From: Jiri Olsa <jolsa@redhat.com>
To: Andi Kleen <ak@linux.intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>,
Milind Chabbi <chabbi.milind@gmail.com>,
Jiri Olsa <jolsa@kernel.org>, Ingo Molnar <mingo@kernel.org>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
lkml <linux-kernel@vger.kernel.org>,
Namhyung Kim <namhyung@kernel.org>,
David Ahern <dsahern@gmail.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Michael Ellerman <mpe@ellerman.id.au>,
Hari Bathini <hbathini@linux.vnet.ibm.com>,
Jin Yao <yao.jin@linux.intel.com>,
Kan Liang <kan.liang@intel.com>,
Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>,
Oleg Nesterov <onestero@redhat.com>,
Will Deacon <will.deacon@arm.com>
Subject: Re: [PATCH 4/6] hw_breakpoint: Factor out __modify_user_hw_breakpoint function
Date: Tue, 28 Nov 2017 12:24:47 +0100 [thread overview]
Message-ID: <20171128112447.GA15683@krava> (raw)
In-Reply-To: <20171127230747.GC3070@tassilo.jf.intel.com>
On Mon, Nov 27, 2017 at 03:07:47PM -0800, Andi Kleen wrote:
> On Mon, Nov 27, 2017 at 11:01:28PM +0100, Peter Zijlstra wrote:
> > On Mon, Nov 27, 2017 at 01:50:30PM -0800, Milind Chabbi wrote:
> > > The possible checks is infinite
> >
> > struct perf_event_attr is very much a finite data type.
> >
> > Something as simple as:
> >
> > struct perf_event_attr tmp1 = new_attr, tmp2 = event->attr;
> >
> > tmp1.bp_type = tmp2.bp_type;
> > tmp1.bp_addr = tmp2.bp_addr;
> > tmp1.bp_len = tmp2.bp_len;
> >
> > if (memcmp(&tmp1, &tmp2, sizeof(tmp1)))
> > return -EINVAL;
> >
> > would actually do the checks __modify_user_hw_breakpoint() needs to do.
>
> It could fail with uninitialized padding.
I think that should be fine.. both attrs go through perf_copy_attr,
which should check on it.. I found we init attr.sample_max_stack
out of perf_copy_attr, but we can move it there (attached)
also modify_user_hw_breakpoint is exported.. not sure we can add
this contrain and potentionaly break some kernel module?
I check kernel all the current kernel users and they copy the whole
perf_event_attr into attr argument before they change the allowed
bp_* fields, so there's no harm.
thanks,
jirka
---
diff --git a/kernel/events/core.c b/kernel/events/core.c
index 799bb352d99f..028adb24bf7a 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -9673,6 +9673,9 @@ static int perf_copy_attr(struct perf_event_attr __user *uattr,
ret = -EINVAL;
}
+ if (!attr->sample_max_stack)
+ attr->sample_max_stack = sysctl_perf_event_max_stack;
+
if (attr->sample_type & PERF_SAMPLE_REGS_INTR)
ret = perf_reg_validate(attr->sample_regs_intr);
out:
@@ -9886,9 +9889,6 @@ SYSCALL_DEFINE5(perf_event_open,
perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN))
return -EACCES;
- if (!attr.sample_max_stack)
- attr.sample_max_stack = sysctl_perf_event_max_stack;
-
/*
* In cgroup mode, the pid argument is used to pass the fd
* opened to the cgroup directory in cgroupfs. The cpu argument
diff --git a/kernel/events/hw_breakpoint.c b/kernel/events/hw_breakpoint.c
index a556aba223da..7b85160393b7 100644
--- a/kernel/events/hw_breakpoint.c
+++ b/kernel/events/hw_breakpoint.c
@@ -468,6 +468,9 @@ static int __modify_user_hw_breakpoint(struct perf_event *bp, struct perf_event_
bp->attr.bp_type = attr->bp_type;
bp->attr.bp_len = attr->bp_len;
+ if (memcmp(&bp->attr, attr, sizeof(*attr)))
+ return -EINVAL;
+
err = validate_hw_breakpoint(bp);
if (!err && modify)
err = modify_bp_slot(bp, old_type);
next prev parent reply other threads:[~2017-11-28 11:24 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-27 16:21 [PATCH 0/6] hw_breakpoint: Breakpoint modification fixes Jiri Olsa
2017-11-27 16:21 ` [PATCH 1/6] hw_breakpoint: Pass bp_type directly as find_slot_idx argument Jiri Olsa
2017-11-27 16:21 ` [PATCH 2/6] hw_breakpoint: Pass bp_type argument to __reserve_bp_slot|__release_bp_slot Jiri Olsa
2017-11-27 16:21 ` [PATCH 3/6] hw_breakpoint: Add modify_bp_slot function Jiri Olsa
2017-11-27 16:21 ` [PATCH 4/6] hw_breakpoint: Factor out __modify_user_hw_breakpoint function Jiri Olsa
2017-11-27 16:46 ` Peter Zijlstra
2017-11-27 17:09 ` Jiri Olsa
2017-11-27 17:12 ` Peter Zijlstra
2017-11-27 17:25 ` Jiri Olsa
2017-11-27 17:34 ` Peter Zijlstra
2017-11-27 21:20 ` Peter Zijlstra
2017-11-27 21:50 ` Milind Chabbi
2017-11-27 22:01 ` Peter Zijlstra
2017-11-27 22:16 ` Milind Chabbi
2017-11-27 22:25 ` Jiri Olsa
2017-11-27 22:41 ` Milind Chabbi
2017-11-27 23:07 ` Andi Kleen
2017-11-27 23:31 ` Milind Chabbi
2017-11-28 11:24 ` Jiri Olsa [this message]
2017-11-27 16:21 ` [PATCH 5/6] perf/core: fast breakpoint modification via _IOC_MODIFY_ATTRIBUTES Jiri Olsa
2017-11-27 16:21 ` [PATCH 6/6] perf tests: Add breakpoint accounting/modify test Jiri Olsa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171128112447.GA15683@krava \
--to=jolsa@redhat.com \
--cc=acme@kernel.org \
--cc=ak@linux.intel.com \
--cc=alexander.shishkin@linux.intel.com \
--cc=chabbi.milind@gmail.com \
--cc=dsahern@gmail.com \
--cc=hbathini@linux.vnet.ibm.com \
--cc=jolsa@kernel.org \
--cc=kan.liang@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=mpe@ellerman.id.au \
--cc=namhyung@kernel.org \
--cc=onestero@redhat.com \
--cc=peterz@infradead.org \
--cc=sukadev@linux.vnet.ibm.com \
--cc=will.deacon@arm.com \
--cc=yao.jin@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox