Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp1088726img; Mon, 18 Mar 2019 23:30:34 -0700 (PDT) X-Google-Smtp-Source: APXvYqz282MUt2MmlcgYESGvuKgOL3/nePXiidsAcf2WnGbmO8wJRqFbBTPferIPTDEbhHfDZLIK X-Received: by 2002:a62:46cc:: with SMTP id o73mr807961pfi.182.1552977034706; Mon, 18 Mar 2019 23:30:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1552977034; cv=none; d=google.com; s=arc-20160816; b=h1pPlJA4tIEUcC1kZMEd00dR+69yLPDATLLhLYaqunPSDfVTfaN2D8l8nJWm/Cy8tA sDR3IETDDrfo3XILGZ0e2nRdSe48wa+JdYxLchUqv+nwR0lSGLxrwEPP2cuFx/YSV2gH wmyWICx+9KMm0UnQ3Zq1OMYYI6Doh4w7NJIv4X7oiIb9Mc/ec5DJzUF3ZMwC79uhHZvt riP4Xo43LQjEVnMnV7pL2xsnRzHklxjAG1JUH/eRDjxkaLyeS2zp/Ec/7twiEAlL1M79 URMciJZVYZNPoOO9Ka9mrJSx0pPIxWzVI9DmvcpPmxIJhOGSf7E/RzuLnGNSvPvaookp s0/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=Udb7CEzMieQ1Ow6EJ3APNAoMu6rNd7q0c4Yhfz+6yaI=; b=UVOZGujVzL6zVDi2u7L7HDVS1Q/fiuSEujADT6nbnjC06HTGMsf6xsYSNk2da1/23e UXooekvF9oP6wV9Hi5/i0MD+pyWhjuxmA517VOVb/sH2BgluSrEbhJPt/pSO+aQXIAJE o+PNHKx5S95ePC88l1hfTk8ahKLPqODGiHG0uLGtShH3OMGH41sejBH35YcVPClMNdSR qYhaRkmH6hoPLHxt9MhWkpQvtWFbB/2Jyn2WLkInAI7Hgip8gM4jSKI911ElqK2EEEvQ bwQtqsGYYuV+BDVb/Zfy/pYEb7V+Q0gmRfQnuk1W0+LR7F34vS5fKEYDXW9iZMQ+K8ky 4wNw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=aCujGM4u; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i10si11840148plb.384.2019.03.18.23.30.19; Mon, 18 Mar 2019 23:30:34 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=aCujGM4u; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726506AbfCSG3i (ORCPT + 99 others); Tue, 19 Mar 2019 02:29:38 -0400 Received: from mail-ua1-f65.google.com ([209.85.222.65]:42537 "EHLO mail-ua1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725988AbfCSG3i (ORCPT ); Tue, 19 Mar 2019 02:29:38 -0400 Received: by mail-ua1-f65.google.com with SMTP id s26so6093871uao.9 for ; Mon, 18 Mar 2019 23:29:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Udb7CEzMieQ1Ow6EJ3APNAoMu6rNd7q0c4Yhfz+6yaI=; b=aCujGM4uvrizQnYgYmS0PDKAFRVvuCV2hegJLG3qSyIIql2V41/ie/ZcXKby2tRZ/X eEPuNOE1MvmpLjVgw0VcFct+p2VaN5gt8l6ipVKVy77Ma+so33pFI8W/JT/6spPxs4Zb mM0nJK9LYahXSfNrQ8YN3qJUU7++ZPosU6Gs7o77bU4ckYVnty4mrNPMi4oUVCzz9NrH aiXaBzxrdsNgkIOiakLVLxWP+VeRK1sbZxC0MUgQ+NLqsdg/Mipd9pUVRW50BKXIx9HS PkaH0DgaoCrrmZawVIAI7d4kGfnCoAaAjBnG3PJNSIiIF98PraFFQkJRExLOYe/OqPco a25Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Udb7CEzMieQ1Ow6EJ3APNAoMu6rNd7q0c4Yhfz+6yaI=; b=e0DzxKCnPsIsLm4AbRQ4kg0BcVFKB0GvsJPbdHp7FcTqrTa2FC9JVFspaNlyBGw45i e7bOKebY2IoVxqPJIEbmOicJgVVlnfCx2Yyrkj6ZLR1L00171glMLXUGi9Tm924VsKfA U6Zb1oaV2jATKrbiCJc//Mq/Hr8KxqcsCj/e6emk9FJWMpdMR82cbdxFQh2nU6Dwc30e G51T/A4aQTAJCB7C0KnX7GeE466lMVD14wf3R2PzxMVsw+diB4DnnvYajEpYSL7EsWrj HCv89EoNoe5ffdi+UTLfbRMmUiee6GHrdxrkeh4AhCp8CcjaEjtYOVy1Lt8zRASfwqjr U+Hw== X-Gm-Message-State: APjAAAVk1WDKMH2ggqD1ZFw7Mm3jPaK9nVrbHUmrcY9cyyWx6BWN+esF jHTZFqG7zPfC32du7HQeFemGRp9O0GUY0vLq0+DRVg== X-Received: by 2002:ab0:6193:: with SMTP id h19mr352463uan.47.1552976976539; Mon, 18 Mar 2019 23:29:36 -0700 (PDT) MIME-Version: 1.0 References: <20190314130113.919278615@infradead.org> <20190314130705.441549378@infradead.org> In-Reply-To: <20190314130705.441549378@infradead.org> From: Stephane Eranian Date: Mon, 18 Mar 2019 23:29:25 -0700 Message-ID: Subject: Re: [PATCH 1/8] perf/x86/intel: Fix memory corruption To: Peter Zijlstra Cc: Ingo Molnar , Jiri Olsa , LKML , tonyj@suse.com, nelson.dsouza@intel.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Mar 14, 2019 at 6:11 AM Peter Zijlstra wrote: > > Through: > > validate_event() > x86_pmu.get_event_constraints(.idx=-1) > tfa_get_event_constraints() > dyn_constraint() > > We use cpuc->constraint_list[-1], which is an obvious out-of-bound > access. > > In this case, simply skip the TFA constraint code, there is no event > constraint with just PMC3, therefore the code will never result in the > empty set. > > Reported-by: Tony Jones > Reported-by: "DSouza, Nelson" > Tested-by: Tony Jones > Tested-by: "DSouza, Nelson" > Cc: stable@kernel.org > Fixes: 400816f60c54 ("perf/x86/intel: Implement support for TSX Force Abort") > Signed-off-by: Peter Zijlstra (Intel) > --- > arch/x86/events/intel/core.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > --- a/arch/x86/events/intel/core.c > +++ b/arch/x86/events/intel/core.c > @@ -3410,7 +3410,7 @@ tfa_get_event_constraints(struct cpu_hw_ > /* > * Without TFA we must not use PMC3. > */ > - if (!allow_tsx_force_abort && test_bit(3, c->idxmsk)) { > + if (!allow_tsx_force_abort && test_bit(3, c->idxmsk) && idx >= 0) { > c = dyn_constraint(cpuc, c, idx); > c->idxmsk64 &= ~(1ULL << 3); > c->weight--; > > I was not cc'd on the patch that added allow_tsx_force_abort, so I will give some comments here. If I understand the goal of the control parameter it is to turn on/off the TFA workaround and thus determine whether or not PMC3 is available. I don't know why you would need to make this a runtime tunable. That seems a bit dodgy. But given the code you have here right now, we have to deal with it. A sysadmin could flip the control at any time, including when PMC3 is already in used by some events. I do not see the code that schedules out all the events on all CPUs once PMC3 becomes unavailable. You cannot just rely on the next context-switch or timer tick for multiplexing.