From patchwork Fri Dec 15 11:24:50 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 179194 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:3b04:b0:fb:cd0c:d3e with SMTP id c4csp9199650dys; Fri, 15 Dec 2023 03:26:23 -0800 (PST) X-Google-Smtp-Source: AGHT+IEnIhtUI8HGeBkBbvBQYgK9F4YwbwMRm1/2lc4y34jzAnRu0tD67Gco2BLOy8cgRnCc4u0X X-Received: by 2002:a17:90b:30ca:b0:28b:32f0:5aac with SMTP id hi10-20020a17090b30ca00b0028b32f05aacmr155038pjb.50.1702639583171; Fri, 15 Dec 2023 03:26:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702639583; cv=none; d=google.com; s=arc-20160816; b=H5yCR1O+Bs/nu7jkRMexd6xN6o+kn9QN01TLpL4NecMIguhZIyjtwfPegNZSKHAk9E DwF41HkklYx8XhmzVs4odNqkHppmgVipCgL2nH4FgeqyY4Ojlfove04vBGI8x8SQ2zcc J4GtrAvzNat021qlrl01eG1xUnistgWiV8G5wXlNr4XSStZhLV4Y/Sn5gIsyfNxEK8m6 /YCPhMZKsoYkeOBgjz29ydfKICpk+WxWccQoyDIEYI91l6EQPIC/QMdawdG/dboMPGsC EajNtwDHPO/H+05X3Y35uxB6rlErS/+JaasRCyoO7RZNJ9EWJOWWAMBqbuQVYBylvty3 ESNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from; bh=UtVyoB5lsvchH4ANpyh2gt3TNo3RI/i+A4x8XUuJndg=; fh=KIYkHK7xWLIMQuvwhLCI4mdLuj8d1UkMYPIVjkZLUaA=; b=vfK3ZqtK+hTkaxC3W0eWhO/i3ps/L+n+eATjzl0Xb4uoSDahnKW8lVBodVhW+5jqa1 c3zq0CnIrRG28ZXWNCQZ8BHz2bkj23qdd8WVSWxqWQ/88QSVOYVT13vTirjE0jLBCDzr hXv0GZXLKEV3DbAv+/V8+lIta6fZlrGsEFtdg37ThdE05x4DdQZ4KnqtBH7aEvqBIy5w 3CUVYlbP1gFqP1DmaADg0sqJZeu+1mNW8D5tVXGdRLoD0B8Eh0NNkAqfWfclJUuYCrpo Pk+8fUtwQNvpMxaUbwgaZmNzDFhSns/fC4LiTQGB9sT5dikWk181rRzdihtD1GWh65XN YDmg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel+bounces-831-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-831-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id cm6-20020a17090afa0600b0028065b30a0dsi39819pjb.124.2023.12.15.03.26.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Dec 2023 03:26:23 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-831-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel+bounces-831-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-831-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 985CBB23308 for ; Fri, 15 Dec 2023 11:25:10 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id EF91625564; Fri, 15 Dec 2023 11:24:59 +0000 (UTC) X-Original-To: linux-kernel@vger.kernel.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 3B47C24B39 for ; Fri, 15 Dec 2023 11:24:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arm.com Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id E4849C15; Fri, 15 Dec 2023 03:25:40 -0800 (PST) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id A98DD3F738; Fri, 15 Dec 2023 03:24:54 -0800 (PST) From: Mark Rutland To: linux-kernel@vger.kernel.org, Ingo Molnar , Borislav Petkov , Peter Zijlstra Cc: lucas.demarchi@intel.com, mark.rutland@arm.com, pengfei.xu@intel.com Subject: [PATCH] perf: Fix perf_event_validate_size() lockdep splat Date: Fri, 15 Dec 2023 11:24:50 +0000 Message-Id: <20231215112450.3972309-1-mark.rutland@arm.com> X-Mailer: git-send-email 2.30.2 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785347003489170319 X-GMAIL-MSGID: 1785347003489170319 When lockdep is enabled, the for_each_sibling_event(sibling, event) macro checks that event->ctx->mutex is held. When creating a new group leader event, we call perf_event_validate_size() on a partially initialized event where event->ctx is NULL, and so when for_each_sibling_event() attempts to check event->ctx->mutex, we get a splat, as reported by Lucas De Marchi: WARNING: CPU: 8 PID: 1471 at kernel/events/core.c:1950 __do_sys_perf_event_open+0xf37/0x1080 This only happens for a new event which is its own group_leader, and in this case there cannot be any sibling events. Thus it's safe to skip the check for siblings, which avoids having to make invasive and ugly changes to for_each_sibling_event(). Avoid the splat by bailing out early when the new event is its own group_leader. Fixes: 382c27f4ed28f803 ("perf: Fix perf_event_validate_size()") Reported-by: Lucas De Marchi Closes: https://lore.kernel.org/lkml/20231214000620.3081018-1-lucas.demarchi@intel.com/ Reported-by: Pengfei Xu Closes: https://lore.kernel.org/lkml/ZXpm6gQ%2Fd59jGsuW@xpf.sh.intel.com/ Signed-off-by: Mark Rutland Cc: Ingo Molnar Cc: Borislav Petkov Cc: Peter Zijlstra --- kernel/events/core.c | 10 ++++++++++ 1 file changed, 10 insertions(+) Hi Ingo, Boris, Peter, I'm not sure who's still around and who has disappeared for the holidays, but I'm hoping at least one of you is able to queue this. I've tested the patch on arm64 with Syzkaller (and syz-repro); before this patch it hits the splat near-instantly, and after this patch all seems well. The broken commit was merged in v6.7-rc5 via: https://lore.kernel.org/lkml/20231210105949.GAZXWaJe6DeHU9+ofl@fat_crate.local/ ... in merge commit: 537ccb5d28d6f398 ("Merge tag 'perf_urgent_for_v6.7_rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip") Mark. diff --git a/kernel/events/core.c b/kernel/events/core.c index c9d123e13b579..9efd0d7775e7c 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -1947,6 +1947,16 @@ static bool perf_event_validate_size(struct perf_event *event) group_leader->nr_siblings + 1) > 16*1024) return false; + /* + * When creating a new group leader, group_leader->ctx is initialized + * after the size has been validated, but we cannot safely use + * for_each_sibling_event() until group_leader->ctx is set. A new group + * leader cannot have any siblings yet, so we can safely skip checking + * the non-existent siblings. + */ + if (event == group_leader) + return true; + for_each_sibling_event(sibling, group_leader) { if (__perf_event_read_size(sibling->attr.read_format, group_leader->nr_siblings + 1) > 16*1024)