From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752808AbbETF1M (ORCPT ); Wed, 20 May 2015 01:27:12 -0400 Received: from mail-ie0-f173.google.com ([209.85.223.173]:32950 "EHLO mail-ie0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751077AbbETF1I (ORCPT ); Wed, 20 May 2015 01:27:08 -0400 Message-ID: <555C1B29.1070404@plumgrid.com> Date: Tue, 19 May 2015 22:27:05 -0700 From: Alexei Starovoitov User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: Ingo Molnar CC: Peter Zijlstra , Arnaldo Carvalho de Melo , Wang Nan , lizefan@huawei.com, pi3orama@163.com, linux-kernel@vger.kernel.org Subject: Re: [PATCH tip] perf/events/core: fix race in bpf program unregister References: <1431717321-28772-1-git-send-email-ast@plumgrid.com> In-Reply-To: <1431717321-28772-1-git-send-email-ast@plumgrid.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 5/15/15 12:15 PM, Alexei Starovoitov wrote: > there is a race between perf_event_free_bpf_prog() and free_trace_kprobe(): > > __free_event() > event->destroy(event) > tp_perf_event_destroy() > perf_trace_destroy() > perf_trace_event_unreg() > > which is dropping event->tp_event->perf_refcount and allows to proceed in: > > unregister_trace_kprobe() > unregister_kprobe_event() > trace_remove_event_call() > probe_remove_event_call() > free_trace_kprobe() > > while __free_event does: > call_rcu(&event->rcu_head, free_event_rcu); > free_event_rcu() > perf_event_free_bpf_prog() > > To fix the race simply move perf_event_free_bpf_prog() before > event->destroy(), since event->tp_event is still valid at that point. > > Note, perf_trace_destroy() is not racing with trace_remove_event_call() > since they both grab event_mutex. > > Fixes: 2541517c32be ("tracing, perf: Implement BPF programs attached to kprobes") > Reported-by: Wang Nan > Signed-off-by: Alexei Starovoitov ping. This is needed in 4.1.