public inbox for kernel-janitors@vger.kernel.org
 help / color / mirror / Atom feed
* re: perf: Fix perf_event_exit_task() race
@ 2016-01-27 20:24 Dan Carpenter
  2016-01-27 20:58 ` Peter Zijlstra
  0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2016-01-27 20:24 UTC (permalink / raw)
  To: kernel-janitors

Hello Peter Zijlstra,

The patch 63b6da39bb38: "perf: Fix perf_event_exit_task() race" from
Jan 14, 2016, leads to the following static checker warning:

	kernel/events/core.c:1235 perf_lock_task_context()
	error: potential NULL dereference 'ctx'.

kernel/events/core.c
  1209          ctx = rcu_dereference(task->perf_event_ctxp[ctxn]);
  1210          if (ctx) {
  1211                  /*
  1212                   * If this context is a clone of another, it might
  1213                   * get swapped for another underneath us by
  1214                   * perf_event_task_sched_out, though the
  1215                   * rcu_read_lock() protects us from any context
  1216                   * getting freed.  Lock the context and check if it
  1217                   * got swapped before we could get the lock, and retry
  1218                   * if so.  If we locked the right context, then it
  1219                   * can't get swapped on us any more.
  1220                   */
  1221                  raw_spin_lock(&ctx->lock);
  1222                  if (ctx != rcu_dereference(task->perf_event_ctxp[ctxn])) {
  1223                          raw_spin_unlock(&ctx->lock);
  1224                          rcu_read_unlock();
  1225                          local_irq_restore(*flags);
  1226                          goto retry;
  1227                  }
  1228  
  1229                  if (ctx->task = TASK_TOMBSTONE ||
  1230                      !atomic_inc_not_zero(&ctx->refcount)) {
  1231                          raw_spin_unlock(&ctx->lock);
  1232                          ctx = NULL;
                                ^^^^^^^^^^
ctx is NULL.

  1233                  }
  1234  
  1235                  WARN_ON_ONCE(ctx->task != task);
                                     ^^^^^^^^^^^^^^^^^
The patch adds a NULL dereference.

  1236          }
  1237          rcu_read_unlock();
  1238          if (!ctx)
  1239                  local_irq_restore(*flags);
  1240          return ctx;
  1241  }

regards,
dan carpenter

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: perf: Fix perf_event_exit_task() race
  2016-01-27 20:24 perf: Fix perf_event_exit_task() race Dan Carpenter
@ 2016-01-27 20:58 ` Peter Zijlstra
  0 siblings, 0 replies; 2+ messages in thread
From: Peter Zijlstra @ 2016-01-27 20:58 UTC (permalink / raw)
  To: kernel-janitors

On Wed, Jan 27, 2016 at 11:24:22PM +0300, Dan Carpenter wrote:

>   1229                  if (ctx->task = TASK_TOMBSTONE ||
>   1230                      !atomic_inc_not_zero(&ctx->refcount)) {
>   1231                          raw_spin_unlock(&ctx->lock);
>   1232                          ctx = NULL;
>                                 ^^^^^^^^^^
> ctx is NULL.
> 
>   1233                  }
>   1234  
>   1235                  WARN_ON_ONCE(ctx->task != task);
>                                      ^^^^^^^^^^^^^^^^^
> The patch adds a NULL dereference.

Clearly I didn't manage to trigger that in testing :/

Thanks!

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-01-27 20:58 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-01-27 20:24 perf: Fix perf_event_exit_task() race Dan Carpenter
2016-01-27 20:58 ` Peter Zijlstra

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox