Message ID | 20171130083322.31206-1-ravi.bangoria@linux.vnet.ibm.com (mailing list archive) |
---|---|
State | Accepted |
Commit | 5aa04b3eb6fca63d2e9827be656dcadc26d54e11 |
Headers | show |
Series | powerpc/perf: Fix oops when grouping different pmu events | expand |
On Thursday 30 November 2017 02:03 PM, Ravi Bangoria wrote: > When user tries to group imc (In-Memory Collections) event with > normal event, (sometime) kernel crashes with following log: > > Faulting instruction address: 0x00000000 > [link register ] c00000000010ce88 power_check_constraints+0x128/0x980 > ... > c00000000010e238 power_pmu_event_init+0x268/0x6f0 > c0000000002dc60c perf_try_init_event+0xdc/0x1a0 > c0000000002dce88 perf_event_alloc+0x7b8/0xac0 > c0000000002e92e0 SyS_perf_event_open+0x530/0xda0 > c00000000000b004 system_call+0x38/0xe0 > > 'event_base' field of 'struct hw_perf_event' is used as flags for > normal hw events and used as memory address for imc events. While > grouping these two types of events, collect_events() tries to > interpret imc 'event_base' as a flag, which causes a corruption > resulting in a crash. > > Consider only those events which belongs to 'perf_hw_context' in > collect_events(). Reviewed-By: Madhavan Srinivasan <maddy@linux.vnet.ibm.com> > > Signed-off-by: Ravi Bangoria <ravi.bangoria@linux.vnet.ibm.com> > --- > arch/powerpc/perf/core-book3s.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/arch/powerpc/perf/core-book3s.c b/arch/powerpc/perf/core-book3s.c > index 9e3da16..1538129 100644 > --- a/arch/powerpc/perf/core-book3s.c > +++ b/arch/powerpc/perf/core-book3s.c > @@ -1415,7 +1415,7 @@ static int collect_events(struct perf_event *group, int max_count, > int n = 0; > struct perf_event *event; > > - if (!is_software_event(group)) { > + if (group->pmu->task_ctx_nr == perf_hw_context) { > if (n >= max_count) > return -1; > ctrs[n] = group; > @@ -1423,7 +1423,7 @@ static int collect_events(struct perf_event *group, int max_count, > events[n++] = group->hw.config; > } > list_for_each_entry(event, &group->sibling_list, group_entry) { > - if (!is_software_event(event) && > + if (event->pmu->task_ctx_nr == perf_hw_context && > event->state != PERF_EVENT_STATE_OFF) { > if (n >= max_count) > return -1;
On Thu, 2017-11-30 at 08:33:22 UTC, Ravi Bangoria wrote: > When user tries to group imc (In-Memory Collections) event with > normal event, (sometime) kernel crashes with following log: > > Faulting instruction address: 0x00000000 > [link register ] c00000000010ce88 power_check_constraints+0x128/0x980 > ... > c00000000010e238 power_pmu_event_init+0x268/0x6f0 > c0000000002dc60c perf_try_init_event+0xdc/0x1a0 > c0000000002dce88 perf_event_alloc+0x7b8/0xac0 > c0000000002e92e0 SyS_perf_event_open+0x530/0xda0 > c00000000000b004 system_call+0x38/0xe0 > > 'event_base' field of 'struct hw_perf_event' is used as flags for > normal hw events and used as memory address for imc events. While > grouping these two types of events, collect_events() tries to > interpret imc 'event_base' as a flag, which causes a corruption > resulting in a crash. > > Consider only those events which belongs to 'perf_hw_context' in > collect_events(). > > Signed-off-by: Ravi Bangoria <ravi.bangoria@linux.vnet.ibm.com> > Reviewed-By: Madhavan Srinivasan <maddy@linux.vnet.ibm.com> Applied to powerpc fixes, thanks. https://git.kernel.org/powerpc/c/5aa04b3eb6fca63d2e9827be656dca cheers
diff --git a/arch/powerpc/perf/core-book3s.c b/arch/powerpc/perf/core-book3s.c index 9e3da16..1538129 100644 --- a/arch/powerpc/perf/core-book3s.c +++ b/arch/powerpc/perf/core-book3s.c @@ -1415,7 +1415,7 @@ static int collect_events(struct perf_event *group, int max_count, int n = 0; struct perf_event *event; - if (!is_software_event(group)) { + if (group->pmu->task_ctx_nr == perf_hw_context) { if (n >= max_count) return -1; ctrs[n] = group; @@ -1423,7 +1423,7 @@ static int collect_events(struct perf_event *group, int max_count, events[n++] = group->hw.config; } list_for_each_entry(event, &group->sibling_list, group_entry) { - if (!is_software_event(event) && + if (event->pmu->task_ctx_nr == perf_hw_context && event->state != PERF_EVENT_STATE_OFF) { if (n >= max_count) return -1;
When user tries to group imc (In-Memory Collections) event with normal event, (sometime) kernel crashes with following log: Faulting instruction address: 0x00000000 [link register ] c00000000010ce88 power_check_constraints+0x128/0x980 ... c00000000010e238 power_pmu_event_init+0x268/0x6f0 c0000000002dc60c perf_try_init_event+0xdc/0x1a0 c0000000002dce88 perf_event_alloc+0x7b8/0xac0 c0000000002e92e0 SyS_perf_event_open+0x530/0xda0 c00000000000b004 system_call+0x38/0xe0 'event_base' field of 'struct hw_perf_event' is used as flags for normal hw events and used as memory address for imc events. While grouping these two types of events, collect_events() tries to interpret imc 'event_base' as a flag, which causes a corruption resulting in a crash. Consider only those events which belongs to 'perf_hw_context' in collect_events(). Signed-off-by: Ravi Bangoria <ravi.bangoria@linux.vnet.ibm.com> --- arch/powerpc/perf/core-book3s.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)