From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from mail-bl2nam02on0107.outbound.protection.outlook.com ([104.47.38.107]:63680
        "EHLO NAM02-BL2-obe.outbound.protection.outlook.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1031903AbeCAPhD (ORCPT <rfc822;stable@vger.kernel.org>);
        Thu, 1 Mar 2018 10:37:03 -0500
From: Sasha Levin <Alexander.Levin@microsoft.com>
To: "stable@vger.kernel.org" <stable@vger.kernel.org>,
        "stable-commits@vger.kernel.org" <stable-commits@vger.kernel.org>
CC: Ravi Bangoria <ravi.bangoria@linux.vnet.ibm.com>,
        Michael Ellerman <mpe@ellerman.id.au>,
        Sasha Levin <Alexander.Levin@microsoft.com>
Subject: [added to the 4.1 stable tree] powerpc/perf: Fix oops when grouping
 different pmu events
Date: Thu, 1 Mar 2018 15:26:55 +0000
Message-ID: <20180301152116.1486-412-alexander.levin@microsoft.com>
References: <20180301152116.1486-1-alexander.levin@microsoft.com>
In-Reply-To: <20180301152116.1486-1-alexander.levin@microsoft.com>
Content-Language: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>

From: Ravi Bangoria <ravi.bangoria@linux.vnet.ibm.com>

This patch has been added to the 4.1 stable tree. If you have any
objections, please let us know.

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

[ Upstream commit 5aa04b3eb6fca63d2e9827be656dcadc26d54e11 ]

When user tries to group imc (In-Memory Collections) event with
normal event, (sometime) kernel crashes with following log:

    Faulting instruction address: 0x00000000
    [link register   ] c00000000010ce88 power_check_constraints+0x128/0x980
    ...
    c00000000010e238 power_pmu_event_init+0x268/0x6f0
    c0000000002dc60c perf_try_init_event+0xdc/0x1a0
    c0000000002dce88 perf_event_alloc+0x7b8/0xac0
    c0000000002e92e0 SyS_perf_event_open+0x530/0xda0
    c00000000000b004 system_call+0x38/0xe0

'event_base' field of 'struct hw_perf_event' is used as flags for
normal hw events and used as memory address for imc events. While
grouping these two types of events, collect_events() tries to
interpret imc 'event_base' as a flag, which causes a corruption
resulting in a crash.

Consider only those events which belongs to 'perf_hw_context' in
collect_events().

Signed-off-by: Ravi Bangoria <ravi.bangoria@linux.vnet.ibm.com>
Reviewed-By: Madhavan Srinivasan <maddy@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
 arch/powerpc/perf/core-book3s.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/powerpc/perf/core-book3s.c b/arch/powerpc/perf/core-book3=
s.c
index 8a39319e7868..b7e1307fe633 100644
--- a/arch/powerpc/perf/core-book3s.c
+++ b/arch/powerpc/perf/core-book3s.c
@@ -1381,7 +1381,7 @@ static int collect_events(struct perf_event *group, i=
nt max_count,
 	int n =3D 0;
 	struct perf_event *event;
=20
-	if (!is_software_event(group)) {
+	if (group->pmu->task_ctx_nr =3D=3D perf_hw_context) {
 		if (n >=3D max_count)
 			return -1;
 		ctrs[n] =3D group;
@@ -1389,7 +1389,7 @@ static int collect_events(struct perf_event *group, i=
nt max_count,
 		events[n++] =3D group->hw.config;
 	}
 	list_for_each_entry(event, &group->sibling_list, group_entry) {
-		if (!is_software_event(event) &&
+		if (event->pmu->task_ctx_nr =3D=3D perf_hw_context &&
 		    event->state !=3D PERF_EVENT_STATE_OFF) {
 			if (n >=3D max_count)
 				return -1;
--=20
2.14.1