[PATCH] bpf: fix a race between perf_event

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] bpf: fix a race between perf_event_fd and kprobe freeing
@ 2015-05-15 10:52 Wang Nan
  2015-05-15 15:59 ` Alexei Starovoitov
  0 siblings, 1 reply; 2+ messages in thread
From: Wang Nan @ 2015-05-15 10:52 UTC (permalink / raw)
  To: ast; +Cc: lizefan, linux-kernel, pi3orama

According to Alexei Starovoitov (http://lkml.org/lkml/2015/5/15/29),
there is racing between perf_event_fd and kprobe freeing:

  __free_event()
    event->destroy(event)
      perf_trace_destroy
        perf_trace_event_unreg

which is dropping event->tp_event->perf_refcount
that allows kprobe freeing to proceed in:
  unregister_kprobe_event
    trace_remove_event_call
      probe_remove_event_call
and eventually tp_event to get freed.

And he suggest to call perf_event_free_bpf_prog() from __free_event()
instead of free_event_rcu() will fix the race,

Signed-off-by: Wang Nan <wangnan0@huawei.com>
---

Hi Alexei Starovoitov,
   I tried this patch with identical operations and unable to reproduce
   the problem anymore. I think your analysis is right. However, I
   heavn't carefully check the base principle. Could you please check
   it in your environment?

Thank you.

---
 kernel/events/core.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/kernel/events/core.c b/kernel/events/core.c
index 81aa3a4..e1f2d5c 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -3422,7 +3422,6 @@ static void free_event_rcu(struct rcu_head *head)
 	if (event->ns)
 		put_pid_ns(event->ns);
 	perf_event_free_filter(event);
-	perf_event_free_bpf_prog(event);
 	kfree(event);
 }
 
@@ -3564,6 +3563,8 @@ static void __free_event(struct perf_event *event)
 		module_put(event->pmu->module);
 	}
 
+	perf_event_free_bpf_prog(event);
+
 	call_rcu(&event->rcu_head, free_event_rcu);
 }
 
-- 
1.8.3.4


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] bpf: fix a race between perf_event_fd and kprobe freeing
  2015-05-15 10:52 [PATCH] bpf: fix a race between perf_event_fd and kprobe freeing Wang Nan
@ 2015-05-15 15:59 ` Alexei Starovoitov
  0 siblings, 0 replies; 2+ messages in thread
From: Alexei Starovoitov @ 2015-05-15 15:59 UTC (permalink / raw)
  To: Wang Nan; +Cc: lizefan, linux-kernel, pi3orama

On 5/15/15 3:52 AM, Wang Nan wrote:
> According to Alexei Starovoitov (http://lkml.org/lkml/2015/5/15/29),
> there is racing between perf_event_fd and kprobe freeing:

...

> And he suggest to call perf_event_free_bpf_prog() from __free_event()
> instead of free_event_rcu() will fix the race,
...

> @@ -3564,6 +3563,8 @@ static void __free_event(struct perf_event *event)
>   		module_put(event->pmu->module);
>   	}
>
> +	perf_event_free_bpf_prog(event);
> +
>   	call_rcu(&event->rcu_head, free_event_rcu);
>   }

I don't think that's the right place. It needs to be before destroy().
I will send a patch soon.


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2015-05-15 15:59 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-05-15 10:52 [PATCH] bpf: fix a race between perf_event_fd and kprobe freeing Wang Nan
2015-05-15 15:59 ` Alexei Starovoitov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).