Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp1088726img;
        Mon, 18 Mar 2019 23:30:34 -0700 (PDT)
X-Google-Smtp-Source: APXvYqz282MUt2MmlcgYESGvuKgOL3/nePXiidsAcf2WnGbmO8wJRqFbBTPferIPTDEbhHfDZLIK
X-Received: by 2002:a62:46cc:: with SMTP id o73mr807961pfi.182.1552977034706;
        Mon, 18 Mar 2019 23:30:34 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1552977034; cv=none;
        d=google.com; s=arc-20160816;
        b=h1pPlJA4tIEUcC1kZMEd00dR+69yLPDATLLhLYaqunPSDfVTfaN2D8l8nJWm/Cy8tA
         sDR3IETDDrfo3XILGZ0e2nRdSe48wa+JdYxLchUqv+nwR0lSGLxrwEPP2cuFx/YSV2gH
         wmyWICx+9KMm0UnQ3Zq1OMYYI6Doh4w7NJIv4X7oiIb9Mc/ec5DJzUF3ZMwC79uhHZvt
         riP4Xo43LQjEVnMnV7pL2xsnRzHklxjAG1JUH/eRDjxkaLyeS2zp/Ec/7twiEAlL1M79
         URMciJZVYZNPoOO9Ka9mrJSx0pPIxWzVI9DmvcpPmxIJhOGSf7E/RzuLnGNSvPvaookp
         s0/w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=Udb7CEzMieQ1Ow6EJ3APNAoMu6rNd7q0c4Yhfz+6yaI=;
        b=UVOZGujVzL6zVDi2u7L7HDVS1Q/fiuSEujADT6nbnjC06HTGMsf6xsYSNk2da1/23e
         UXooekvF9oP6wV9Hi5/i0MD+pyWhjuxmA517VOVb/sH2BgluSrEbhJPt/pSO+aQXIAJE
         o+PNHKx5S95ePC88l1hfTk8ahKLPqODGiHG0uLGtShH3OMGH41sejBH35YcVPClMNdSR
         qYhaRkmH6hoPLHxt9MhWkpQvtWFbB/2Jyn2WLkInAI7Hgip8gM4jSKI911ElqK2EEEvQ
         bwQtqsGYYuV+BDVb/Zfy/pYEb7V+Q0gmRfQnuk1W0+LR7F34vS5fKEYDXW9iZMQ+K8ky
         4wNw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=aCujGM4u;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id i10si11840148plb.384.2019.03.18.23.30.19;
        Mon, 18 Mar 2019 23:30:34 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=aCujGM4u;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726506AbfCSG3i (ORCPT <rfc822;yxhlfx@gmail.com> + 99 others);
        Tue, 19 Mar 2019 02:29:38 -0400
Received: from mail-ua1-f65.google.com ([209.85.222.65]:42537 "EHLO
        mail-ua1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725988AbfCSG3i (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 19 Mar 2019 02:29:38 -0400
Received: by mail-ua1-f65.google.com with SMTP id s26so6093871uao.9
        for <linux-kernel@vger.kernel.org>; Mon, 18 Mar 2019 23:29:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=Udb7CEzMieQ1Ow6EJ3APNAoMu6rNd7q0c4Yhfz+6yaI=;
        b=aCujGM4uvrizQnYgYmS0PDKAFRVvuCV2hegJLG3qSyIIql2V41/ie/ZcXKby2tRZ/X
         eEPuNOE1MvmpLjVgw0VcFct+p2VaN5gt8l6ipVKVy77Ma+so33pFI8W/JT/6spPxs4Zb
         mM0nJK9LYahXSfNrQ8YN3qJUU7++ZPosU6Gs7o77bU4ckYVnty4mrNPMi4oUVCzz9NrH
         aiXaBzxrdsNgkIOiakLVLxWP+VeRK1sbZxC0MUgQ+NLqsdg/Mipd9pUVRW50BKXIx9HS
         PkaH0DgaoCrrmZawVIAI7d4kGfnCoAaAjBnG3PJNSIiIF98PraFFQkJRExLOYe/OqPco
         a25Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=Udb7CEzMieQ1Ow6EJ3APNAoMu6rNd7q0c4Yhfz+6yaI=;
        b=e0DzxKCnPsIsLm4AbRQ4kg0BcVFKB0GvsJPbdHp7FcTqrTa2FC9JVFspaNlyBGw45i
         e7bOKebY2IoVxqPJIEbmOicJgVVlnfCx2Yyrkj6ZLR1L00171glMLXUGi9Tm924VsKfA
         U6Zb1oaV2jATKrbiCJc//Mq/Hr8KxqcsCj/e6emk9FJWMpdMR82cbdxFQh2nU6Dwc30e
         G51T/A4aQTAJCB7C0KnX7GeE466lMVD14wf3R2PzxMVsw+diB4DnnvYajEpYSL7EsWrj
         HCv89EoNoe5ffdi+UTLfbRMmUiee6GHrdxrkeh4AhCp8CcjaEjtYOVy1Lt8zRASfwqjr
         U+Hw==
X-Gm-Message-State: APjAAAVk1WDKMH2ggqD1ZFw7Mm3jPaK9nVrbHUmrcY9cyyWx6BWN+esF
        jHTZFqG7zPfC32du7HQeFemGRp9O0GUY0vLq0+DRVg==
X-Received: by 2002:ab0:6193:: with SMTP id h19mr352463uan.47.1552976976539;
 Mon, 18 Mar 2019 23:29:36 -0700 (PDT)
MIME-Version: 1.0
References: <20190314130113.919278615@infradead.org> <20190314130705.441549378@infradead.org>
In-Reply-To: <20190314130705.441549378@infradead.org>
From:   Stephane Eranian <eranian@google.com>
Date:   Mon, 18 Mar 2019 23:29:25 -0700
Message-ID: <CABPqkBT9=XRLinbhA0T5iztM6NGd5fO39-kQoB5j3Evfvfh2yA@mail.gmail.com>
Subject: Re: [PATCH 1/8] perf/x86/intel: Fix memory corruption
To:     Peter Zijlstra <peterz@infradead.org>
Cc:     Ingo Molnar <mingo@kernel.org>, Jiri Olsa <jolsa@redhat.com>,
        LKML <linux-kernel@vger.kernel.org>, tonyj@suse.com,
        nelson.dsouza@intel.com
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Mar 14, 2019 at 6:11 AM Peter Zijlstra <peterz@infradead.org> wrote:
>
> Through:
>
>   validate_event()
>     x86_pmu.get_event_constraints(.idx=-1)
>       tfa_get_event_constraints()
>         dyn_constraint()
>
> We use cpuc->constraint_list[-1], which is an obvious out-of-bound
> access.
>
> In this case, simply skip the TFA constraint code, there is no event
> constraint with just PMC3, therefore the code will never result in the
> empty set.
>
> Reported-by: Tony Jones <tonyj@suse.com>
> Reported-by: "DSouza, Nelson" <nelson.dsouza@intel.com>
> Tested-by: Tony Jones <tonyj@suse.com>
> Tested-by: "DSouza, Nelson" <nelson.dsouza@intel.com>
> Cc: stable@kernel.org
> Fixes: 400816f60c54 ("perf/x86/intel: Implement support for TSX Force Abort")
> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
> ---
>  arch/x86/events/intel/core.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> --- a/arch/x86/events/intel/core.c
> +++ b/arch/x86/events/intel/core.c
> @@ -3410,7 +3410,7 @@ tfa_get_event_constraints(struct cpu_hw_
>         /*
>          * Without TFA we must not use PMC3.
>          */
> -       if (!allow_tsx_force_abort && test_bit(3, c->idxmsk)) {
> +       if (!allow_tsx_force_abort && test_bit(3, c->idxmsk) && idx >= 0) {
>                 c = dyn_constraint(cpuc, c, idx);
>                 c->idxmsk64 &= ~(1ULL << 3);
>                 c->weight--;
>
>
I was not cc'd on the patch that added  allow_tsx_force_abort, so I
will give some comments here.
If I understand the goal of the control parameter it is to turn on/off
the TFA workaround and thus determine
whether or not PMC3 is available. I don't know why you would need to
make this a runtime tunable. That
seems a bit dodgy. But given the code you have here right now, we have
to deal with it. A sysadmin could
flip the control at any time, including when PMC3 is already in used
by some events. I do not see the code
that schedules out all the events on all CPUs once PMC3 becomes
unavailable. You cannot just rely on the
next context-switch or timer tick for multiplexing.