From patchwork Mon Mar 19 15:58:23 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sasha Levin X-Patchwork-Id: 132090 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp84795ljb; Mon, 19 Mar 2018 14:45:16 -0700 (PDT) X-Google-Smtp-Source: AG47ELteqEq2zcBpW96kf4jOzp7GPLKTiFMPZoqQ2Kc+Yg9HJFACZ0cwjpc+DNU9lPiiiik2d7gT X-Received: by 10.99.156.17 with SMTP id f17mr10229482pge.102.1521495916658; Mon, 19 Mar 2018 14:45:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521495916; cv=none; d=google.com; s=arc-20160816; b=JS8wy4C1EdnE2D7X5036y5eSxIAzzhdMQHhBSkoh1owj+YmaRPMcIb7dyGooOoyi/b S2T5GueSBOqXEV1fIDND1b/cvB4NzgQYHiqnt4iQewkxoQapBqJMdc3HBwxn2/KjOG7D HGTGEXH8S1JfMeMKelOXF60EFp7CZQx5c+6Yvpl5f+H60dszTNag0eAxrsP++jXS+7ko f3+UYR3bcc88xMLLl4kM/GDjjthJnlLhdiCDm3p7PfxV9KZqq7RkKjxvHvdDVh/D30zR 0YYo6+wQPUXondz9RqYP6U8neoWX/r6LiHGgbtc/W0J3UsmrIlxmTzXpQybA6FsrdZFm UQMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:content-transfer-encoding :spamdiagnosticmetadata:spamdiagnosticoutput:content-language :accept-language:in-reply-to:references:message-id:date:thread-index :thread-topic:subject:cc:to:from:dkim-signature :arc-authentication-results; bh=IozAM34NMRMJz7XimoA4bk+BAHrlf9absvZ4G+vn7Ck=; b=Ip+6or8hjfeGo9F2EahTQc4hlpLOpubjzVLgNSDeeCE+jf/E1HbCl7dc/PTyDSq10o uvrJdlsvn9ZNrxFono6KKSyrd8aQ++J69h9N97Rt/VxstOlcYW1JEA0YIWqFsJ1KxGM8 kTQwIf69WYCa+geiIxeX4j0g33t+LbLoZtFwVERqbY1G74zsAG4m/97zMHp+6tfFXEar y/W0l0XQYjKe28Q2GltZLBr1eUqcuei2OSHgRmSjxBSIt0qqpUBDS0VngDpYMSePSLGz Idi/tGqNCF82YVMi1uXb2CL9IQ40Hx+UCgmm+FqI+cB1nHcS2AXJING0GpHv9/wOPFkS jX2Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@microsoft.com header.s=selector1 header.b=DXe3mRnC; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microsoft.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a8-v6si168254plz.320.2018.03.19.14.45.16; Mon, 19 Mar 2018 14:45:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@microsoft.com header.s=selector1 header.b=DXe3mRnC; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S971980AbeCSVpN (ORCPT + 28 others); Mon, 19 Mar 2018 17:45:13 -0400 Received: from mail-co1nam03on0139.outbound.protection.outlook.com ([104.47.40.139]:4928 "EHLO NAM03-CO1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S964938AbeCSP60 (ORCPT ); Mon, 19 Mar 2018 11:58:26 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=IozAM34NMRMJz7XimoA4bk+BAHrlf9absvZ4G+vn7Ck=; b=DXe3mRnCbzMIEXeSTh4jgoz+ECpcsIgXiAq/7T5sf1GKXZkPmOqGRjkS+l/uC1P5WviWdB5neiebNCDCYwgIN8ahG1C3r+PtG5rTsX21V4qOnDrP/S+G5c4WFk8uzTIuV+4czscVXYXCvS/Pj0Gc+CyrxmuTwlWKAMOg2orkRLc= Received: from DM5PR2101MB1032.namprd21.prod.outlook.com (52.132.128.13) by DM5PR2101MB0933.namprd21.prod.outlook.com (52.132.131.163) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.609.2; Mon, 19 Mar 2018 15:58:24 +0000 Received: from DM5PR2101MB1032.namprd21.prod.outlook.com ([fe80::3d9b:79e7:94eb:5d62]) by DM5PR2101MB1032.namprd21.prod.outlook.com ([fe80::3d9b:79e7:94eb:5d62%5]) with mapi id 15.20.0631.004; Mon, 19 Mar 2018 15:58:24 +0000 From: Sasha Levin To: "linux-kernel@vger.kernel.org" , "stable@vger.kernel.org" CC: Will Deacon , Alexander Shishkin , Arnaldo Carvalho de Melo , Jiri Olsa , Linus Torvalds , Thomas Gleixner , Ingo Molnar , Sasha Levin Subject: [PATCH AUTOSEL for 4.9 028/281] perf/callchain: Force USER_DS when invoking perf_callchain_user() Thread-Topic: [PATCH AUTOSEL for 4.9 028/281] perf/callchain: Force USER_DS when invoking perf_callchain_user() Thread-Index: AQHTv5scx2iaUVFoZE+HqB8iz8jBVg== Date: Mon, 19 Mar 2018 15:58:23 +0000 Message-ID: <20180319155742.13731-28-alexander.levin@microsoft.com> References: <20180319155742.13731-1-alexander.levin@microsoft.com> In-Reply-To: <20180319155742.13731-1-alexander.levin@microsoft.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [52.168.54.252] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; DM5PR2101MB0933; 7:ATa29ZJGos5aweRTLQmYXkmV9G7xHRsYuxxtF9XfQtmLy1m+tBu3TsO5202vJNryXt/idrpZn0iE23Rl1Ap5clR/rkAcLfcDMLInLEfRFUyaRuP7UiEov8h712QP9giboPczYLhD3zIFvlhA8WYyYUtPiPz7tzWCn8od/HoZER8K60QcaIFQZi1hLwi4u5GovdmRBnIEO2L7AurQu/DXVNDJf4Ns8H6RdYoM2aot6a/g9NK8zm2paYvG3uBsBB+8; 20:oIVKIHFuRz8O15jWOQ3GRbTGg/p90JNuIaiVcgzByS3k0MLhggMyHLwItsI9JBzl94JrP8cRDxc27werOSoo/IiDZ8XGJfiRbOcv/dZ+vlOLbAM6pe250QH1uY8Scvy2IqxJiuzHrw6X9xSXbrUA+04LDe6lSWdCPz2hWK4FEZU= x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 9af78896-12f2-4b51-b306-08d58db23ee0 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7193020); SRVR:DM5PR2101MB0933; x-ms-traffictypediagnostic: DM5PR2101MB0933: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(28532068793085)(180628864354917)(89211679590171)(228905959029699); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(61425038)(6040522)(2401047)(5005006)(8121501046)(10201501046)(3002001)(93006095)(93001095)(3231221)(944501300)(52105095)(6055026)(61426038)(61427038)(6041310)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123560045)(20161123564045)(6072148)(201708071742011); SRVR:DM5PR2101MB0933; BCL:0; PCL:0; RULEID:; SRVR:DM5PR2101MB0933; x-forefront-prvs: 06167FAD59 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(396003)(39380400002)(366004)(346002)(376002)(199004)(189003)(2501003)(72206003)(1076002)(66066001)(10290500003)(99286004)(10090500001)(7736002)(14454004)(6116002)(5660300001)(2906002)(97736004)(6346003)(102836004)(575784001)(22452003)(86612001)(3660700001)(186003)(2900100001)(25786009)(478600001)(5250100002)(26005)(6486002)(6436002)(81156014)(81166006)(36756003)(4326008)(86362001)(76176011)(6512007)(8936002)(106356001)(3846002)(53936002)(105586002)(3280700002)(305945005)(68736007)(110136005)(2950100002)(54906003)(8676002)(107886003)(316002)(6506007)(59450400001)(22906009)(217873001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR2101MB0933; H:DM5PR2101MB1032.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts) authentication-results: spf=none (sender IP is ) smtp.mailfrom=Alexander.Levin@microsoft.com; x-microsoft-antispam-message-info: tgcRJGXz0fTQULr6qomu73P7jaCxslstCOhqM8LWHYGI3lR8LWAlVFGIFySV9/a+psOi7vCgOoRf7HzCAOJMSmZy48Hb1VA7hJSQHcJNT3BGPNPspoAgOOwkN1Dx9xGonxXa35KTH4JJAP4JF2ClsYqkhEOPev4q5+p0OGyZuTXo6jbqiqu38lM1yzsQ2sgNuM0vc/0QaEW4vf//KC0Pbp14WmwZnM8C4P/N0UbkX7RnI4/AYGsN11tifdqImrjHsJxuMwqsVyS9Nd8DgHPfYmjMYzdTDbRoQSdwwb600wa9NIiSnUfpJy6Wg2U44lmxNiDHe88vKTL4hb1yy3AwuA== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9af78896-12f2-4b51-b306-08d58db23ee0 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Mar 2018 15:58:23.9590 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR2101MB0933 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Will Deacon [ Upstream commit 88b0193d9418c00340e45e0a913a0813bc6c8c96 ] Perf can generate and record a user callchain in response to a synchronous request, such as a tracepoint firing. If this happens under set_fs(KERNEL_DS), then we can end up walking the user stack (and dereferencing/saving whatever we find there) without the protections usually afforded by checks such as access_ok. Rather than play whack-a-mole with each architecture's stack unwinding implementation, fix the root of the problem by ensuring that we force USER_DS when invoking perf_callchain_user from the perf core. Reported-by: Al Viro Signed-off-by: Will Deacon Acked-by: Peter Zijlstra Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Linus Torvalds Cc: Thomas Gleixner Signed-off-by: Ingo Molnar Signed-off-by: Sasha Levin --- kernel/events/callchain.c | 6 ++++++ 1 file changed, 6 insertions(+) -- 2.14.1 diff --git a/kernel/events/callchain.c b/kernel/events/callchain.c index e9fdb5203de5..411226b26bca 100644 --- a/kernel/events/callchain.c +++ b/kernel/events/callchain.c @@ -227,12 +227,18 @@ get_perf_callchain(struct pt_regs *regs, u32 init_nr, bool kernel, bool user, } if (regs) { + mm_segment_t fs; + if (crosstask) goto exit_put; if (add_mark) perf_callchain_store_context(&ctx, PERF_CONTEXT_USER); + + fs = get_fs(); + set_fs(USER_DS); perf_callchain_user(&ctx, regs); + set_fs(fs); } }