[SRU,Artful,Bionic,1/1] powerpc/perf: Fix oops when grouping different pmu events

Message ID 0d3f1fd856329505efe3bcfe71647b8b43594ce7.1517423942.git.joseph.salisbury@canonical.com
State New
Headers show
  • [SRU,Artful,Bionic,1/1] powerpc/perf: Fix oops when grouping different pmu events
Related show

Commit Message

Joseph Salisbury Feb. 2, 2018, 8:50 p.m.
From: Ravi Bangoria <ravi.bangoria@linux.vnet.ibm.com>

BugLink: http://bugs.launchpad.net/bugs/1746225

When user tries to group imc (In-Memory Collections) event with
normal event, (sometime) kernel crashes with following log:

    Faulting instruction address: 0x00000000
    [link register   ] c00000000010ce88 power_check_constraints+0x128/0x980
    c00000000010e238 power_pmu_event_init+0x268/0x6f0
    c0000000002dc60c perf_try_init_event+0xdc/0x1a0
    c0000000002dce88 perf_event_alloc+0x7b8/0xac0
    c0000000002e92e0 SyS_perf_event_open+0x530/0xda0
    c00000000000b004 system_call+0x38/0xe0

'event_base' field of 'struct hw_perf_event' is used as flags for
normal hw events and used as memory address for imc events. While
grouping these two types of events, collect_events() tries to
interpret imc 'event_base' as a flag, which causes a corruption
resulting in a crash.

Consider only those events which belongs to 'perf_hw_context' in

Signed-off-by: Ravi Bangoria <ravi.bangoria@linux.vnet.ibm.com>
Reviewed-By: Madhavan Srinivasan <maddy@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
(cherry picked from commit 5aa04b3eb6fca63d2e9827be656dcadc26d54e11)
Signed-off-by: Joseph Salisbury <joseph.salisbury@canonical.com>
 arch/powerpc/perf/core-book3s.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


diff --git a/arch/powerpc/perf/core-book3s.c b/arch/powerpc/perf/core-book3s.c
index 6c2d416..61140e0 100644
--- a/arch/powerpc/perf/core-book3s.c
+++ b/arch/powerpc/perf/core-book3s.c
@@ -1410,7 +1410,7 @@  static int collect_events(struct perf_event *group, int max_count,
 	int n = 0;
 	struct perf_event *event;
-	if (!is_software_event(group)) {
+	if (group->pmu->task_ctx_nr == perf_hw_context) {
 		if (n >= max_count)
 			return -1;
 		ctrs[n] = group;
@@ -1418,7 +1418,7 @@  static int collect_events(struct perf_event *group, int max_count,
 		events[n++] = group->hw.config;
 	list_for_each_entry(event, &group->sibling_list, group_entry) {
-		if (!is_software_event(event) &&
+		if (event->pmu->task_ctx_nr == perf_hw_context &&
 		    event->state != PERF_EVENT_STATE_OFF) {
 			if (n >= max_count)
 				return -1;