From: Arnaldo Carvalho de Melo <acme@kernel.org>
To: Athira Rajeev <atrajeev@linux.vnet.ibm.com>
Cc: jolsa@kernel.org, mpe@ellerman.id.au,
linux-perf-users@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
maddy@linux.vnet.ibm.com, rnsastry@linux.ibm.com,
kjain@linux.ibm.com
Subject: Re: [PATCH V2 1/2] tools/perf: Fix out of bound access to affinity "sched_cpus"
Date: Tue, 6 Sep 2022 09:27:08 -0300 [thread overview]
Message-ID: <Yxc8nFLFsiOD/hHu@kernel.org> (raw)
In-Reply-To: <20220905141929.7171-1-atrajeev@linux.vnet.ibm.com>
Em Mon, Sep 05, 2022 at 07:49:28PM +0530, Athira Rajeev escreveu:
> The affinity code in "affinity_set" function access array
> named "sched_cpus". The size for this array is allocated in
> affinity_setup function which is nothing but value from
> get_cpu_set_size. This is used to contain the cpumask value
> for each cpu. While setting bit for each cpu, it calls
> "set_bit" function which access index in sched_cpus array.
> If we provide a command-line option to -C which is more than
> the number of CPU's present in the system, the set_bit could
> access an array member which is out-of the array size. This
> is because currently, there is no boundary check for the CPU.
> This will result in seg fault:
Thanks, tested, reproduced the problem before, and the fix after,
applied.
- Arnaldo
> <<>>
> ./perf stat -C 12323431 ls
> Perf can support 2048 CPUs. Consider raising MAX_NR_CPUS
> Segmentation fault (core dumped)
> <<>>
>
> Fix this by adding boundary check for the array.
>
> After the fix from powerpc system:
>
> <<>>
> ./perf stat -C 12323431 ls 1>out
> Perf can support 2048 CPUs. Consider raising MAX_NR_CPUS
>
> Performance counter stats for 'CPU(s) 12323431':
>
> <not supported> msec cpu-clock
> <not supported> context-switches
> <not supported> cpu-migrations
> <not supported> page-faults
> <not supported> cycles
> <not supported> instructions
> <not supported> branches
> <not supported> branch-misses
>
> 0.001192373 seconds time elapsed
> <<>>
>
> Reported-by: Nageswara Sastry <rnsastry@linux.ibm.com>
> Tested-by: Nageswara Sastry <rnsastry@linux.ibm.com>
> Signed-off-by: Athira Rajeev <atrajeev@linux.vnet.ibm.com>
> ---
> Changelog:
> From v1 -> v2:
> Addressed review comment from Jiri Olsa by changing condition
> check to directly use "cpu_set_size * 8" for comparing with the
> cpu number.
>
> tools/perf/util/affinity.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/tools/perf/util/affinity.c b/tools/perf/util/affinity.c
> index 4d216c0dc425..4ee96b3c755b 100644
> --- a/tools/perf/util/affinity.c
> +++ b/tools/perf/util/affinity.c
> @@ -49,8 +49,14 @@ void affinity__set(struct affinity *a, int cpu)
> {
> int cpu_set_size = get_cpu_set_size();
>
> - if (cpu == -1)
> + /*
> + * Return:
> + * - if cpu is -1
> + * - restrict out of bound access to sched_cpus
> + */
> + if (cpu == -1 || ((cpu >= (cpu_set_size * 8))))
> return;
> +
> a->changed = true;
> set_bit(cpu, a->sched_cpus);
> /*
> --
> 2.35.1
--
- Arnaldo
WARNING: multiple messages have this Message-ID (diff)
From: Arnaldo Carvalho de Melo <acme@kernel.org>
To: Athira Rajeev <atrajeev@linux.vnet.ibm.com>
Cc: maddy@linux.vnet.ibm.com, rnsastry@linux.ibm.com,
linux-perf-users@vger.kernel.org, jolsa@kernel.org,
kjain@linux.ibm.com, linuxppc-dev@lists.ozlabs.org
Subject: Re: [PATCH V2 1/2] tools/perf: Fix out of bound access to affinity "sched_cpus"
Date: Tue, 6 Sep 2022 09:27:08 -0300 [thread overview]
Message-ID: <Yxc8nFLFsiOD/hHu@kernel.org> (raw)
In-Reply-To: <20220905141929.7171-1-atrajeev@linux.vnet.ibm.com>
Em Mon, Sep 05, 2022 at 07:49:28PM +0530, Athira Rajeev escreveu:
> The affinity code in "affinity_set" function access array
> named "sched_cpus". The size for this array is allocated in
> affinity_setup function which is nothing but value from
> get_cpu_set_size. This is used to contain the cpumask value
> for each cpu. While setting bit for each cpu, it calls
> "set_bit" function which access index in sched_cpus array.
> If we provide a command-line option to -C which is more than
> the number of CPU's present in the system, the set_bit could
> access an array member which is out-of the array size. This
> is because currently, there is no boundary check for the CPU.
> This will result in seg fault:
Thanks, tested, reproduced the problem before, and the fix after,
applied.
- Arnaldo
> <<>>
> ./perf stat -C 12323431 ls
> Perf can support 2048 CPUs. Consider raising MAX_NR_CPUS
> Segmentation fault (core dumped)
> <<>>
>
> Fix this by adding boundary check for the array.
>
> After the fix from powerpc system:
>
> <<>>
> ./perf stat -C 12323431 ls 1>out
> Perf can support 2048 CPUs. Consider raising MAX_NR_CPUS
>
> Performance counter stats for 'CPU(s) 12323431':
>
> <not supported> msec cpu-clock
> <not supported> context-switches
> <not supported> cpu-migrations
> <not supported> page-faults
> <not supported> cycles
> <not supported> instructions
> <not supported> branches
> <not supported> branch-misses
>
> 0.001192373 seconds time elapsed
> <<>>
>
> Reported-by: Nageswara Sastry <rnsastry@linux.ibm.com>
> Tested-by: Nageswara Sastry <rnsastry@linux.ibm.com>
> Signed-off-by: Athira Rajeev <atrajeev@linux.vnet.ibm.com>
> ---
> Changelog:
> From v1 -> v2:
> Addressed review comment from Jiri Olsa by changing condition
> check to directly use "cpu_set_size * 8" for comparing with the
> cpu number.
>
> tools/perf/util/affinity.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/tools/perf/util/affinity.c b/tools/perf/util/affinity.c
> index 4d216c0dc425..4ee96b3c755b 100644
> --- a/tools/perf/util/affinity.c
> +++ b/tools/perf/util/affinity.c
> @@ -49,8 +49,14 @@ void affinity__set(struct affinity *a, int cpu)
> {
> int cpu_set_size = get_cpu_set_size();
>
> - if (cpu == -1)
> + /*
> + * Return:
> + * - if cpu is -1
> + * - restrict out of bound access to sched_cpus
> + */
> + if (cpu == -1 || ((cpu >= (cpu_set_size * 8))))
> return;
> +
> a->changed = true;
> set_bit(cpu, a->sched_cpus);
> /*
> --
> 2.35.1
--
- Arnaldo
next prev parent reply other threads:[~2022-09-06 12:31 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-05 14:19 [PATCH V2 1/2] tools/perf: Fix out of bound access to affinity "sched_cpus" Athira Rajeev
2022-09-05 14:19 ` Athira Rajeev
2022-09-05 14:19 ` [PATCH V2 2/2] tools/perf: Fix out of bound access to cpu mask array Athira Rajeev
2022-09-05 14:19 ` Athira Rajeev
2022-09-06 12:27 ` Arnaldo Carvalho de Melo [this message]
2022-09-06 12:27 ` [PATCH V2 1/2] tools/perf: Fix out of bound access to affinity "sched_cpus" Arnaldo Carvalho de Melo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yxc8nFLFsiOD/hHu@kernel.org \
--to=acme@kernel.org \
--cc=atrajeev@linux.vnet.ibm.com \
--cc=jolsa@kernel.org \
--cc=kjain@linux.ibm.com \
--cc=linux-perf-users@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=maddy@linux.vnet.ibm.com \
--cc=mpe@ellerman.id.au \
--cc=rnsastry@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.