[PATCHv4] perf: Fix vmalloc ring buffer pages handling

Jiri Olsa Tue, 19 Mar 2013 07:36:32 -0700

On Tue, Mar 19, 2013 at 12:46:58PM +0100, Peter Zijlstra wrote:
> 
> > are you going to include that, or should I repost it?
> 
> Ah, please repost (and prettify) it, I'm still very limited in the
> amount of work that I can do :/
>


ok, attached

jirka

---
If we allocate perf ring buffer with the size of single (user)
page, we will get memory corruption when releasing itin rb_free_work
function (for CONFIG_PERF_USE_VMALLOC option).

For single page sized ring buffer the page_order is -1 (because
nr_pages is 0). This needs to be recognized in the rb_free_work
function to release proper amount of pages.

Adding data_page_nr function that returns number of allocated
data pages. Customizing the rest of the code to use it.

Reported-by: Jan Stancek <jstan...@redhat.com>
Original-patch-by: Peter Zijlstra <a.p.zijls...@chello.nl>
Cc: Corey Ashford <cjash...@linux.vnet.ibm.com>
Cc: Frederic Weisbecker <fweis...@gmail.com>
Cc: Ingo Molnar <mi...@elte.hu>
Cc: Namhyung Kim <namhy...@kernel.org>
Cc: Paul Mackerras <pau...@samba.org>
Cc: Peter Zijlstra <a.p.zijls...@chello.nl>
Cc: Arnaldo Carvalho de Melo <a...@redhat.com>
Signed-off-by: Jiri Olsa <jo...@redhat.com>
---
 kernel/events/ring_buffer.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/kernel/events/ring_buffer.c b/kernel/events/ring_buffer.c
index 23cb34f..27a1af4 100644
--- a/kernel/events/ring_buffer.c
+++ b/kernel/events/ring_buffer.c
@@ -312,11 +312,16 @@ void rb_free(struct ring_buffer *rb)
 }
 
 #else
+static int data_page_nr(struct ring_buffer *rb)
+{
+       return rb->nr_pages << page_order(rb);
+}
 
 struct page *
 perf_mmap_to_page(struct ring_buffer *rb, unsigned long pgoff)
 {
-       if (pgoff > (1UL << page_order(rb)))
+       /* The '>' counts in the user page. */
+       if (pgoff > data_page_nr(rb))
                return NULL;
 
        return vmalloc_to_page((void *)rb->user_page + pgoff * PAGE_SIZE);
@@ -336,10 +341,11 @@ static void rb_free_work(struct work_struct *work)
        int i, nr;
 
        rb = container_of(work, struct ring_buffer, work);
-       nr = 1 << page_order(rb);
+       nr = data_page_nr(rb);
 
        base = rb->user_page;
-       for (i = 0; i < nr + 1; i++)
+       /* The '<=' counts in the user page. */
+       for (i = 0; i <= nr; i++)
                perf_mmap_unmark_page(base + (i * PAGE_SIZE));
 
        vfree(base);
@@ -373,7 +379,7 @@ struct ring_buffer *rb_alloc(int nr_pages, long watermark, 
int cpu, int flags)
        rb->user_page = all_buf;
        rb->data_pages[0] = all_buf + PAGE_SIZE;
        rb->page_order = ilog2(nr_pages);
-       rb->nr_pages = 1;
+       rb->nr_pages = !!nr_pages;
 
        ring_buffer_init(rb, watermark, flags);
 
-- 
1.7.11.7

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCHv4] perf: Fix vmalloc ring buffer pages handling

Reply via email to