From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751245AbcFATfh (ORCPT <rfc822;w@1wt.eu>);
	Wed, 1 Jun 2016 15:35:37 -0400
Received: from mail-pf0-f181.google.com ([209.85.192.181]:35994 "EHLO
	mail-pf0-f181.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751064AbcFATff (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Wed, 1 Jun 2016 15:35:35 -0400
From: David Carrillo-Cisneros <davidcc@google.com>
To: linux-kernel@vger.kernel.org
Cc: "x86@kernel.org" <x86@kernel.org>, Ingo Molnar <mingo@redhat.com>,
        "Yan, Zheng" <zheng.z.yan@intel.com>, Andi Kleen <ak@linux.intel.com>,
        Kan Liang <kan.liang@intel.com>, Peter Zijlstra <peterz@infradead.org>,
        David Carrillo-Cisneros <davidcc@google.com>,
        Stephane Eranian <eranian@google.com>
Subject: [PATCH] perf/core: make account/unaccount_sb_event consistent
Date: Wed,  1 Jun 2016 12:33:05 -0700
Message-Id: <1464809585-66072-1-git-send-email-davidcc@google.com>
X-Mailer: git-send-email 2.8.0.rc3.226.g39d4020
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

unaccount_pmu_sb_event did not check for attributes in event->attr
before calling detach_sb_event, while account_pmu_event did.

This caused NULL pointer reference in cgroup events that did not
have any of the attributes checked by account_pmu_event.

To trigger the bug just wait for a cgroup event to terminate, e.g.:

$ mkdir /dev/cgroup/devices/test
$ perf stat -e cycles -a -G test sleep 0

... see crash ...

Patch rebased on peterz/queue/perf/core .

Reviewed-by: Stephane Eranian <eranian@google.com>
Signed-off-by: David Carrillo-Cisneros <davidcc@google.com>
---
 kernel/events/core.c | 34 ++++++++++++++++++----------------
 1 file changed, 18 insertions(+), 16 deletions(-)

diff --git a/kernel/events/core.c b/kernel/events/core.c
index 1e48efc..6af0f01 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -3682,15 +3682,28 @@ static void detach_sb_event(struct perf_event *event)
 	raw_spin_unlock(&pel->lock);
 }
 
-static void unaccount_pmu_sb_event(struct perf_event *event)
+static bool is_sb_event(struct perf_event *event)
 {
+	struct perf_event_attr *attr = &event->attr;
+
 	if (event->parent)
-		return;
+		return false;
 
 	if (event->attach_state & PERF_ATTACH_TASK)
-		return;
+		return false;
 
-	detach_sb_event(event);
+	if (attr->mmap || attr->mmap_data || attr->mmap2 ||
+	    attr->comm || attr->comm_exec ||
+	    attr->task ||
+	    attr->context_switch)
+		return true;
+	return false;
+}
+
+static void unaccount_pmu_sb_event(struct perf_event *event)
+{
+	if (is_sb_event(event))
+		detach_sb_event(event);
 }
 
 static void unaccount_event_cpu(struct perf_event *event, int cpu)
@@ -8666,18 +8679,7 @@ static void attach_sb_event(struct perf_event *event)
  */
 static void account_pmu_sb_event(struct perf_event *event)
 {
-	struct perf_event_attr *attr = &event->attr;
-
-	if (event->parent)
-		return;
-
-	if (event->attach_state & PERF_ATTACH_TASK)
-		return;
-
-	if (attr->mmap || attr->mmap_data || attr->mmap2 ||
-	    attr->comm || attr->comm_exec ||
-	    attr->task ||
-	    attr->context_switch)
+	if (is_sb_event(event))
 		attach_sb_event(event);
 }
 
-- 
2.8.0.rc3.226.g39d4020