From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8876D2EAFA for ; Mon, 6 Nov 2023 23:16:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="RixurXLx" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 51CC0C4339A; Mon, 6 Nov 2023 23:16:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1699312602; bh=5zznlCMbQ/vkgibx+/0Wb3RSQMeyIz43984bDL8JTZI=; h=From:To:Cc:Subject:Date:From; b=RixurXLxvXOvNhxvRJaS75UweWghKPYiJimYxxvSMTmJ2/VcyYpJBn/qe2mP1rxvx aejcF7LcKY9MW3XGmjlbvs7zw52l2xof96oEn7R6Hn8GiaZhPw5uqpX22XdR8T7lFh pPFFjFiWSn349di8X98qaeDFUOSmahYqaWqkFXJOkHmlEEVskmpyJ+XUMEMvrirB4x PdoVHQr+7izRFoW614shRsdCYSe1KhEZIeYa6F3ELthYcX6oX4Ytma8HTYz+bTQbHn yDu063z5D62gJ621JvvKyDYfkQjKeFsJxpvisLatW6YWwj0tHIiLVAVF1Hy5h+drmq qV7JMzmxOog1g== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Shuai Xue , Peter Zijlstra , Ingo Molnar , Sasha Levin , mingo@redhat.com, acme@kernel.org, linux-perf-users@vger.kernel.org Subject: [PATCH AUTOSEL 5.10 1/5] perf/core: Bail out early if the request AUX area is out of bound Date: Mon, 6 Nov 2023 18:16:32 -0500 Message-ID: <20231106231639.3735753-1-sashal@kernel.org> X-Mailer: git-send-email 2.42.0 Precedence: bulk X-Mailing-List: linux-perf-users@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore X-stable-base: Linux 5.10.199 Content-Transfer-Encoding: 8bit From: Shuai Xue [ Upstream commit 54aee5f15b83437f23b2b2469bcf21bdd9823916 ] When perf-record with a large AUX area, e.g 4GB, it fails with: #perf record -C 0 -m ,4G -e arm_spe_0// -- sleep 1 failed to mmap with 12 (Cannot allocate memory) and it reveals a WARNING with __alloc_pages(): ------------[ cut here ]------------ WARNING: CPU: 44 PID: 17573 at mm/page_alloc.c:5568 __alloc_pages+0x1ec/0x248 Call trace: __alloc_pages+0x1ec/0x248 __kmalloc_large_node+0xc0/0x1f8 __kmalloc_node+0x134/0x1e8 rb_alloc_aux+0xe0/0x298 perf_mmap+0x440/0x660 mmap_region+0x308/0x8a8 do_mmap+0x3c0/0x528 vm_mmap_pgoff+0xf4/0x1b8 ksys_mmap_pgoff+0x18c/0x218 __arm64_sys_mmap+0x38/0x58 invoke_syscall+0x50/0x128 el0_svc_common.constprop.0+0x58/0x188 do_el0_svc+0x34/0x50 el0_svc+0x34/0x108 el0t_64_sync_handler+0xb8/0xc0 el0t_64_sync+0x1a4/0x1a8 'rb->aux_pages' allocated by kcalloc() is a pointer array which is used to maintains AUX trace pages. The allocated page for this array is physically contiguous (and virtually contiguous) with an order of 0..MAX_ORDER. If the size of pointer array crosses the limitation set by MAX_ORDER, it reveals a WARNING. So bail out early with -ENOMEM if the request AUX area is out of bound, e.g.: #perf record -C 0 -m ,4G -e arm_spe_0// -- sleep 1 failed to mmap with 12 (Cannot allocate memory) Signed-off-by: Shuai Xue Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Ingo Molnar Signed-off-by: Sasha Levin --- kernel/events/ring_buffer.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/kernel/events/ring_buffer.c b/kernel/events/ring_buffer.c index 4032cd4750001..01351e7e25435 100644 --- a/kernel/events/ring_buffer.c +++ b/kernel/events/ring_buffer.c @@ -691,6 +691,12 @@ int rb_alloc_aux(struct perf_buffer *rb, struct perf_event *event, max_order--; } + /* + * kcalloc_node() is unable to allocate buffer if the size is larger + * than: PAGE_SIZE << MAX_ORDER; directly bail out in this case. + */ + if (get_order((unsigned long)nr_pages * sizeof(void *)) > MAX_ORDER) + return -ENOMEM; rb->aux_pages = kcalloc_node(nr_pages, sizeof(void *), GFP_KERNEL, node); if (!rb->aux_pages) -- 2.42.0