Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull perf fixes from Ingo Molnar:
"Five kernel fixes:

- an mmap tracing ABI fix for certain mappings

- a use-after-free fix, found via KASAN

- three CPU hotplug related x86 PMU driver fixes"

* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
perf/x86/intel/uncore: Make package handling more robust
perf/x86/intel/uncore: Clean up hotplug conversion fallout
perf/x86/intel/rapl: Make package handling more robust
perf/core: Fix PERF_RECORD_MMAP2 prot/flags for anonymous memory
perf/core: Fix use-after-free bug

+163 -201
+26 -34
arch/x86/events/intel/rapl.c
··· 161 161 162 162 static inline struct rapl_pmu *cpu_to_rapl_pmu(unsigned int cpu) 163 163 { 164 - return rapl_pmus->pmus[topology_logical_package_id(cpu)]; 164 + unsigned int pkgid = topology_logical_package_id(cpu); 165 + 166 + /* 167 + * The unsigned check also catches the '-1' return value for non 168 + * existent mappings in the topology map. 169 + */ 170 + return pkgid < rapl_pmus->maxpkg ? rapl_pmus->pmus[pkgid] : NULL; 165 171 } 166 172 167 173 static inline u64 rapl_read_counter(struct perf_event *event) ··· 408 402 409 403 /* must be done before validate_group */ 410 404 pmu = cpu_to_rapl_pmu(event->cpu); 405 + if (!pmu) 406 + return -EINVAL; 411 407 event->cpu = pmu->cpu; 412 408 event->pmu_private = pmu; 413 409 event->hw.event_base = msr; ··· 593 585 struct rapl_pmu *pmu = cpu_to_rapl_pmu(cpu); 594 586 int target; 595 587 588 + if (!pmu) { 589 + pmu = kzalloc_node(sizeof(*pmu), GFP_KERNEL, cpu_to_node(cpu)); 590 + if (!pmu) 591 + return -ENOMEM; 592 + 593 + raw_spin_lock_init(&pmu->lock); 594 + INIT_LIST_HEAD(&pmu->active_list); 595 + pmu->pmu = &rapl_pmus->pmu; 596 + pmu->timer_interval = ms_to_ktime(rapl_timer_ms); 597 + rapl_hrtimer_init(pmu); 598 + 599 + rapl_pmus->pmus[topology_logical_package_id(cpu)] = pmu; 600 + } 601 + 596 602 /* 597 603 * Check if there is an online cpu in the package which collects rapl 598 604 * events already. ··· 617 595 618 596 cpumask_set_cpu(cpu, &rapl_cpu_mask); 619 597 pmu->cpu = cpu; 620 - return 0; 621 - } 622 - 623 - static int rapl_cpu_prepare(unsigned int cpu) 624 - { 625 - struct rapl_pmu *pmu = cpu_to_rapl_pmu(cpu); 626 - 627 - if (pmu) 628 - return 0; 629 - 630 - pmu = kzalloc_node(sizeof(*pmu), GFP_KERNEL, cpu_to_node(cpu)); 631 - if (!pmu) 632 - return -ENOMEM; 633 - 634 - raw_spin_lock_init(&pmu->lock); 635 - INIT_LIST_HEAD(&pmu->active_list); 636 - pmu->pmu = &rapl_pmus->pmu; 637 - pmu->timer_interval = ms_to_ktime(rapl_timer_ms); 638 - pmu->cpu = -1; 639 - rapl_hrtimer_init(pmu); 640 - rapl_pmus->pmus[topology_logical_package_id(cpu)] = pmu; 641 598 return 0; 642 599 } 643 600 ··· 804 803 /* 805 804 * Install callbacks. Core will call them for each online cpu. 806 805 */ 807 - 808 - ret = cpuhp_setup_state(CPUHP_PERF_X86_RAPL_PREP, "perf/x86/rapl:prepare", 809 - rapl_cpu_prepare, NULL); 810 - if (ret) 811 - goto out; 812 - 813 806 ret = cpuhp_setup_state(CPUHP_AP_PERF_X86_RAPL_ONLINE, 814 807 "perf/x86/rapl:online", 815 808 rapl_cpu_online, rapl_cpu_offline); 816 809 if (ret) 817 - goto out1; 810 + goto out; 818 811 819 812 ret = perf_pmu_register(&rapl_pmus->pmu, "power", -1); 820 813 if (ret) 821 - goto out2; 814 + goto out1; 822 815 823 816 rapl_advertise(); 824 817 return 0; 825 818 826 - out2: 827 - cpuhp_remove_state(CPUHP_AP_PERF_X86_RAPL_ONLINE); 828 819 out1: 829 - cpuhp_remove_state(CPUHP_PERF_X86_RAPL_PREP); 820 + cpuhp_remove_state(CPUHP_AP_PERF_X86_RAPL_ONLINE); 830 821 out: 831 822 pr_warn("Initialization failed (%d), disabled\n", ret); 832 823 cleanup_rapl_pmus(); ··· 829 836 static void __exit intel_rapl_exit(void) 830 837 { 831 838 cpuhp_remove_state_nocalls(CPUHP_AP_PERF_X86_RAPL_ONLINE); 832 - cpuhp_remove_state_nocalls(CPUHP_PERF_X86_RAPL_PREP); 833 839 perf_pmu_unregister(&rapl_pmus->pmu); 834 840 cleanup_rapl_pmus(); 835 841 }
+91 -141
arch/x86/events/intel/uncore.c
··· 100 100 101 101 struct intel_uncore_box *uncore_pmu_to_box(struct intel_uncore_pmu *pmu, int cpu) 102 102 { 103 - return pmu->boxes[topology_logical_package_id(cpu)]; 103 + unsigned int pkgid = topology_logical_package_id(cpu); 104 + 105 + /* 106 + * The unsigned check also catches the '-1' return value for non 107 + * existent mappings in the topology map. 108 + */ 109 + return pkgid < max_packages ? pmu->boxes[pkgid] : NULL; 104 110 } 105 111 106 112 u64 uncore_msr_read_counter(struct intel_uncore_box *box, struct perf_event *event) ··· 770 764 pmu->registered = false; 771 765 } 772 766 773 - static void __uncore_exit_boxes(struct intel_uncore_type *type, int cpu) 774 - { 775 - struct intel_uncore_pmu *pmu = type->pmus; 776 - struct intel_uncore_box *box; 777 - int i, pkg; 778 - 779 - if (pmu) { 780 - pkg = topology_physical_package_id(cpu); 781 - for (i = 0; i < type->num_boxes; i++, pmu++) { 782 - box = pmu->boxes[pkg]; 783 - if (box) 784 - uncore_box_exit(box); 785 - } 786 - } 787 - } 788 - 789 - static void uncore_exit_boxes(void *dummy) 790 - { 791 - struct intel_uncore_type **types; 792 - 793 - for (types = uncore_msr_uncores; *types; types++) 794 - __uncore_exit_boxes(*types++, smp_processor_id()); 795 - } 796 - 797 767 static void uncore_free_boxes(struct intel_uncore_pmu *pmu) 798 768 { 799 769 int pkg; ··· 1040 1058 } 1041 1059 } 1042 1060 1043 - static int uncore_cpu_dying(unsigned int cpu) 1044 - { 1045 - struct intel_uncore_type *type, **types = uncore_msr_uncores; 1046 - struct intel_uncore_pmu *pmu; 1047 - struct intel_uncore_box *box; 1048 - int i, pkg; 1049 - 1050 - pkg = topology_logical_package_id(cpu); 1051 - for (; *types; types++) { 1052 - type = *types; 1053 - pmu = type->pmus; 1054 - for (i = 0; i < type->num_boxes; i++, pmu++) { 1055 - box = pmu->boxes[pkg]; 1056 - if (box && atomic_dec_return(&box->refcnt) == 0) 1057 - uncore_box_exit(box); 1058 - } 1059 - } 1060 - return 0; 1061 - } 1062 - 1063 - static int first_init; 1064 - 1065 - static int uncore_cpu_starting(unsigned int cpu) 1066 - { 1067 - struct intel_uncore_type *type, **types = uncore_msr_uncores; 1068 - struct intel_uncore_pmu *pmu; 1069 - struct intel_uncore_box *box; 1070 - int i, pkg, ncpus = 1; 1071 - 1072 - if (first_init) { 1073 - /* 1074 - * On init we get the number of online cpus in the package 1075 - * and set refcount for all of them. 1076 - */ 1077 - ncpus = cpumask_weight(topology_core_cpumask(cpu)); 1078 - } 1079 - 1080 - pkg = topology_logical_package_id(cpu); 1081 - for (; *types; types++) { 1082 - type = *types; 1083 - pmu = type->pmus; 1084 - for (i = 0; i < type->num_boxes; i++, pmu++) { 1085 - box = pmu->boxes[pkg]; 1086 - if (!box) 1087 - continue; 1088 - /* The first cpu on a package activates the box */ 1089 - if (atomic_add_return(ncpus, &box->refcnt) == ncpus) 1090 - uncore_box_init(box); 1091 - } 1092 - } 1093 - 1094 - return 0; 1095 - } 1096 - 1097 - static int uncore_cpu_prepare(unsigned int cpu) 1098 - { 1099 - struct intel_uncore_type *type, **types = uncore_msr_uncores; 1100 - struct intel_uncore_pmu *pmu; 1101 - struct intel_uncore_box *box; 1102 - int i, pkg; 1103 - 1104 - pkg = topology_logical_package_id(cpu); 1105 - for (; *types; types++) { 1106 - type = *types; 1107 - pmu = type->pmus; 1108 - for (i = 0; i < type->num_boxes; i++, pmu++) { 1109 - if (pmu->boxes[pkg]) 1110 - continue; 1111 - /* First cpu of a package allocates the box */ 1112 - box = uncore_alloc_box(type, cpu_to_node(cpu)); 1113 - if (!box) 1114 - return -ENOMEM; 1115 - box->pmu = pmu; 1116 - box->pkgid = pkg; 1117 - pmu->boxes[pkg] = box; 1118 - } 1119 - } 1120 - return 0; 1121 - } 1122 - 1123 1061 static void uncore_change_type_ctx(struct intel_uncore_type *type, int old_cpu, 1124 1062 int new_cpu) 1125 1063 { ··· 1079 1177 1080 1178 static int uncore_event_cpu_offline(unsigned int cpu) 1081 1179 { 1082 - int target; 1180 + struct intel_uncore_type *type, **types = uncore_msr_uncores; 1181 + struct intel_uncore_pmu *pmu; 1182 + struct intel_uncore_box *box; 1183 + int i, pkg, target; 1083 1184 1084 1185 /* Check if exiting cpu is used for collecting uncore events */ 1085 1186 if (!cpumask_test_and_clear_cpu(cpu, &uncore_cpu_mask)) 1086 - return 0; 1087 - 1187 + goto unref; 1088 1188 /* Find a new cpu to collect uncore events */ 1089 1189 target = cpumask_any_but(topology_core_cpumask(cpu), cpu); 1090 1190 ··· 1098 1194 1099 1195 uncore_change_context(uncore_msr_uncores, cpu, target); 1100 1196 uncore_change_context(uncore_pci_uncores, cpu, target); 1197 + 1198 + unref: 1199 + /* Clear the references */ 1200 + pkg = topology_logical_package_id(cpu); 1201 + for (; *types; types++) { 1202 + type = *types; 1203 + pmu = type->pmus; 1204 + for (i = 0; i < type->num_boxes; i++, pmu++) { 1205 + box = pmu->boxes[pkg]; 1206 + if (box && atomic_dec_return(&box->refcnt) == 0) 1207 + uncore_box_exit(box); 1208 + } 1209 + } 1101 1210 return 0; 1211 + } 1212 + 1213 + static int allocate_boxes(struct intel_uncore_type **types, 1214 + unsigned int pkg, unsigned int cpu) 1215 + { 1216 + struct intel_uncore_box *box, *tmp; 1217 + struct intel_uncore_type *type; 1218 + struct intel_uncore_pmu *pmu; 1219 + LIST_HEAD(allocated); 1220 + int i; 1221 + 1222 + /* Try to allocate all required boxes */ 1223 + for (; *types; types++) { 1224 + type = *types; 1225 + pmu = type->pmus; 1226 + for (i = 0; i < type->num_boxes; i++, pmu++) { 1227 + if (pmu->boxes[pkg]) 1228 + continue; 1229 + box = uncore_alloc_box(type, cpu_to_node(cpu)); 1230 + if (!box) 1231 + goto cleanup; 1232 + box->pmu = pmu; 1233 + box->pkgid = pkg; 1234 + list_add(&box->active_list, &allocated); 1235 + } 1236 + } 1237 + /* Install them in the pmus */ 1238 + list_for_each_entry_safe(box, tmp, &allocated, active_list) { 1239 + list_del_init(&box->active_list); 1240 + box->pmu->boxes[pkg] = box; 1241 + } 1242 + return 0; 1243 + 1244 + cleanup: 1245 + list_for_each_entry_safe(box, tmp, &allocated, active_list) { 1246 + list_del_init(&box->active_list); 1247 + kfree(box); 1248 + } 1249 + return -ENOMEM; 1102 1250 } 1103 1251 1104 1252 static int uncore_event_cpu_online(unsigned int cpu) 1105 1253 { 1106 - int target; 1254 + struct intel_uncore_type *type, **types = uncore_msr_uncores; 1255 + struct intel_uncore_pmu *pmu; 1256 + struct intel_uncore_box *box; 1257 + int i, ret, pkg, target; 1258 + 1259 + pkg = topology_logical_package_id(cpu); 1260 + ret = allocate_boxes(types, pkg, cpu); 1261 + if (ret) 1262 + return ret; 1263 + 1264 + for (; *types; types++) { 1265 + type = *types; 1266 + pmu = type->pmus; 1267 + for (i = 0; i < type->num_boxes; i++, pmu++) { 1268 + box = pmu->boxes[pkg]; 1269 + if (!box && atomic_inc_return(&box->refcnt) == 1) 1270 + uncore_box_init(box); 1271 + } 1272 + } 1107 1273 1108 1274 /* 1109 1275 * Check if there is an online cpu in the package ··· 1363 1389 if (cret && pret) 1364 1390 return -ENODEV; 1365 1391 1366 - /* 1367 - * Install callbacks. Core will call them for each online cpu. 1368 - * 1369 - * The first online cpu of each package allocates and takes 1370 - * the refcounts for all other online cpus in that package. 1371 - * If msrs are not enabled no allocation is required and 1372 - * uncore_cpu_prepare() is not called for each online cpu. 1373 - */ 1374 - if (!cret) { 1375 - ret = cpuhp_setup_state(CPUHP_PERF_X86_UNCORE_PREP, 1376 - "perf/x86/intel/uncore:prepare", 1377 - uncore_cpu_prepare, NULL); 1378 - if (ret) 1379 - goto err; 1380 - } else { 1381 - cpuhp_setup_state_nocalls(CPUHP_PERF_X86_UNCORE_PREP, 1382 - "perf/x86/intel/uncore:prepare", 1383 - uncore_cpu_prepare, NULL); 1384 - } 1385 - first_init = 1; 1386 - cpuhp_setup_state(CPUHP_AP_PERF_X86_UNCORE_STARTING, 1387 - "perf/x86/uncore:starting", 1388 - uncore_cpu_starting, uncore_cpu_dying); 1389 - first_init = 0; 1390 - cpuhp_setup_state(CPUHP_AP_PERF_X86_UNCORE_ONLINE, 1391 - "perf/x86/uncore:online", 1392 - uncore_event_cpu_online, uncore_event_cpu_offline); 1392 + /* Install hotplug callbacks to setup the targets for each package */ 1393 + ret = cpuhp_setup_state(CPUHP_AP_PERF_X86_UNCORE_ONLINE, 1394 + "perf/x86/intel/uncore:online", 1395 + uncore_event_cpu_online, 1396 + uncore_event_cpu_offline); 1397 + if (ret) 1398 + goto err; 1393 1399 return 0; 1394 1400 1395 1401 err: 1396 - /* Undo box->init_box() */ 1397 - on_each_cpu_mask(&uncore_cpu_mask, uncore_exit_boxes, NULL, 1); 1398 1402 uncore_types_exit(uncore_msr_uncores); 1399 1403 uncore_pci_exit(); 1400 1404 return ret; ··· 1381 1429 1382 1430 static void __exit intel_uncore_exit(void) 1383 1431 { 1384 - cpuhp_remove_state_nocalls(CPUHP_AP_PERF_X86_UNCORE_ONLINE); 1385 - cpuhp_remove_state_nocalls(CPUHP_AP_PERF_X86_UNCORE_STARTING); 1386 - cpuhp_remove_state_nocalls(CPUHP_PERF_X86_UNCORE_PREP); 1432 + cpuhp_remove_state(CPUHP_AP_PERF_X86_UNCORE_ONLINE); 1387 1433 uncore_types_exit(uncore_msr_uncores); 1388 1434 uncore_pci_exit(); 1389 1435 }
-3
include/linux/cpuhotplug.h
··· 8 8 CPUHP_CREATE_THREADS, 9 9 CPUHP_PERF_PREPARE, 10 10 CPUHP_PERF_X86_PREPARE, 11 - CPUHP_PERF_X86_UNCORE_PREP, 12 11 CPUHP_PERF_X86_AMD_UNCORE_PREP, 13 - CPUHP_PERF_X86_RAPL_PREP, 14 12 CPUHP_PERF_BFIN, 15 13 CPUHP_PERF_POWER, 16 14 CPUHP_PERF_SUPERH, ··· 84 86 CPUHP_AP_IRQ_ARMADA_XP_STARTING, 85 87 CPUHP_AP_IRQ_BCM2836_STARTING, 86 88 CPUHP_AP_ARM_MVEBU_COHERENCY, 87 - CPUHP_AP_PERF_X86_UNCORE_STARTING, 88 89 CPUHP_AP_PERF_X86_AMD_UNCORE_STARTING, 89 90 CPUHP_AP_PERF_X86_STARTING, 90 91 CPUHP_AP_PERF_X86_AMD_IBS_STARTING,
+46 -23
kernel/events/core.c
··· 1469 1469 static void 1470 1470 list_add_event(struct perf_event *event, struct perf_event_context *ctx) 1471 1471 { 1472 - 1473 1472 lockdep_assert_held(&ctx->lock); 1474 1473 1475 1474 WARN_ON_ONCE(event->attach_state & PERF_ATTACH_CONTEXT); ··· 1623 1624 { 1624 1625 struct perf_event *group_leader = event->group_leader, *pos; 1625 1626 1627 + lockdep_assert_held(&event->ctx->lock); 1628 + 1626 1629 /* 1627 1630 * We can have double attach due to group movement in perf_event_open. 1628 1631 */ ··· 1697 1696 { 1698 1697 struct perf_event *sibling, *tmp; 1699 1698 struct list_head *list = NULL; 1699 + 1700 + lockdep_assert_held(&event->ctx->lock); 1700 1701 1701 1702 /* 1702 1703 * We can have double detach due to exit/hot-unplug + close. ··· 1898 1895 */ 1899 1896 static void perf_remove_from_context(struct perf_event *event, unsigned long flags) 1900 1897 { 1901 - lockdep_assert_held(&event->ctx->mutex); 1898 + struct perf_event_context *ctx = event->ctx; 1899 + 1900 + lockdep_assert_held(&ctx->mutex); 1902 1901 1903 1902 event_function_call(event, __perf_remove_from_context, (void *)flags); 1903 + 1904 + /* 1905 + * The above event_function_call() can NO-OP when it hits 1906 + * TASK_TOMBSTONE. In that case we must already have been detached 1907 + * from the context (by perf_event_exit_event()) but the grouping 1908 + * might still be in-tact. 1909 + */ 1910 + WARN_ON_ONCE(event->attach_state & PERF_ATTACH_CONTEXT); 1911 + if ((flags & DETACH_GROUP) && 1912 + (event->attach_state & PERF_ATTACH_GROUP)) { 1913 + /* 1914 + * Since in that case we cannot possibly be scheduled, simply 1915 + * detach now. 1916 + */ 1917 + raw_spin_lock_irq(&ctx->lock); 1918 + perf_group_detach(event); 1919 + raw_spin_unlock_irq(&ctx->lock); 1920 + } 1904 1921 } 1905 1922 1906 1923 /* ··· 6632 6609 char *buf = NULL; 6633 6610 char *name; 6634 6611 6612 + if (vma->vm_flags & VM_READ) 6613 + prot |= PROT_READ; 6614 + if (vma->vm_flags & VM_WRITE) 6615 + prot |= PROT_WRITE; 6616 + if (vma->vm_flags & VM_EXEC) 6617 + prot |= PROT_EXEC; 6618 + 6619 + if (vma->vm_flags & VM_MAYSHARE) 6620 + flags = MAP_SHARED; 6621 + else 6622 + flags = MAP_PRIVATE; 6623 + 6624 + if (vma->vm_flags & VM_DENYWRITE) 6625 + flags |= MAP_DENYWRITE; 6626 + if (vma->vm_flags & VM_MAYEXEC) 6627 + flags |= MAP_EXECUTABLE; 6628 + if (vma->vm_flags & VM_LOCKED) 6629 + flags |= MAP_LOCKED; 6630 + if (vma->vm_flags & VM_HUGETLB) 6631 + flags |= MAP_HUGETLB; 6632 + 6635 6633 if (file) { 6636 6634 struct inode *inode; 6637 6635 dev_t dev; ··· 6678 6634 gen = inode->i_generation; 6679 6635 maj = MAJOR(dev); 6680 6636 min = MINOR(dev); 6681 - 6682 - if (vma->vm_flags & VM_READ) 6683 - prot |= PROT_READ; 6684 - if (vma->vm_flags & VM_WRITE) 6685 - prot |= PROT_WRITE; 6686 - if (vma->vm_flags & VM_EXEC) 6687 - prot |= PROT_EXEC; 6688 - 6689 - if (vma->vm_flags & VM_MAYSHARE) 6690 - flags = MAP_SHARED; 6691 - else 6692 - flags = MAP_PRIVATE; 6693 - 6694 - if (vma->vm_flags & VM_DENYWRITE) 6695 - flags |= MAP_DENYWRITE; 6696 - if (vma->vm_flags & VM_MAYEXEC) 6697 - flags |= MAP_EXECUTABLE; 6698 - if (vma->vm_flags & VM_LOCKED) 6699 - flags |= MAP_LOCKED; 6700 - if (vma->vm_flags & VM_HUGETLB) 6701 - flags |= MAP_HUGETLB; 6702 6637 6703 6638 goto got_name; 6704 6639 } else {