Re: perf: perf_fuzzer triggers GPF in perf_prepare_sample

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jiri Olsa <jolsa@redhat.com>
To: Vince Weaver <vincent.weaver@maine.edu>
Cc: linux-kernel@vger.kernel.org,
	Peter Zijlstra <peterz@infradead.org>,
	Ingo Molnar <mingo@redhat.com>,
	Arnaldo Carvalho de Melo <acme@kernel.org>,
	Alexander Shishkin <alexander.shishkin@linux.intel.com>,
	Namhyung Kim <namhyung@kernel.org>,
	Andi Kleen <andi@firstfloor.org>
Subject: Re: perf: perf_fuzzer triggers GPF in perf_prepare_sample
Date: Wed, 5 Dec 2018 19:33:26 +0100	[thread overview]
Message-ID: <20181205183326.GE3836@krava> (raw)
In-Reply-To: <alpine.DEB.2.21.1812051208580.29892@macbook-air>

On Wed, Dec 05, 2018 at 12:11:19PM -0500, Vince Weaver wrote:
> On Wed, 5 Dec 2018, Jiri Olsa wrote:
> 
> > On Wed, Dec 05, 2018 at 01:45:38PM +0100, Jiri Olsa wrote:
> > > On Tue, Dec 04, 2018 at 10:54:55AM -0500, Vince Weaver wrote:
> > > > Hello,
> > > > 
> > > > I was able to trigger another oops with the perf_fuzzer with current git.
> > > > 
> > > > This is 4.20-rc5 after the fix for the very similar oops I previously 
> > > > reported got committed.
> > > > 
> > > > It seems to be pointing to the same location in the source as 
> > > > before, I guess maybe triggered a different way?
> > > 
> > > nice.. yep, looks the same
> > > 
> > > > 
> > > > Unfortunately this crash is not easily reproducible like the last one was.
> > > 
> > > will check
> > 
> > what model are hitting this on?
> 
> Haswell.  6/60/3.
> 
> While I can't deterministically trigger this, the fuzzer usually hits it
> within an hour or two.  Is there any debug or printk messages I can
> add that would help figure out what's going on?

I can't see how we could end up with that config other than
some corruption.. the only way I see could be that we touch
cpu->events array without checking its active_mask bit

but that does not explain why the crash happened in the same
place as before

jirka


---
diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c
index ecc3e34ca955..9a2fd5a68d87 100644
--- a/arch/x86/events/intel/core.c
+++ b/arch/x86/events/intel/core.c
@@ -2404,7 +2404,7 @@ static int intel_pmu_handle_irq(struct pt_regs *regs)
 	struct cpu_hw_events *cpuc;
 	int loops;
 	u64 status;
-	int handled;
+	int handled = 0;
 	int pmu_enabled;
 
 	cpuc = this_cpu_ptr(&cpu_hw_events);
@@ -2423,8 +2423,10 @@ static int intel_pmu_handle_irq(struct pt_regs *regs)
 	intel_bts_disable_local();
 	cpuc->enabled = 0;
 	__intel_pmu_disable_all();
-	handled = intel_pmu_drain_bts_buffer();
-	handled += intel_bts_interrupt();
+	if (test_bit(INTEL_PMC_IDX_FIXED_BTS, cpuc->active_mask)) {
+		handled += intel_pmu_drain_bts_buffer();
+		handled += intel_bts_interrupt();
+	}
 	status = intel_pmu_get_status();
 	if (!status)
 		goto done;

next prev parent reply	other threads:[~2018-12-05 18:33 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-12-04 15:54 perf: perf_fuzzer triggers GPF in perf_prepare_sample Vince Weaver
2018-12-05 12:45 ` Jiri Olsa
2018-12-05 16:38   ` Jiri Olsa
2018-12-05 17:11     ` Vince Weaver
2018-12-05 18:33       ` Jiri Olsa [this message]
2018-12-06 15:35         ` Vince Weaver
2018-12-06 15:44           ` Jiri Olsa
2018-12-09  2:08             ` Vince Weaver
2018-12-09 11:55               ` Jiri Olsa

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:ecc3e34ca95 dfblob:9a2fd5a68d8 )
 OR (
bs:"Re: perf: perf_fuzzer triggers GPF in perf_prepare_sample" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20181205183326.GE3836@krava \
    --to=jolsa@redhat.com \
    --cc=acme@kernel.org \
    --cc=alexander.shishkin@linux.intel.com \
    --cc=andi@firstfloor.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=namhyung@kernel.org \
    --cc=peterz@infradead.org \
    --cc=vincent.weaver@maine.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.