From: Sasha Levin <sasha.levin@oracle.com>
To: Peter Zijlstra <peterz@infradead.org>, mingo@kernel.org
Cc: vincent.weaver@maine.edu, eranian@google.com, jolsa@redhat.com,
kan.liang@intel.com, linux-kernel@vger.kernel.org,
Andrew Hunter <ahh@google.com>,
Maria Dimakopoulou <maria.n.dimakopoulou@gmail.com>
Subject: Re: [PATCH 01/10] perf,x86: Fix event/group validation
Date: Fri, 21 Aug 2015 16:31:28 -0400 [thread overview]
Message-ID: <55D78AA0.6000106@oracle.com> (raw)
In-Reply-To: <20150521111932.592505273@infradead.org>
On 05/21/2015 07:17 AM, Peter Zijlstra wrote:
> --- a/arch/x86/kernel/cpu/perf_event_intel.c
> +++ b/arch/x86/kernel/cpu/perf_event_intel.c
> @@ -2106,7 +2106,7 @@ static struct event_constraint *
> intel_get_event_constraints(struct cpu_hw_events *cpuc, int idx,
> struct perf_event *event)
> {
> - struct event_constraint *c1 = event->hw.constraint;
> + struct event_constraint *c1 = cpuc->event_constraint[idx];
> struct event_constraint *c2;
Hey Peter,
I was chasing a memory corruption in this area and I think I found
a possible culprit:
After this patch, In the code above, we'd access "cpuc->event_constraint[idx]"
and read/change memory.
The problem is that a valid value for idx is also -1, which isn't checked
here, so we end up accessing and possibly corrupting memory that isn't ours.
Thanks,
Sasha
next prev parent reply other threads:[~2015-08-21 20:32 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-21 11:17 [PATCH 00/10] Various x86 pmu scheduling patches Peter Zijlstra
2015-05-21 11:17 ` [PATCH 01/10] perf,x86: Fix event/group validation Peter Zijlstra
2015-05-21 12:35 ` Stephane Eranian
2015-05-21 12:56 ` Peter Zijlstra
2015-05-21 13:07 ` Stephane Eranian
2015-05-21 13:09 ` Peter Zijlstra
2015-05-21 13:18 ` Stephane Eranian
2015-05-21 13:20 ` Peter Zijlstra
2015-05-21 13:27 ` Stephane Eranian
2015-05-21 13:29 ` Peter Zijlstra
2015-05-21 13:36 ` Stephane Eranian
2015-05-21 14:03 ` Peter Zijlstra
2015-05-21 15:11 ` Stephane Eranian
2015-05-22 6:49 ` Ingo Molnar
2015-05-22 9:26 ` Stephane Eranian
2015-05-22 9:46 ` Ingo Molnar
2015-05-21 14:53 ` Peter Zijlstra
2015-05-21 15:42 ` Stephane Eranian
2015-08-21 20:31 ` Sasha Levin [this message]
2015-09-10 4:48 ` Sasha Levin
2015-09-10 8:54 ` Stephane Eranian
2015-09-10 10:01 ` Peter Zijlstra
2015-05-21 11:17 ` [PATCH 02/10] perf/x86: Improve HT workaround GP counter constraint Peter Zijlstra
2015-05-22 10:04 ` Stephane Eranian
2015-05-22 11:21 ` Peter Zijlstra
2015-05-22 11:24 ` Stephane Eranian
2015-05-22 11:28 ` Peter Zijlstra
2015-05-22 12:35 ` Stephane Eranian
2015-05-22 12:53 ` Peter Zijlstra
2015-05-22 12:55 ` Stephane Eranian
2015-05-22 12:59 ` Peter Zijlstra
2015-05-22 13:05 ` Stephane Eranian
2015-05-22 13:07 ` Stephane Eranian
2015-05-22 13:25 ` Peter Zijlstra
2015-05-22 13:29 ` Stephane Eranian
2015-05-22 13:36 ` Peter Zijlstra
2015-05-22 13:40 ` Stephane Eranian
2015-05-22 13:48 ` Peter Zijlstra
2015-05-23 8:26 ` Ingo Molnar
2015-05-22 13:25 ` Peter Zijlstra
2015-05-22 13:10 ` Peter Zijlstra
2015-05-21 11:17 ` [PATCH 03/10] perf/x86: Correct local vs remote sibling state Peter Zijlstra
2015-05-21 13:31 ` Stephane Eranian
2015-05-21 14:10 ` Peter Zijlstra
2015-05-21 11:17 ` [PATCH 04/10] perf/x86: Use lockdep Peter Zijlstra
2015-05-21 11:17 ` [PATCH 05/10] perf/x86: Simplify dynamic constraint code somewhat Peter Zijlstra
2015-05-21 11:17 ` [PATCH 06/10] perf/x86: Make WARNs consistent Peter Zijlstra
2015-05-21 11:17 ` [PATCH 07/10] perf/x86: Move intel_commit_scheduling() Peter Zijlstra
2015-05-21 11:17 ` [PATCH 08/10] perf/x86: Remove pointless tests Peter Zijlstra
2015-05-21 13:24 ` Stephane Eranian
2015-05-21 11:17 ` [PATCH 09/10] perf/x86: Remove intel_excl_states::init_state Peter Zijlstra
2015-05-21 13:39 ` Stephane Eranian
2015-05-21 14:12 ` Peter Zijlstra
2015-05-21 11:17 ` [PATCH 10/10] perf,x86: Simplify logic Peter Zijlstra
2015-05-21 11:48 ` [PATCH 00/10] Various x86 pmu scheduling patches Stephane Eranian
2015-05-21 12:53 ` Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55D78AA0.6000106@oracle.com \
--to=sasha.levin@oracle.com \
--cc=ahh@google.com \
--cc=eranian@google.com \
--cc=jolsa@redhat.com \
--cc=kan.liang@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=maria.n.dimakopoulou@gmail.com \
--cc=mingo@kernel.org \
--cc=peterz@infradead.org \
--cc=vincent.weaver@maine.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox