• P
    perf/x86/intel: Cure bogus unwind from PEBS entries · b8000586
    Peter Zijlstra 提交于
    Vince Weaver reported that perf_fuzzer + KASAN detects that PEBS event
    unwinds sometimes do 'weird' things. In particular, we seemed to be
    ending up unwinding from random places on the NMI stack.
    
    While it was somewhat expected that the event record BP,SP would not
    match the interrupt BP,SP in that the interrupt is strictly later than
    the record event, it was overlooked that it could be on an already
    overwritten stack.
    
    Therefore, don't copy the recorded BP,SP over the interrupted BP,SP
    when we need stack unwinds.
    
    Note that its still possible the unwind doesn't full match the actual
    event, as its entirely possible to have done an (I)RET between record
    and interrupt, but on average it should still point in the general
    direction of where the event came from. Also, it's the best we can do,
    considering.
    
    The particular scenario that triggered the bogus NMI stack unwind was
    a PEBS event with very short period, upon enabling the event at the
    tail of the PMI handler (FREEZE_ON_PMI is not used), it instantly
    triggers a record (while still on the NMI stack) which in turn
    triggers the next PMI. This then causes back-to-back NMIs and we'll
    try and unwind the stack-frame from the last NMI, which obviously is
    now overwritten by our own.
    Analyzed-by: NJosh Poimboeuf <jpoimboe@redhat.com>
    Reported-by: NVince Weaver <vincent.weaver@maine.edu>
    Signed-off-by: NPeter Zijlstra (Intel) <peterz@infradead.org>
    Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
    Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
    Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
    Cc: Jiri Olsa <jolsa@redhat.com>
    Cc: Linus Torvalds <torvalds@linux-foundation.org>
    Cc: Peter Zijlstra <peterz@infradead.org>
    Cc: Stephane Eranian <eranian@gmail.com>
    Cc: Stephane Eranian <eranian@google.com>
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Cc: davej@codemonkey.org.uk <davej@codemonkey.org.uk>
    Cc: dvyukov@google.com <dvyukov@google.com>
    Cc: stable@vger.kernel.org
    Fixes: ca037701 ("perf, x86: Add PEBS infrastructure")
    Link: http://lkml.kernel.org/r/20161117171731.GV3157@twins.programming.kicks-ass.netSigned-off-by: NIngo Molnar <mingo@kernel.org>
    b8000586
ds.c 39.4 KB