From: Eric Dumazet <eric.dumazet@gmail.com>
Date: Tue, 25 Jan 2011 18:40:51 +0000 (+0100)
Subject: perf: Fix alloc_callchain_buffers()
X-Git-Tag: v2.6.37.1~69
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=785fb57c98233ad3d9818259c3c139585cfbff3e;p=people%2Fms%2Flinux.git

perf: Fix alloc_callchain_buffers()

commit 88d4f0db7fa8785859c1d637f9aac210932b6216 upstream.

Commit 927c7a9e92c4 ("perf: Fix race in callchains") introduced
a mismatch in the sizing of struct callchain_cpus_entries.

nr_cpu_ids must be used instead of num_possible_cpus(), or we
might get out of bound memory accesses on some machines.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: David Miller <davem@davemloft.net>
Cc: Stephane Eranian <eranian@google.com>
LKML-Reference: <1295980851.3588.351.camel@edumazet-laptop>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---

diff --git a/kernel/perf_event.c b/kernel/perf_event.c
index 2870feee81dd..8465baf40087 100644
--- a/kernel/perf_event.c
+++ b/kernel/perf_event.c
@@ -1872,8 +1872,7 @@ static int alloc_callchain_buffers(void)
 	 * accessed from NMI. Use a temporary manual per cpu allocation
 	 * until that gets sorted out.
 	 */
-	size = sizeof(*entries) + sizeof(struct perf_callchain_entry *) *
-		num_possible_cpus();
+	size = offsetof(struct callchain_cpus_entries, cpu_entries[nr_cpu_ids]);
 
 	entries = kzalloc(size, GFP_KERNEL);
 	if (!entries)