diff options
| author | Peter Zijlstra <[email protected]> | 2019-03-14 14:01:14 +0100 |
|---|---|---|
| committer | Thomas Gleixner <[email protected]> | 2019-03-15 12:22:51 +0100 |
| commit | ede271b059463731cbd6dffe55ffd70d7dbe8392 (patch) | |
| tree | 5d1b2014a92505823799984d192a60fa99501dfd | |
| parent | f261c4e529dac5608a604d3dd3ae1cd2adf23c89 (diff) | |
perf/x86/intel: Fix memory corruption
Through:
validate_event()
x86_pmu.get_event_constraints(.idx=-1)
tfa_get_event_constraints()
dyn_constraint()
cpuc->constraint_list[-1] is used, which is an obvious out-of-bound access.
In this case, simply skip the TFA constraint code, there is no event
constraint with just PMC3, therefore the code will never result in the
empty set.
Fixes: 400816f60c54 ("perf/x86/intel: Implement support for TSX Force Abort")
Reported-by: Tony Jones <[email protected]>
Reported-by: "DSouza, Nelson" <[email protected]>
Signed-off-by: Peter Zijlstra (Intel) <[email protected]>
Signed-off-by: Thomas Gleixner <[email protected]>
Tested-by: Tony Jones <[email protected]>
Tested-by: "DSouza, Nelson" <[email protected]>
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Link: https://lkml.kernel.org/r/[email protected]
| -rw-r--r-- | arch/x86/events/intel/core.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c index 35102ecdfc8d..92dfeb343a6a 100644 --- a/arch/x86/events/intel/core.c +++ b/arch/x86/events/intel/core.c @@ -3410,7 +3410,7 @@ tfa_get_event_constraints(struct cpu_hw_events *cpuc, int idx, /* * Without TFA we must not use PMC3. */ - if (!allow_tsx_force_abort && test_bit(3, c->idxmsk)) { + if (!allow_tsx_force_abort && test_bit(3, c->idxmsk) && idx >= 0) { c = dyn_constraint(cpuc, c, idx); c->idxmsk64 &= ~(1ULL << 3); c->weight--; |