* Vince Weaver <vincent.weaver@xxxxxxxxx> wrote:
> On Mon, 6 Jan 2020, Vince Weaver wrote:
>
> > On Mon, 6 Jan 2020, Mark Rutland wrote:
> >
> > > On Thu, Jan 02, 2020 at 02:22:47PM -0500, Vince Weaver wrote:
> > > > On Thu, 2 Jan 2020, Vince Weaver wrote:
> > > >
> > > Vince, does the below (untested) patch work for you?
> >
> >
> > yes, this patch fixes things for me.
> >
> > Tested-by: Vince Weaver <vincent.weaver@xxxxxxxxx>
> >
>
> is this patch going to make it upstream? It's a fairly major correctness
> bug with perf_event_open().
I just sent it to Linus.
In hindsight this should have been marked Cc: stable for v5.4 - we should
forward it to Greg once Linus has pulled it:
da9ec3d3dd0f: ("perf: Correctly handle failed perf_get_aux_event()")
Note that in the v5.4 cherry-pick there's a conflict due to interaction
with another recent commit - I've attached the ported fix against v5.4,
but have only test built it.
Thanks,
Ingo
==============>
>From 703595681c934d2a88a91e8a41f7f63eeb1573e0 Mon Sep 17 00:00:00 2001
From: Ingo Molnar <mingo@xxxxxxxxxx>
Date: Sat, 18 Jan 2020 19:03:55 +0100
Subject: [PATCH] perf: Correctly handle failed perf_get_aux_event()
Vince reports a worrying issue:
| so I was tracking down some odd behavior in the perf_fuzzer which turns
| out to be because perf_even_open() sometimes returns 0 (indicating a file
| descriptor of 0) even though as far as I can tell stdin is still open.
... and further the cause:
| error is triggered if aux_sample_size has non-zero value.
|
| seems to be this line in kernel/events/core.c:
|
| if (perf_need_aux_event(event) && !perf_get_aux_event(event, group_leader))
| goto err_locked;
|
| (note, err is never set)
This seems to be a thinko in commit:
ab43762ef010967e ("perf: Allow normal events to output AUX data")
... and we should probably return -EINVAL here, as this should only
happen when the new event is mis-configured or does not have a
compatible aux_event group leader.
Fixes: ab43762ef010967e ("perf: Allow normal events to output AUX data")
Reported-by: Vince Weaver <vincent.weaver@xxxxxxxxx>
Signed-off-by: Mark Rutland <mark.rutland@xxxxxxx>
Signed-off-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx>
Signed-off-by: Ingo Molnar <mingo@xxxxxxxxxx>
Acked-by: Alexander Shishkin <alexander.shishkin@xxxxxxxxxxxxxxx>
Tested-by: Vince Weaver <vincent.weaver@xxxxxxxxx>
(cherry picked from commit da9ec3d3dd0f1240a48920be063448a2242dbd90)
---
kernel/events/core.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/kernel/events/core.c b/kernel/events/core.c
index 00a014670ed0..291fe3e2165f 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -11184,8 +11184,10 @@ SYSCALL_DEFINE5(perf_event_open,
}
}
- if (event->attr.aux_output && !perf_get_aux_event(event, group_leader))
+ if (event->attr.aux_output && !perf_get_aux_event(event, group_leader)) {
+ err = -EINVAL;
goto err_locked;
+ }
/*
* Must be under the same ctx::mutex as perf_install_in_context(),
