[PATCH linux-next] perf/x86: x86_schedule_events(): avoid 512 byte stack variable

From: Tim Gardner
Date: Fri Feb 08 2013 - 15:02:14 EST

x86_schedule_events() creates a 512 byte automatic variable
when compiled for 64 bit. Dynamically allocate this array
to avoid possible stack corruption. Smatch analysis:

arch/x86/kernel/cpu/perf_event.c:727 x86_schedule_events() warn:
'constraints' puts 512 bytes on stack

Cc: Peter Zijlstra <a.p.zijlstra@xxxxxxxxx>
Cc: Paul Mackerras <paulus@xxxxxxxxx>
Cc: Ingo Molnar <mingo@xxxxxxxxxx>
Cc: Arnaldo Carvalho de Melo <acme@xxxxxxxxxxxxxxxxxx>
Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Cc: "H. Peter Anvin" <hpa@xxxxxxxxx>
Cc: x86@xxxxxxxxxx
Cc: <stable@xxxxxxxxxxxxxxx> # 2.6.34.y and higher
Signed-off-by: Tim Gardner <tim.gardner@xxxxxxxxxxxxx>

This large stack variable was introduced with 63b146490befc027a7e0923e333269e68b20d380
in 2.6.34. Since it has been around for awhile I don't know if its really a
problem on this code path, but it does consume a good size chunk of the kernel stack.

Applies cleanly to 3.3.y and higher. Needs backport for older kernels.

arch/x86/kernel/cpu/perf_event.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kernel/cpu/perf_event.c b/arch/x86/kernel/cpu/perf_event.c
index bf0f01a..1f2005e 100644
--- a/arch/x86/kernel/cpu/perf_event.c
+++ b/arch/x86/kernel/cpu/perf_event.c
@@ -718,11 +718,15 @@ int perf_assign_events(struct event_constraint **constraints, int n,

int x86_schedule_events(struct cpu_hw_events *cpuc, int n, int *assign)
- struct event_constraint *c, *constraints[X86_PMC_IDX_MAX];
+ struct event_constraint *c, **constraints;
unsigned long used_mask[BITS_TO_LONGS(X86_PMC_IDX_MAX)];
int i, wmin, wmax, num = 0;
struct hw_perf_event *hwc;

+ constraints = kmalloc(X86_PMC_IDX_MAX*sizeof(*constraints), GFP_ATOMIC);
+ if (!constraints)
+ return -ENOMEM;
bitmap_zero(used_mask, X86_PMC_IDX_MAX);

for (i = 0, wmin = X86_PMC_IDX_MAX, wmax = 0; i < n; i++) {
@@ -770,6 +774,9 @@ int x86_schedule_events(struct cpu_hw_events *cpuc, int n, int *assign)
x86_pmu.put_event_constraints(cpuc, cpuc->event_list[i]);
+ kfree(constraints);
return num ? -EINVAL : 0;


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/