Message ID | 20230803023321.111078-1-tianruidong@linux.alibaba.com |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9f41:0:b0:3e4:2afc:c1 with SMTP id v1csp866985vqx; Wed, 2 Aug 2023 19:41:41 -0700 (PDT) X-Google-Smtp-Source: APBJJlFWMx+rSR5+EGOASx2muVOGBEBzNZ4fW5xgmJp6MiUCuoi7pCDtqoeveVRHG/68YgSVVE3W X-Received: by 2002:a05:6402:5110:b0:51e:5dd8:fc59 with SMTP id m16-20020a056402511000b0051e5dd8fc59mr14461237edd.1.1691030501166; Wed, 02 Aug 2023 19:41:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691030501; cv=none; d=google.com; s=arc-20160816; b=JMiae785q5OBfHT6r7riegbxMInGWCOlD2ozbYwUQ+zue5NYN5dJ0hxnbETMUUv9eJ IwVaki/W8oE5gSRmowXvHiV6l5OiXyyJTvhImvqFDzsZlHG+i/pVk/aE7uqEhKg8n+Dl onT1Lx1QxUFNtKx2q26JYz2Rz9PpSwBv4JZOgqeQr/HuvDNmZBl5T3ePDizd2R16wTHZ PaX2r/S8vkRRLlOyynG2Shmjb3BplzpQYzavZvslWelI+3cVDV8+wedErsWCginCe3D8 iYLtOLAplP+f0T8B0yO0F5S7qRby8aXOShhSA2UOfTENTWR+b0JFNaSgQBoqJ8wkt+a8 M2Tg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=/ihqBqvzNWhK9ZQKkzjrfJNOrWzI5PPLcJ/AmPq+ONY=; fh=vYLmehEgNlGZdj3CbAwXax39O2v1aVJ34zckEg2qnf4=; b=LKtFKOY3yJlvkl6ee8QThXh1UO+D60e0DtOu1SXJPfT8OaiUmyU42w2lvR/VEbCvBv C4nFTnDJXos3mBwq3+tb++MYQTkyIzEA+1tiKY19s0UsfDoSQ/I8RYCLzghz8GYHYZlt hg3AJFeyidOmwLwM+vS1OMr4k9I6M2kF4JvIYnz47DuPFjJdaJ4/ZLYGhwnEgACt+Eci iZ6XIjlMSJVraZur8vZTGT7eVIBogZxb/nNjO8cl4JwLHi6TIfx95D/yY1F4uLnlnHDi Rl4n4+u8w7PgJIm7wG5fCJZbpvIFzuymXVROZ/CJiQ0tMN7Cpcw96kLumjIsf5y/muc4 OwLg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f23-20020a05640214d700b005221645da58si2336931edx.580.2023.08.02.19.41.16; Wed, 02 Aug 2023 19:41:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233214AbjHCCfr (ORCPT <rfc822;cambridge8321@gmail.com> + 99 others); Wed, 2 Aug 2023 22:35:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54278 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233051AbjHCCf0 (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Wed, 2 Aug 2023 22:35:26 -0400 Received: from out30-113.freemail.mail.aliyun.com (out30-113.freemail.mail.aliyun.com [115.124.30.113]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A1E603A9D for <linux-kernel@vger.kernel.org>; Wed, 2 Aug 2023 19:33:28 -0700 (PDT) X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R171e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018046050;MF=tianruidong@linux.alibaba.com;NM=1;PH=DS;RN=8;SR=0;TI=SMTPD_---0VowzZp3_1691030002; Received: from localhost(mailfrom:tianruidong@linux.alibaba.com fp:SMTPD_---0VowzZp3_1691030002) by smtp.aliyun-inc.com; Thu, 03 Aug 2023 10:33:25 +0800 From: Ruidong Tian <tianruidong@linux.alibaba.com> To: tianruidong@linux.alibaba.com Cc: alexander.shishkin@linux.intel.com, coresight@lists.linaro.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, mike.leach@linaro.org, suzuki.poulose@arm.com, james.clark@arm.com Subject: [PATCH v2] coresight: tmc: Explicit type conversions to prevent integer overflow Date: Thu, 3 Aug 2023 10:33:21 +0800 Message-Id: <20230803023321.111078-1-tianruidong@linux.alibaba.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20230714084349.31567-1-tianruidong@linux.alibaba.com> References: <20230714084349.31567-1-tianruidong@linux.alibaba.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-9.9 required=5.0 tests=BAYES_00, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,UNPARSEABLE_RELAY,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1771386231938146974 X-GMAIL-MSGID: 1773173998491236808 |
Series |
[v2] coresight: tmc: Explicit type conversions to prevent integer overflow
|
|
Commit Message
Ruidong Tian
Aug. 3, 2023, 2:33 a.m. UTC
Perf cs_etm session executed unexpectedly when AUX buffer > 1G. perf record -C 0 -m ,2G -e cs_etm// -- <workload> [ perf record: Captured and wrote 2.615 MB perf.data ] Perf only collect about 2M perf data rather than 2G. This is becasuse the operation, "nr_pages << PAGE_SHIFT", in coresight tmc driver, will overflow when nr_pages >= 0x80000(correspond to 1G AUX buffer). The overflow cause buffer allocation to fail, and TMC driver will alloc minimal buffer size(1M). You can just get about 2M perf data(1M AUX buffer + perf data header) at least. Explicit convert nr_pages to 64 bit to avoid overflow. Signed-off-by: Ruidong Tian <tianruidong@linux.alibaba.com> Reviewed-by: James Clark <james.clark@arm.com> --- drivers/hwtracing/coresight/coresight-tmc-etr.c | 2 +- drivers/hwtracing/coresight/coresight-tmc.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)
Comments
On 03/08/2023 03:33, Ruidong Tian wrote: > Perf cs_etm session executed unexpectedly when AUX buffer > 1G. > > perf record -C 0 -m ,2G -e cs_etm// -- <workload> > [ perf record: Captured and wrote 2.615 MB perf.data ] > > Perf only collect about 2M perf data rather than 2G. This is becasuse > the operation, "nr_pages << PAGE_SHIFT", in coresight tmc driver, will > overflow when nr_pages >= 0x80000(correspond to 1G AUX buffer). The > overflow cause buffer allocation to fail, and TMC driver will alloc > minimal buffer size(1M). You can just get about 2M perf data(1M AUX > buffer + perf data header) at least. > > Explicit convert nr_pages to 64 bit to avoid overflow. > > Signed-off-by: Ruidong Tian <tianruidong@linux.alibaba.com> > Reviewed-by: James Clark <james.clark@arm.com> Fixes: 22f429f19c41 ("coresight: etm-perf: Add support for ETR backend") > --- > drivers/hwtracing/coresight/coresight-tmc-etr.c | 2 +- > drivers/hwtracing/coresight/coresight-tmc.h | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/hwtracing/coresight/coresight-tmc-etr.c b/drivers/hwtracing/coresight/coresight-tmc-etr.c > index 766325de0e29..1425ecd1cf78 100644 > --- a/drivers/hwtracing/coresight/coresight-tmc-etr.c > +++ b/drivers/hwtracing/coresight/coresight-tmc-etr.c > @@ -1267,7 +1267,7 @@ alloc_etr_buf(struct tmc_drvdata *drvdata, struct perf_event *event, > * than the size requested via sysfs. > */ > if ((nr_pages << PAGE_SHIFT) > drvdata->size) { > - etr_buf = tmc_alloc_etr_buf(drvdata, (nr_pages << PAGE_SHIFT), > + etr_buf = tmc_alloc_etr_buf(drvdata, ((ssize_t)nr_pages << PAGE_SHIFT), > 0, node, NULL); > if (!IS_ERR(etr_buf)) > goto done; > diff --git a/drivers/hwtracing/coresight/coresight-tmc.h b/drivers/hwtracing/coresight/coresight-tmc.h > index b97da39652d2..0ee48c5ba764 100644 > --- a/drivers/hwtracing/coresight/coresight-tmc.h > +++ b/drivers/hwtracing/coresight/coresight-tmc.h > @@ -325,7 +325,7 @@ ssize_t tmc_sg_table_get_data(struct tmc_sg_table *sg_table, > static inline unsigned long > tmc_sg_table_buf_size(struct tmc_sg_table *sg_table) > { > - return sg_table->data_pages.nr_pages << PAGE_SHIFT; > + return (unsigned long)sg_table->data_pages.nr_pages << PAGE_SHIFT; > } > > struct coresight_device *tmc_etr_get_catu_device(struct tmc_drvdata *drvdata); There are other places where such a fix is needed. e.g., $ git grep "nr_pages << PAGE_SHIFT" drivers/hwtracing/coresight/coresight-tmc* drivers/hwtracing/coresight/coresight-tmc-etf.c: head = handle->head & ((buf->nr_pages << PAGE_SHIFT) - 1); drivers/hwtracing/coresight/coresight-tmc-etr.c:#define PERF_IDX2OFF(idx, buf) ((idx) % ((buf)->nr_pages << PAGE_SHIFT)) drivers/hwtracing/coresight/coresight-tmc-etr.c: if ((nr_pages << PAGE_SHIFT) > drvdata->size) { drivers/hwtracing/coresight/coresight-tmc-etr.c: etr_buf = tmc_alloc_etr_buf(drvdata, (nr_pages << PAGE_SHIFT), drivers/hwtracing/coresight/coresight-tmc.h: return sg_table->data_pages.nr_pages << PAGE_SHIFT; Are you able to fix all of them ? Suzuki
Sure, I will put them all to patch v3. Ruidong On 2023/8/4 00:19, Suzuki K Poulose wrote: > On 03/08/2023 03:33, Ruidong Tian wrote: >> Perf cs_etm session executed unexpectedly when AUX buffer > 1G. >> >> perf record -C 0 -m ,2G -e cs_etm// -- <workload> >> [ perf record: Captured and wrote 2.615 MB perf.data ] >> >> Perf only collect about 2M perf data rather than 2G. This is becasuse >> the operation, "nr_pages << PAGE_SHIFT", in coresight tmc driver, will >> overflow when nr_pages >= 0x80000(correspond to 1G AUX buffer). The >> overflow cause buffer allocation to fail, and TMC driver will alloc >> minimal buffer size(1M). You can just get about 2M perf data(1M AUX >> buffer + perf data header) at least. >> >> Explicit convert nr_pages to 64 bit to avoid overflow. >> >> Signed-off-by: Ruidong Tian <tianruidong@linux.alibaba.com> >> Reviewed-by: James Clark <james.clark@arm.com> > > Fixes: 22f429f19c41 ("coresight: etm-perf: Add support for ETR backend") > > >> --- >> drivers/hwtracing/coresight/coresight-tmc-etr.c | 2 +- >> drivers/hwtracing/coresight/coresight-tmc.h | 2 +- >> 2 files changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/drivers/hwtracing/coresight/coresight-tmc-etr.c >> b/drivers/hwtracing/coresight/coresight-tmc-etr.c >> index 766325de0e29..1425ecd1cf78 100644 >> --- a/drivers/hwtracing/coresight/coresight-tmc-etr.c >> +++ b/drivers/hwtracing/coresight/coresight-tmc-etr.c >> @@ -1267,7 +1267,7 @@ alloc_etr_buf(struct tmc_drvdata *drvdata, >> struct perf_event *event, >> * than the size requested via sysfs. >> */ >> if ((nr_pages << PAGE_SHIFT) > drvdata->size) { >> - etr_buf = tmc_alloc_etr_buf(drvdata, (nr_pages << PAGE_SHIFT), >> + etr_buf = tmc_alloc_etr_buf(drvdata, ((ssize_t)nr_pages << >> PAGE_SHIFT), >> 0, node, NULL); >> if (!IS_ERR(etr_buf)) >> goto done; >> diff --git a/drivers/hwtracing/coresight/coresight-tmc.h >> b/drivers/hwtracing/coresight/coresight-tmc.h >> index b97da39652d2..0ee48c5ba764 100644 >> --- a/drivers/hwtracing/coresight/coresight-tmc.h >> +++ b/drivers/hwtracing/coresight/coresight-tmc.h >> @@ -325,7 +325,7 @@ ssize_t tmc_sg_table_get_data(struct tmc_sg_table >> *sg_table, >> static inline unsigned long >> tmc_sg_table_buf_size(struct tmc_sg_table *sg_table) >> { >> - return sg_table->data_pages.nr_pages << PAGE_SHIFT; >> + return (unsigned long)sg_table->data_pages.nr_pages << PAGE_SHIFT; >> } >> struct coresight_device *tmc_etr_get_catu_device(struct >> tmc_drvdata *drvdata); > > There are other places where such a fix is needed. > e.g., > > $ git grep "nr_pages << PAGE_SHIFT" > drivers/hwtracing/coresight/coresight-tmc* > drivers/hwtracing/coresight/coresight-tmc-etf.c: head = > handle->head & ((buf->nr_pages << PAGE_SHIFT) - 1); > drivers/hwtracing/coresight/coresight-tmc-etr.c:#define > PERF_IDX2OFF(idx, buf) ((idx) % ((buf)->nr_pages << PAGE_SHIFT)) > drivers/hwtracing/coresight/coresight-tmc-etr.c: if ((nr_pages > << PAGE_SHIFT) > drvdata->size) { > drivers/hwtracing/coresight/coresight-tmc-etr.c: etr_buf = > tmc_alloc_etr_buf(drvdata, (nr_pages << PAGE_SHIFT), > drivers/hwtracing/coresight/coresight-tmc.h: return > sg_table->data_pages.nr_pages << PAGE_SHIFT; > > Are you able to fix all of them ? > > Suzuki
diff --git a/drivers/hwtracing/coresight/coresight-tmc-etr.c b/drivers/hwtracing/coresight/coresight-tmc-etr.c index 766325de0e29..1425ecd1cf78 100644 --- a/drivers/hwtracing/coresight/coresight-tmc-etr.c +++ b/drivers/hwtracing/coresight/coresight-tmc-etr.c @@ -1267,7 +1267,7 @@ alloc_etr_buf(struct tmc_drvdata *drvdata, struct perf_event *event, * than the size requested via sysfs. */ if ((nr_pages << PAGE_SHIFT) > drvdata->size) { - etr_buf = tmc_alloc_etr_buf(drvdata, (nr_pages << PAGE_SHIFT), + etr_buf = tmc_alloc_etr_buf(drvdata, ((ssize_t)nr_pages << PAGE_SHIFT), 0, node, NULL); if (!IS_ERR(etr_buf)) goto done; diff --git a/drivers/hwtracing/coresight/coresight-tmc.h b/drivers/hwtracing/coresight/coresight-tmc.h index b97da39652d2..0ee48c5ba764 100644 --- a/drivers/hwtracing/coresight/coresight-tmc.h +++ b/drivers/hwtracing/coresight/coresight-tmc.h @@ -325,7 +325,7 @@ ssize_t tmc_sg_table_get_data(struct tmc_sg_table *sg_table, static inline unsigned long tmc_sg_table_buf_size(struct tmc_sg_table *sg_table) { - return sg_table->data_pages.nr_pages << PAGE_SHIFT; + return (unsigned long)sg_table->data_pages.nr_pages << PAGE_SHIFT; } struct coresight_device *tmc_etr_get_catu_device(struct tmc_drvdata *drvdata);