From patchwork Mon May 4 17:57:11 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 226443 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CEBC9C3A5A9 for ; Mon, 4 May 2020 17:59:05 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A6F1A2073E for ; Mon, 4 May 2020 17:59:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1588615145; bh=/d4LLvuy0JaQAOIVCX8DV7isbzzvmVxxFXjbhAkZVNw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=mdjTyrdvQb2rWnMIhLJJpRu3uXU54X8BqKU4Aqj/rB5kdsMnAhB1V/oJ6XUrw87KE NRJ++rBi2z1F05ZtAFDVazUSI9TKxx2hgfU3BZSm+A+oQqbVnZSt6c+ShQoxUlgl3c UzuuXS+wzQJB6inuoMEE+E8bmAMmKQY+zgT2WMog= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730627AbgEDR7F (ORCPT ); Mon, 4 May 2020 13:59:05 -0400 Received: from mail.kernel.org ([198.145.29.99]:52166 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730658AbgEDR7E (ORCPT ); Mon, 4 May 2020 13:59:04 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id EFCF020746; Mon, 4 May 2020 17:59:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1588615143; bh=/d4LLvuy0JaQAOIVCX8DV7isbzzvmVxxFXjbhAkZVNw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=wHFq3E2xZjeq5Wl8BWtjXL5YVBMjGSS3l86o8KknOa6vQliILifUxA81nCBq0VRCZ mfSlObOgd89aoPSzPho/aIBXV23Kk6icnj/wv5sf6QxgsCMSGWu9BNFDu6JGzzwHPs uPc/ghKnjw+QAP4eD0Za5K87ilXizBRqRFkCHLdI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, "Peter Zijlstra (Intel)" , Arnaldo Carvalho de Melo , David Ahern , Jiri Olsa , Kan Liang , Linus Torvalds , Namhyung Kim , Stephane Eranian , Thomas Gleixner , Vince Weaver , Ingo Molnar Subject: [PATCH 4.4 13/18] perf/x86: Fix uninitialized value usage Date: Mon, 4 May 2020 19:57:11 +0200 Message-Id: <20200504165444.253471372@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200504165441.533160703@linuxfoundation.org> References: <20200504165441.533160703@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Peter Zijlstra commit e01d8718de4170373cd7fbf5cf6f9cb61cebb1e9 upstream. When calling intel_alt_er() with .idx != EXTRA_REG_RSP_* we will not initialize alt_idx and then use this uninitialized value to index an array. When that is not fatal, it can result in an infinite loop in its caller __intel_shared_reg_get_constraints(), with IRQs disabled. Alternative error modes are random memory corruption due to the cpuc->shared_regs->regs[] array overrun, which manifest in either get_constraints or put_constraints doing weird stuff. Only took 6 hours of painful debugging to find this. Neither GCC nor Smatch warnings flagged this bug. Signed-off-by: Peter Zijlstra (Intel) Cc: Arnaldo Carvalho de Melo Cc: David Ahern Cc: Jiri Olsa Cc: Kan Liang Cc: Linus Torvalds Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Stephane Eranian Cc: Thomas Gleixner Cc: Vince Weaver Fixes: ae3f011fc251 ("perf/x86/intel: Fix SLM MSR_OFFCORE_RSP1 valid_mask") Signed-off-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman --- arch/x86/kernel/cpu/perf_event_intel.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/arch/x86/kernel/cpu/perf_event_intel.c +++ b/arch/x86/kernel/cpu/perf_event_intel.c @@ -1937,7 +1937,8 @@ intel_bts_constraints(struct perf_event static int intel_alt_er(int idx, u64 config) { - int alt_idx; + int alt_idx = idx; + if (!(x86_pmu.flags & PMU_FL_HAS_RSP_1)) return idx;