From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1756550AbbLQOGT (ORCPT <rfc822;w@1wt.eu>);
	Thu, 17 Dec 2015 09:06:19 -0500
Received: from casper.infradead.org ([85.118.1.10]:37596 "EHLO
	casper.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1756291AbbLQOGS (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Thu, 17 Dec 2015 09:06:18 -0500
Date: Thu, 17 Dec 2015 15:06:15 +0100
From: Peter Zijlstra <peterz@infradead.org>
To: Dmitry Vyukov <dvyukov@google.com>
Cc: Ingo Molnar <mingo@redhat.com>, Arnaldo Carvalho de Melo <acme@kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        syzkaller <syzkaller@googlegroups.com>,
        Kostya Serebryany <kcc@google.com>,
        Alexander Potapenko <glider@google.com>,
        Eric Dumazet <edumazet@google.com>,
        Sasha Levin <sasha.levin@oracle.com>
Subject: Re: use-after-free in __perf_install_in_context
Message-ID: <20151217140615.GN6373@twins.programming.kicks-ass.net>
References: <CACT4Y+bQqHPsxdh5nhSA154KeCxRirk8QGwRe-5pMUToGE8yAg@mail.gmail.com>
 <20151207153630.GB6356@twins.programming.kicks-ass.net>
 <CACT4Y+b8mQs7mDZ2O_k69XuhJAtfXJZ4zOQDCagnRcr7ZJOgzg@mail.gmail.com>
 <20151208164412.GD6357@twins.programming.kicks-ass.net>
 <CACT4Y+YTrj+9-9kOoAaPnxhnu6Qnz0Kxi55O-D-Z1YzrzDryww@mail.gmail.com>
 <20151210195740.GG6357@twins.programming.kicks-ass.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20151210195740.GG6357@twins.programming.kicks-ass.net>
User-Agent: Mutt/1.5.21 (2012-12-30)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Dec 10, 2015 at 08:57:40PM +0100, Peter Zijlstra wrote:
> I'm not sure I can explain your problem with this, but I figure its
> worth a try.

Did it make a difference?

Also, does the syzkaller thing do cpu-hotplug during its runs?

> ---
>  kernel/events/core.c | 15 +++++----------
>  1 file changed, 5 insertions(+), 10 deletions(-)
> 
> diff --git a/kernel/events/core.c b/kernel/events/core.c
> index c3d61b92d805..d5293325d8c5 100644
> --- a/kernel/events/core.c
> +++ b/kernel/events/core.c
> @@ -3136,15 +3136,16 @@ static int event_enable_on_exec(struct perf_event *event,
>   * Enable all of a task's events that have been marked enable-on-exec.
>   * This expects task == current.
>   */
> -static void perf_event_enable_on_exec(struct perf_event_context *ctx)
> +static void perf_event_enable_on_exec(int ctxn)
>  {
> -	struct perf_event_context *clone_ctx = NULL;
> +	struct perf_event_context *ctx, *clone_ctx = NULL;
>  	struct perf_event *event;
>  	unsigned long flags;
>  	int enabled = 0;
>  	int ret;
>  
>  	local_irq_save(flags);
> +	ctx = current->perf_event_ctxp[ctxn];
>  	if (!ctx || !ctx->nr_events)
>  		goto out;
>  
> @@ -3187,17 +3188,11 @@ static void perf_event_enable_on_exec(struct perf_event_context *ctx)
>  
>  void perf_event_exec(void)
>  {
> -	struct perf_event_context *ctx;
>  	int ctxn;
>  
>  	rcu_read_lock();
> -	for_each_task_context_nr(ctxn) {
> -		ctx = current->perf_event_ctxp[ctxn];
> -		if (!ctx)
> -			continue;
> -
> -		perf_event_enable_on_exec(ctx);
> -	}
> +	for_each_task_context_nr(ctxn)
> +		perf_event_enable_on_exec(ctxn);
>  	rcu_read_unlock();
>  }
>