From: tip-bot for Peter Zijlstra <tipbot@zytor.com>
To: linux-tip-commits@vger.kernel.org
Cc: tglx@linutronix.de, sasha.levin@oracle.com,
linux-kernel@vger.kernel.org, peterz@infradead.org,
hpa@zytor.com, jolsa@redhat.com, mingo@kernel.org,
vincent.weaver@maine.edu
Subject: [tip:perf/core] perf: Fix racy group access
Date: Fri, 27 Mar 2015 04:46:26 -0700 [thread overview]
Message-ID: <tip-ccd41c86ad4d464d0ed4e48d80759ff85c2115b0@git.kernel.org> (raw)
In-Reply-To: <20150225151639.GL5029@twins.programming.kicks-ass.net>
Commit-ID: ccd41c86ad4d464d0ed4e48d80759ff85c2115b0
Gitweb: http://git.kernel.org/tip/ccd41c86ad4d464d0ed4e48d80759ff85c2115b0
Author: Peter Zijlstra <peterz@infradead.org>
AuthorDate: Wed, 25 Feb 2015 15:56:04 +0100
Committer: Ingo Molnar <mingo@kernel.org>
CommitDate: Fri, 27 Mar 2015 09:49:45 +0100
perf: Fix racy group access
While looking at some fuzzer output I noticed that we do not hold any
locks on leader->ctx and therefore the sibling_list iteration is
unsafe.
Acquire the relevant ctx->mutex before calling into the pmu specific
code.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Vince Weaver <vincent.weaver@maine.edu>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Sasha Levin <sasha.levin@oracle.com>
Link: http://lkml.kernel.org/r/20150225151639.GL5029@twins.programming.kicks-ass.net
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
kernel/events/core.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/kernel/events/core.c b/kernel/events/core.c
index b01dfb6..bb1a7c3 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -7036,12 +7036,23 @@ EXPORT_SYMBOL_GPL(perf_pmu_unregister);
static int perf_try_init_event(struct pmu *pmu, struct perf_event *event)
{
+ struct perf_event_context *ctx = NULL;
int ret;
if (!try_module_get(pmu->module))
return -ENODEV;
+
+ if (event->group_leader != event) {
+ ctx = perf_event_ctx_lock(event->group_leader);
+ BUG_ON(!ctx);
+ }
+
event->pmu = pmu;
ret = pmu->event_init(event);
+
+ if (ctx)
+ perf_event_ctx_unlock(event->group_leader, ctx);
+
if (ret)
module_put(pmu->module);
prev parent reply other threads:[~2015-03-27 11:47 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-17 16:17 perf: fuzzer causes lockup in x86_pmu_event_init() Vince Weaver
2015-02-24 3:56 ` Vince Weaver
2015-02-25 15:16 ` Peter Zijlstra
2015-02-28 12:14 ` Jiri Olsa
2015-03-02 19:13 ` Vince Weaver
2015-03-04 10:32 ` Jiri Olsa
2015-03-17 13:55 ` Jiri Olsa
2015-03-17 14:11 ` Peter Zijlstra
2015-03-17 15:00 ` Vince Weaver
2015-03-17 14:10 ` Peter Zijlstra
2015-03-27 11:46 ` tip-bot for Peter Zijlstra [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=tip-ccd41c86ad4d464d0ed4e48d80759ff85c2115b0@git.kernel.org \
--to=tipbot@zytor.com \
--cc=hpa@zytor.com \
--cc=jolsa@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-tip-commits@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=peterz@infradead.org \
--cc=sasha.levin@oracle.com \
--cc=tglx@linutronix.de \
--cc=vincent.weaver@maine.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.