Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755508AbbEUNSR (ORCPT <rfc822;w@1wt.eu>);
	Thu, 21 May 2015 09:18:17 -0400
Received: from mail-oi0-f54.google.com ([209.85.218.54]:34263 "EHLO
	mail-oi0-f54.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753649AbbEUNSP (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Thu, 21 May 2015 09:18:15 -0400
MIME-Version: 1.0
In-Reply-To: <20150521130952.GQ3644@twins.programming.kicks-ass.net>
References: <20150521111710.475482798@infradead.org>
	<20150521111932.592505273@infradead.org>
	<CABPqkBTrp8fyUobwWq2bZ_9Rg92nCX2xE3BHqDgW6FErP_waZQ@mail.gmail.com>
	<20150521125615.GO3644@twins.programming.kicks-ass.net>
	<CABPqkBTFPRwHX8zKERYFrMBVQor5GJcDd4ZcKt8WL-tjbJdzLw@mail.gmail.com>
	<20150521130952.GQ3644@twins.programming.kicks-ass.net>
Date: Thu, 21 May 2015 06:18:15 -0700
Message-ID: <CABPqkBRbK-SNAJS8_GDWDzc5V74WV5VjECzMkuuWFSjcE5spxQ@mail.gmail.com>
Subject: Re: [PATCH 01/10] perf,x86: Fix event/group validation
From: Stephane Eranian <eranian@google.com>
To: Peter Zijlstra <peterz@infradead.org>
Cc: Ingo Molnar <mingo@kernel.org>, Vince Weaver <vincent.weaver@maine.edu>,
        Jiri Olsa <jolsa@redhat.com>, "Liang, Kan" <kan.liang@intel.com>,
        LKML <linux-kernel@vger.kernel.org>, Andrew Hunter <ahh@google.com>,
        Maria Dimakopoulou <maria.n.dimakopoulou@gmail.com>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 2049
Lines: 53

On Thu, May 21, 2015 at 6:09 AM, Peter Zijlstra <peterz@infradead.org> wrote:
> On Thu, May 21, 2015 at 06:07:20AM -0700, Stephane Eranian wrote:
>> On Thu, May 21, 2015 at 5:56 AM, Peter Zijlstra <peterz@infradead.org> wrote:
>> > On Thu, May 21, 2015 at 05:35:02AM -0700, Stephane Eranian wrote:
>> >> > Commit e979121b1b15 ("perf/x86/intel: Implement cross-HT corruption
>> >> > bug workaround") made the situation much worse by actually setting the
>> >> > event->hw.constraint value to NULL, so when validation and actual
>> >> > scheduling interact we get NULL ptr derefs.
>> >> >
>> >>
>> >> But  x86_schedule_events() does reset the hw.constraint for each invocation:
>> >>
>> >>            c = x86_pmu.get_event_constraints(cpuc, i, cpuc->event_list[i]);
>> >>            hwc->constraint = c;
>> >
>> > Yes, so if you have:
>> >
>> >         validate_group()
>> >
>> >                 hwc->constraint = c;
>> >
>> Ok, you get that because validate_group() invokes x6_schedule_events() but
>> on the fake_cpuc. This on fake_cpuc->event_list[]->hwc.
>>
>> >         <context switch>
>> >
>> >                 c = hwc->constraint;
>> >
>> > The second c might not be the first.
>> And where does this assignment come from?
>
> That's a read. The <context switch> can include a call to
> x86_schedule_events().
Yes, but x86_schedule_events() never reads the constraint
without setting it again before.

>
>> For actual scheduling, we are using the actual cpuc, not fake_cpuc.
>> Validate_group() does not modify global cpuc state. Or am I missing
>> something?
>
> No, but x86_schedule_event() can modify event state, which is the fail.
>
Yes, it does modify the cpuc->event_list[]->hwc, because it is used as a
cache for *EACH* invocation of the function. It is irrelevant outside the
function.

>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/