pass bp_type directly as find_slot_idx argument Jiri Olsa
2017-11-27 16:21 ` [PATCH 2/6] hw_breakpoint: Pass bp_type argument to __reserve_bp_slot|__release_bp_slot Jiri Olsa
2017-11-27 16:21 ` [PATCH 3/6] hw_breakpoint: Add modify_bp_slot function Jiri Olsa
2017-11-27 16:21 ` [PATCH 4/6] hw_breakpoint: Factor out __modify_user_hw_breakpoint function Jiri Olsa
2017-11-27 16:46 ` Peter Zijlstra
2017-11-27 17:09 ` Jiri Olsa
2017-11-27 17:12 ` Peter Zijlstra
2017-11-27 17:25 ` Jiri Olsa
2017-11-27 17:34 ` Peter Zijlstra
2017-11-27 21:20 ` Peter Zijlstra
2017-11-27 21:50 ` Milind Chabbi
2017-11-27 22:01 ` Peter Zijlstra
2017-11-27 22:16 ` Milind Chabbi
2017-11-27 22:25 ` Jiri Olsa
2017-11-27 22:41 ` Milind Chabbi
2017-11-27 23:07 ` Andi Kleen
2017-11-27 23:31 ` Milind Chabbi
2017-11-28 11:24 ` Jiri Olsa [this message]
2017-11-27 16:21 ` [PATCH 5/6] perf/core: fast breakpoint modification via _IOC_MODIFY_ATTRIBUTES Jiri Olsa
2017-11-27 16:21 ` [PATCH 6/6] perf tests: Add breakpoint accounting/modify test Jiri Olsa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171128112447.GA15683@krava \
--to=jolsa@redhat.com \
--cc=acme@kernel.org \
--cc=ak@linux.intel.com \
--cc=alexander.shishkin@linux.intel.com \
--cc=chabbi.milind@gmail.com \
--cc=dsahern@gmail.com \
--cc=hbathini@linux.vnet.ibm.com \
--cc=jolsa@kernel.org \
--cc=kan.liang@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=mpe@ellerman.id.au \
--cc=namhyung@kernel.org \
--cc=onestero@redhat.com \
--cc=peterz@infradead.org \
--cc=sukadev@linux.vnet.ibm.com \
--cc=will.deacon@arm.com \
--cc=yao.jin@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.