[PATCH OLK-5.10 0/3] Synchronize mainline hisilicon uncore pmu driver bugfix to openEuler-OLK-5.10

List overview All Threads
Download

newer

older

[PATCH openEuler-22.03-LTS 00/16]...

[PATCH OLK-5.10 0/7] coresight:...

Junhao He

28 Oct 2023 28 Oct '23

6:53 p.m.

Synchronize mainline hisilicon uncore pmu driver bugfix to openEuler-OLK-5.10 This patchset includes 2 minor updates for the hisi_pcie_pmu: - fix issue that we may touch others events in some case - modify the event->cpu only on the success pmu::event_init() - dix use-after-free when register hisilicon ddrc pmu fails

Junhao He (1): perf: hisi: Fix use-after-free when register pmu fails

Yicong Yang (2): drivers/perf: hisi_pcie: Check the type first in pmu::event_init() drivers/perf: hisi_pcie: Initialize event->cpu only on success

drivers/perf/hisilicon/hisi_pcie_pmu.c | 9 +++++---- drivers/perf/hisilicon/hisi_uncore_pa_pmu.c | 4 ++-- drivers/perf/hisilicon/hisi_uncore_sllc_pmu.c | 4 ++-- 3 files changed, 9 insertions(+), 8 deletions(-)

-- 2.33.0

Show replies by date

Junhao He

28 Oct 28 Oct

6:53 p.m.

New subject: [PATCH OLK-5.10 1/3] drivers/perf: hisi_pcie: Check the type first in pmu::event_init()

From: Yicong Yang yangyicong@hisilicon.com

maillist inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I8BOML CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/will/linux.git/commit/?h=for...

--------------------------------

Check whether the event type matches the PMU type firstly in pmu::event_init() before touching the event. Otherwise we'll change the events of others and lead to incorrect results. Since in perf_init_event() we may call every pmu's event_init() in a certain case, we should not modify the event if it's not ours.

Fixes: 8404b0fbc7fb ("drivers/perf: hisi: Add driver for HiSilicon PCIe PMU") Signed-off-by: Yicong Yang yangyicong@hisilicon.com Link: https://lore.kernel.org/r/20231024092954.42297-2-yangyicong@huawei.com Signed-off-by: Will Deacon will@kernel.org Signed-off-by: Junhao He hejunhao3@huawei.com --- drivers/perf/hisilicon/hisi_pcie_pmu.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/perf/hisilicon/hisi_pcie_pmu.c b/drivers/perf/hisilicon/hisi_pcie_pmu.c index 8f59387aeab0..530c8d8b9ac4 100644 --- a/drivers/perf/hisilicon/hisi_pcie_pmu.c +++ b/drivers/perf/hisilicon/hisi_pcie_pmu.c @@ -359,6 +359,10 @@ static int hisi_pcie_pmu_event_init(struct perf_event *event) struct hisi_pcie_pmu *pcie_pmu = to_pcie_pmu(event->pmu); struct hw_perf_event *hwc = &event->hw;

+ /* Check the type first before going on, otherwise it's not our event */ + if (event->attr.type != event->pmu->type) + return -ENOENT; + event->cpu = pcie_pmu->on_cpu;

if (EXT_COUNTER_IS_USED(hisi_pcie_get_event(event))) @@ -366,9 +370,6 @@ static int hisi_pcie_pmu_event_init(struct perf_event *event) else hwc->event_base = HISI_PCIE_CNT;

- if (event->attr.type != event->pmu->type) - return -ENOENT; - /* Sampling is not supported. */ if (is_sampling_event(event) || event->attach_state & PERF_ATTACH_TASK) return -EOPNOTSUPP;

-- 2.33.0

Junhao He

6:53 p.m.

New subject: [PATCH OLK-5.10 2/3] drivers/perf: hisi_pcie: Initialize event->cpu only on success

From: Yicong Yang yangyicong@hisilicon.com

maillist inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I8BOML CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/will/linux.git/commit/?h=for...

--------------------------------

Initialize the event->cpu only on success. To be more reasonable and keep consistent with other PMUs.

Signed-off-by: Yicong Yang yangyicong@hisilicon.com Link: https://lore.kernel.org/r/20231024092954.42297-3-yangyicong@huawei.com Signed-off-by: Will Deacon will@kernel.org Signed-off-by: Junhao He hejunhao3@huawei.com --- drivers/perf/hisilicon/hisi_pcie_pmu.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/perf/hisilicon/hisi_pcie_pmu.c b/drivers/perf/hisilicon/hisi_pcie_pmu.c index 530c8d8b9ac4..e417c73fcbf1 100644 --- a/drivers/perf/hisilicon/hisi_pcie_pmu.c +++ b/drivers/perf/hisilicon/hisi_pcie_pmu.c @@ -363,8 +363,6 @@ static int hisi_pcie_pmu_event_init(struct perf_event *event) if (event->attr.type != event->pmu->type) return -ENOENT;

- event->cpu = pcie_pmu->on_cpu; - if (EXT_COUNTER_IS_USED(hisi_pcie_get_event(event))) hwc->event_base = HISI_PCIE_EXT_CNT; else @@ -380,6 +378,8 @@ static int hisi_pcie_pmu_event_init(struct perf_event *event) if (!hisi_pcie_pmu_validate_event_group(event)) return -EINVAL;

+ event->cpu = pcie_pmu->on_cpu; + return 0; }

-- 2.33.0

Junhao He

6:53 p.m.

New subject: [PATCH OLK-5.10 3/3] perf: hisi: Fix use-after-free when register pmu fails

maillist inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I8BOML CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/will/linux.git/commit/?h=for...

--------------------------------

When we fail to register the uncore pmu, the pmu context may not been allocated. The error handing will call cpuhp_state_remove_instance() to call uncore pmu offline callback, which migrate the pmu context. Since that's liable to lead to some kind of use-after-free.

Use cpuhp_state_remove_instance_nocalls() instead of cpuhp_state_remove_instance() so that the notifiers don't execute after the PMU device has been failed to register.

Fixes: a0ab25cd82ee ("drivers/perf: hisi: Add support for HiSilicon PA PMU driver") FIxes: 3bf30882c3c7 ("drivers/perf: hisi: Add support for HiSilicon SLLC PMU driver") Signed-off-by: Junhao He hejunhao3@huawei.com Link: https://lore.kernel.org/r/20231024113630.13472-1-hejunhao3@huawei.com Signed-off-by: Will Deacon will@kernel.org --- drivers/perf/hisilicon/hisi_uncore_pa_pmu.c | 4 ++-- drivers/perf/hisilicon/hisi_uncore_sllc_pmu.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/perf/hisilicon/hisi_uncore_pa_pmu.c b/drivers/perf/hisilicon/hisi_uncore_pa_pmu.c index d9369310589b..d781bf5f992f 100644 --- a/drivers/perf/hisilicon/hisi_uncore_pa_pmu.c +++ b/drivers/perf/hisilicon/hisi_uncore_pa_pmu.c @@ -505,8 +505,8 @@ static int hisi_pa_pmu_probe(struct platform_device *pdev) ret = perf_pmu_register(&pa_pmu->pmu, name, -1); if (ret) { dev_err(pa_pmu->dev, "PMU register failed, ret = %d\n", ret); - cpuhp_state_remove_instance(CPUHP_AP_PERF_ARM_HISI_PA_ONLINE, - &pa_pmu->node); + cpuhp_state_remove_instance_nocalls(CPUHP_AP_PERF_ARM_HISI_PA_ONLINE, + &pa_pmu->node); return ret; }

diff --git a/drivers/perf/hisilicon/hisi_uncore_sllc_pmu.c b/drivers/perf/hisilicon/hisi_uncore_sllc_pmu.c index 6e852531ced2..45a9e78cab5d 100644 --- a/drivers/perf/hisilicon/hisi_uncore_sllc_pmu.c +++ b/drivers/perf/hisilicon/hisi_uncore_sllc_pmu.c @@ -450,8 +450,8 @@ static int hisi_sllc_pmu_probe(struct platform_device *pdev) ret = perf_pmu_register(&sllc_pmu->pmu, name, -1); if (ret) { dev_err(sllc_pmu->dev, "PMU register failed, ret = %d\n", ret); - cpuhp_state_remove_instance(CPUHP_AP_PERF_ARM_HISI_SLLC_ONLINE, - &sllc_pmu->node); + cpuhp_state_remove_instance_nocalls(CPUHP_AP_PERF_ARM_HISI_SLLC_ONLINE, + &sllc_pmu->node); return ret; }

-- 2.33.0

patchwork bot

7:01 p.m.

反馈：您发送到kernel@openeuler.org的补丁/补丁集，已成功转换为PR！ PR链接地址： https://gitee.com/openeuler/kernel/pulls/2657 邮件列表地址：https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/U...

FeedBack: The patch(es) which you have sent to kernel@openeuler.org mailing list has been converted to a pull request successfully! Pull request link: https://gitee.com/openeuler/kernel/pulls/2657 Mailing list address: https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/U...

391

Age (days ago)

391

Last active (days ago)

kernel@openeuler.org

4 comments

2 participants

tags (0)

participants (2)

Junhao He
patchwork bot