perf/x86: Fix potential bad container_of in intel_pmu_hw_config

Auto counter reload may have a group of events with software events
present within it. The software event PMU isn't the x86_hybrid_pmu and
a container_of operation in intel_pmu_set_acr_caused_constr (via the
hybrid helper) could cause out of bound memory reads. Avoid this by
guarding the call to intel_pmu_set_acr_caused_constr with an
is_x86_event check.

Fixes: ec980e4facef ("perf/x86/intel: Support auto counter reload")
Signed-off-by: Ian Rogers <irogers@google.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Thomas Falcon <thomas.falcon@intel.com>
Link: https://patch.msgid.link/20260312194305.1834035-1-irogers@google.com

diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c
index 36c68210d4d2fe9940f2b74fc55ecc56f8b34d44..793335c3ce787d452eefe1393772548b5d2f9b6f 100644 (file)
--- a/arch/x86/events/intel/core.c
+++ b/arch/x86/events/intel/core.c
@@ -4855,8 +4855,10 @@ static int intel_pmu_hw_config(struct perf_event *event)
                intel_pmu_set_acr_caused_constr(leader, idx++, cause_mask);
 
                if (leader->nr_siblings) {
-                       for_each_sibling_event(sibling, leader)
-                               intel_pmu_set_acr_caused_constr(sibling, idx++, cause_mask);
+                       for_each_sibling_event(sibling, leader) {
+                               if (is_x86_event(sibling))
+                                       intel_pmu_set_acr_caused_constr(sibling, idx++, cause_mask);
+                       }
                }
 
                if (leader != event)