Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp3876023ybz; Mon, 4 May 2020 11:19:04 -0700 (PDT) X-Google-Smtp-Source: APiQypKtuzTapmddwIYjnuCICdCLD5Qb7khpUB0pdBbhWwim63DGYIQQiGciAoAMrcFgtu0G0/ey X-Received: by 2002:aa7:c38a:: with SMTP id k10mr15851782edq.74.1588616344342; Mon, 04 May 2020 11:19:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1588616344; cv=none; d=google.com; s=arc-20160816; b=0WMps/BSks1i3ZRumHgyizw5kPHBygJmu2HWQijlrFbPslPPxHXwwA+k7vtVcrkezt LYl0jjt1gecGD4wvUkkw41V9e6YviY3zjr0l5Ajb5iMG4SiVHlvqwCSiKway7J0CwPrz qYC3aGS6tMGLQxRJeuoTtVwKZmILlQNf0It25GFqnltd3e++S/EnavvkymnLeppAlRuG Ia4eLU3lpZTy6vRA3XrbfUtsu1iU4q9zeiiYIfuqlavxSDOdDeItbLlrHMl2RVyDCcM7 +3PSVvTyl1be30Sa2o0ho5+D3mkg/cusePvJawTFxglMon3v3a4prRYBC59iQXeEr7y4 YKlw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Hhq0vu9Cvn9s1dlq1MKSivXrHMOJ4hBcJQqxjo5QriM=; b=okfn3+EbmatMqdssZ7tbKEoR3i3+Nc2c6I9hm+zz/n/UH6M7bDnNN5EKBakC4aRy7Y G18aIlakc1c9lTrHScDjHLg3s2TspHvUF/oAc7uj9bsrBGjWdcOlXtSIOepgPgTXT6i6 ggKgxYxlYhzQvtCEm39c6bZ8bLtUzepl2U3WfgTNCe5/3JkpSHpY5kHSAOhUBGbuwx4M 8ZFl9NYOEZG9tF2ZYMykQUgk0FAjkyYJUnYb0y53yIY7SSRTx0HA2vzW7V0fk27/gkba nw9EaJsRuEkfAZpdHM3DX65dXa1nJtm5kj3A3W3H9AVNG5hNyO+t8kiZx1fvdEOmuK+I EFTg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=wHFq3E2x; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id bs1si7227507edb.200.2020.05.04.11.18.41; Mon, 04 May 2020 11:19:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=wHFq3E2x; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730685AbgEDR7H (ORCPT + 99 others); Mon, 4 May 2020 13:59:07 -0400 Received: from mail.kernel.org ([198.145.29.99]:52166 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730658AbgEDR7E (ORCPT ); Mon, 4 May 2020 13:59:04 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id EFCF020746; Mon, 4 May 2020 17:59:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1588615143; bh=/d4LLvuy0JaQAOIVCX8DV7isbzzvmVxxFXjbhAkZVNw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=wHFq3E2xZjeq5Wl8BWtjXL5YVBMjGSS3l86o8KknOa6vQliILifUxA81nCBq0VRCZ mfSlObOgd89aoPSzPho/aIBXV23Kk6icnj/wv5sf6QxgsCMSGWu9BNFDu6JGzzwHPs uPc/ghKnjw+QAP4eD0Za5K87ilXizBRqRFkCHLdI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, "Peter Zijlstra (Intel)" , Arnaldo Carvalho de Melo , David Ahern , Jiri Olsa , Kan Liang , Linus Torvalds , Namhyung Kim , Stephane Eranian , Thomas Gleixner , Vince Weaver , Ingo Molnar Subject: [PATCH 4.4 13/18] perf/x86: Fix uninitialized value usage Date: Mon, 4 May 2020 19:57:11 +0200 Message-Id: <20200504165444.253471372@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200504165441.533160703@linuxfoundation.org> References: <20200504165441.533160703@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Peter Zijlstra commit e01d8718de4170373cd7fbf5cf6f9cb61cebb1e9 upstream. When calling intel_alt_er() with .idx != EXTRA_REG_RSP_* we will not initialize alt_idx and then use this uninitialized value to index an array. When that is not fatal, it can result in an infinite loop in its caller __intel_shared_reg_get_constraints(), with IRQs disabled. Alternative error modes are random memory corruption due to the cpuc->shared_regs->regs[] array overrun, which manifest in either get_constraints or put_constraints doing weird stuff. Only took 6 hours of painful debugging to find this. Neither GCC nor Smatch warnings flagged this bug. Signed-off-by: Peter Zijlstra (Intel) Cc: Arnaldo Carvalho de Melo Cc: David Ahern Cc: Jiri Olsa Cc: Kan Liang Cc: Linus Torvalds Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Stephane Eranian Cc: Thomas Gleixner Cc: Vince Weaver Fixes: ae3f011fc251 ("perf/x86/intel: Fix SLM MSR_OFFCORE_RSP1 valid_mask") Signed-off-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman --- arch/x86/kernel/cpu/perf_event_intel.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/arch/x86/kernel/cpu/perf_event_intel.c +++ b/arch/x86/kernel/cpu/perf_event_intel.c @@ -1937,7 +1937,8 @@ intel_bts_constraints(struct perf_event static int intel_alt_er(int idx, u64 config) { - int alt_idx; + int alt_idx = idx; + if (!(x86_pmu.flags & PMU_FL_HAS_RSP_1)) return idx;