From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3E0852EAFA for ; Mon, 6 Nov 2023 23:15:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="B8pqz8TD" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0EEE9C433C8; Mon, 6 Nov 2023 23:15:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1699312517; bh=yswmKfGWlE7dB5zfW21GSije38rKBFuNNdQby+2mXG4=; h=From:To:Cc:Subject:Date:From; b=B8pqz8TDZRPgcFOYkRNcopQ9s0x02LOxnaTFXGLtPsr6Za9QPePWlN/gtc2Qbn6NW ct6tRoQInspXyaZN3EsJgsc99Ih8D1sWlMsxV4UPIpW/Lut0qIGhLPK0RJW41D4BnE jWX9r6AXiJD2AELihHMWCKmw+ylmL7o/r6hyNUTtBSthPeqXWBB8dliFImxkhDmmgg GF+GkU0W4vFMyJlZaHmVvgQhEglzNh1IVZUEnREPmKWPCbJL0LmFdEYM92UnRKE1CG BCE2d0hG4Ozp82Foy8VCqpc2aQuRmKiTQ6ifZqLG4+8Zaw5aCGt9SpztzPO8l5Wb4D ueA9h/hxZrKnw== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Shuai Xue , Peter Zijlstra , Ingo Molnar , Sasha Levin , mingo@redhat.com, acme@kernel.org, linux-perf-users@vger.kernel.org Subject: [PATCH AUTOSEL 6.5 01/13] perf/core: Bail out early if the request AUX area is out of bound Date: Mon, 6 Nov 2023 18:14:54 -0500 Message-ID: <20231106231514.3735077-1-sashal@kernel.org> X-Mailer: git-send-email 2.42.0 Precedence: bulk X-Mailing-List: linux-perf-users@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore X-stable-base: Linux 6.5.10 Content-Transfer-Encoding: 8bit From: Shuai Xue [ Upstream commit 54aee5f15b83437f23b2b2469bcf21bdd9823916 ] When perf-record with a large AUX area, e.g 4GB, it fails with: #perf record -C 0 -m ,4G -e arm_spe_0// -- sleep 1 failed to mmap with 12 (Cannot allocate memory) and it reveals a WARNING with __alloc_pages(): ------------[ cut here ]------------ WARNING: CPU: 44 PID: 17573 at mm/page_alloc.c:5568 __alloc_pages+0x1ec/0x248 Call trace: __alloc_pages+0x1ec/0x248 __kmalloc_large_node+0xc0/0x1f8 __kmalloc_node+0x134/0x1e8 rb_alloc_aux+0xe0/0x298 perf_mmap+0x440/0x660 mmap_region+0x308/0x8a8 do_mmap+0x3c0/0x528 vm_mmap_pgoff+0xf4/0x1b8 ksys_mmap_pgoff+0x18c/0x218 __arm64_sys_mmap+0x38/0x58 invoke_syscall+0x50/0x128 el0_svc_common.constprop.0+0x58/0x188 do_el0_svc+0x34/0x50 el0_svc+0x34/0x108 el0t_64_sync_handler+0xb8/0xc0 el0t_64_sync+0x1a4/0x1a8 'rb->aux_pages' allocated by kcalloc() is a pointer array which is used to maintains AUX trace pages. The allocated page for this array is physically contiguous (and virtually contiguous) with an order of 0..MAX_ORDER. If the size of pointer array crosses the limitation set by MAX_ORDER, it reveals a WARNING. So bail out early with -ENOMEM if the request AUX area is out of bound, e.g.: #perf record -C 0 -m ,4G -e arm_spe_0// -- sleep 1 failed to mmap with 12 (Cannot allocate memory) Signed-off-by: Shuai Xue Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Ingo Molnar Signed-off-by: Sasha Levin --- kernel/events/ring_buffer.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/kernel/events/ring_buffer.c b/kernel/events/ring_buffer.c index a0433f37b0243..4a260ceed9c73 100644 --- a/kernel/events/ring_buffer.c +++ b/kernel/events/ring_buffer.c @@ -699,6 +699,12 @@ int rb_alloc_aux(struct perf_buffer *rb, struct perf_event *event, watermark = 0; } + /* + * kcalloc_node() is unable to allocate buffer if the size is larger + * than: PAGE_SIZE << MAX_ORDER; directly bail out in this case. + */ + if (get_order((unsigned long)nr_pages * sizeof(void *)) > MAX_ORDER) + return -ENOMEM; rb->aux_pages = kcalloc_node(nr_pages, sizeof(void *), GFP_KERNEL, node); if (!rb->aux_pages) -- 2.42.0