/* * Copyright 2015, Cyril Bur, IBM Corp. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version * 2 of the License, or (at your option) any later version. * * This test attempts to see if the VMX registers change across preemption. * Two things should be noted here a) The check_vmx function in asm only checks * the non volatile registers as it is reused from the syscall test b) There is * no way to be sure preemption happened so this test just uses many threads * and a long wait. As such, a successful test doesn't mean much but a failure * is bad. */ #include #include #include #include #include #include #include #include #include "utils.h" /* Time to wait for workers to get preempted (seconds) */ #define PREEMPT_TIME 20 /* * Factor by which to multiply number of online CPUs for total number of * worker threads */ #define THREAD_FACTOR 8 __thread vector int varray[] = {{1, 2, 3, 4}, {5, 6, 7, 8}, {9, 10,11,12}, {13,14,15,16},{17,18,19,20},{21,22,23,24}, {25,26,27,28},{29,30,31,32},{33,34,35,36}, {37,38,39,40},{41,42,43,44},{45,46,47,48}}; int threads_starting; int running; extern void preempt_vmx(vector int *varray, int *threads_starting, int *running); void *preempt_vmx_c(void *p) { int i, j; srand(pthread_self()); for (i = 0; i < 12; i++) for (j = 0; j < 4; j++) varray[i][j] = rand(); /* Test fails if it ever returns */ preempt_vmx(varray, &threads_starting, &running); return p; } int test_preempt_vmx(void) { int i, rc, threads; pthread_t *tids; threads = sysconf(_SC_NPROCESSORS_ONLN) * THREAD_FACTOR; tids = malloc(threads * sizeof(pthread_t)); FAIL_IF(!tids); running = true; threads_starting = threads; for (i = 0; i < threads; i++) { rc = pthread_create(&tids[i], NULL, preempt_vmx_c, NULL); FAIL_IF(rc); } setbuf(stdout, NULL); /* Not really nessesary but nice to wait for every thread to start */ printf("\tWaiting for all workers to start..."); while(threads_starting) asm volatile("": : :"memory"); printf("done\n"); printf("\tWaiting for %d seconds to let some workers get preempted...", PREEMPT_TIME); sleep(PREEMPT_TIME); printf("done\n"); printf("\tStopping workers..."); /* * Working are checking this value every loop. In preempt_vmx 'cmpwi r5,0; bne 2b'. * r5 will have loaded the value of running. */ running = 0; for (i = 0; i < threads; i++) { void *rc_p; pthread_join(tids[i], &rc_p); /* * Harness will say the fail was here, look at why preempt_vmx * returned */ if ((long) rc_p) printf("oops\n"); FAIL_IF((long) rc_p); } printf("done\n"); return 0; } int main(int argc, char *argv[]) { return test_harness(test_preempt_vmx, "vmx_preempt"); } ls/perf/arch/x86/tests/insn-x86.c
diff options
context:
space:
mode:
authorPeter Zijlstra <peterz@infradead.org>2017-01-26 16:39:55 +0100
committerIngo Molnar <mingo@kernel.org>2017-01-30 11:41:25 +0100
commita76a82a3e38c8d3fb6499e3dfaeb0949241ab588 (patch)
treeb5bc906278fe1ac66d75de984d26bf59b43b3ed8 /tools/perf/arch/x86/tests/insn-x86.c
parent566cf877a1fcb6d6dc0126b076aad062054c2637 (diff)
perf/core: Fix use-after-free bug
Dmitry reported a KASAN use-after-free on event->group_leader. It turns out there's a hole in perf_remove_from_context() due to event_function_call() not calling its function when the task associated with the event is already dead. In this case the event will have been detached from the task, but the grouping will have been retained, such that group operations might still work properly while there are live child events etc. This does however mean that we can miss a perf_group_detach() call when the group decomposes, this in turn can then lead to use-after-free. Fix it by explicitly doing the group detach if its still required. Reported-by: Dmitry Vyukov <dvyukov@google.com> Tested-by: Dmitry Vyukov <dvyukov@google.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Arnaldo Carvalho de Melo <acme@kernel.org> Cc: Arnaldo Carvalho de Melo <acme@redhat.com> Cc: Jiri Olsa <jolsa@redhat.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: stable@vger.kernel.org # v4.5+ Cc: syzkaller <syzkaller@googlegroups.com> Fixes: 63b6da39bb38 ("perf: Fix perf_event_exit_task() race") Link: http://lkml.kernel.org/r/20170126153955.GD6515@twins.programming.kicks-ass.net Signed-off-by: Ingo Molnar <mingo@kernel.org>
Diffstat (limited to 'tools/perf/arch/x86/tests/insn-x86.c')