* [PATCH] perf: Fix the aux_output group inheritance fix
@ 2019-11-01 15:12 Alexander Shishkin
2019-11-07 8:08 ` Alexander Shishkin
2019-11-13 10:06 ` [tip: perf/urgent] perf/aux: " tip-bot2 for Alexander Shishkin
0 siblings, 2 replies; 3+ messages in thread
From: Alexander Shishkin @ 2019-11-01 15:12 UTC (permalink / raw)
To: Peter Zijlstra
Cc: Arnaldo Carvalho de Melo, Ingo Molnar, linux-kernel, Alexander Shishkin
Commit
f733c6b508bc ("perf/core: Fix inheritance of aux_output groups")
adds a null pointer dereference in case inherit_group() races with
perf_release(), which causes the below.
> BUG: kernel NULL pointer dereference, address: 000000000000010b
> #PF: supervisor read access in kernel mode
> #PF: error_code(0x0000) - not-present page
> PGD 3b203b067 P4D 3b203b067 PUD 3b2040067 PMD 0
> Oops: 0000 [#1] SMP KASAN
> CPU: 0 PID: 315 Comm: exclusive-group Tainted: G B 5.4.0-rc3-00181-g72e1839403cb-dirty #878
> RIP: 0010:perf_get_aux_event+0x86/0x270
> Call Trace:
> ? __perf_read_group_add+0x3b0/0x3b0
> ? __kasan_check_write+0x14/0x20
> ? __perf_event_init_context+0x154/0x170
> inherit_task_group.isra.0.part.0+0x14b/0x170
> perf_event_init_task+0x296/0x4b0
Fix this by skipping over events that are getting closed, in the
inheritance path.
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
---
kernel/events/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/events/core.c b/kernel/events/core.c
index b1aa5237052b..8ff1218e91b1 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -12129,7 +12129,7 @@ static int inherit_group(struct perf_event *parent_event,
if (IS_ERR(child_ctr))
return PTR_ERR(child_ctr);
- if (sub->aux_event == parent_event &&
+ if (sub->aux_event == parent_event && child_ctr &&
!perf_get_aux_event(child_ctr, leader))
return -EINVAL;
}
--
2.24.0.rc1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] perf: Fix the aux_output group inheritance fix
2019-11-01 15:12 [PATCH] perf: Fix the aux_output group inheritance fix Alexander Shishkin
@ 2019-11-07 8:08 ` Alexander Shishkin
2019-11-13 10:06 ` [tip: perf/urgent] perf/aux: " tip-bot2 for Alexander Shishkin
1 sibling, 0 replies; 3+ messages in thread
From: Alexander Shishkin @ 2019-11-07 8:08 UTC (permalink / raw)
To: Peter Zijlstra
Cc: Arnaldo Carvalho de Melo, Ingo Molnar, linux-kernel, alexander.shishkin
Alexander Shishkin <alexander.shishkin@linux.intel.com> writes:
> Commit
>
> f733c6b508bc ("perf/core: Fix inheritance of aux_output groups")
In case this one is falling through the cracks.
Regards,
--
Alex
^ permalink raw reply [flat|nested] 3+ messages in thread
* [tip: perf/urgent] perf/aux: Fix the aux_output group inheritance fix
2019-11-01 15:12 [PATCH] perf: Fix the aux_output group inheritance fix Alexander Shishkin
2019-11-07 8:08 ` Alexander Shishkin
@ 2019-11-13 10:06 ` tip-bot2 for Alexander Shishkin
1 sibling, 0 replies; 3+ messages in thread
From: tip-bot2 for Alexander Shishkin @ 2019-11-13 10:06 UTC (permalink / raw)
To: linux-tip-commits
Cc: Alexander Shishkin, Peter Zijlstra (Intel),
Arnaldo Carvalho de Melo, David Ahern, Jiri Olsa, Linus Torvalds,
Mark Rutland, Namhyung Kim, Stephane Eranian, Thomas Gleixner,
Vince Weaver, Ingo Molnar, Borislav Petkov, linux-kernel
The following commit has been merged into the perf/urgent branch of tip:
Commit-ID: 00496fe5e09e8c8bb115540e7e3470553cd07a5c
Gitweb: https://git.kernel.org/tip/00496fe5e09e8c8bb115540e7e3470553cd07a5c
Author: Alexander Shishkin <alexander.shishkin@linux.intel.com>
AuthorDate: Fri, 01 Nov 2019 17:12:48 +02:00
Committer: Ingo Molnar <mingo@kernel.org>
CommitterDate: Wed, 13 Nov 2019 08:16:40 +01:00
perf/aux: Fix the aux_output group inheritance fix
Commit
f733c6b508bc ("perf/core: Fix inheritance of aux_output groups")
adds a NULL pointer dereference in case inherit_group() races with
perf_release(), which causes the below crash:
> BUG: kernel NULL pointer dereference, address: 000000000000010b
> #PF: supervisor read access in kernel mode
> #PF: error_code(0x0000) - not-present page
> PGD 3b203b067 P4D 3b203b067 PUD 3b2040067 PMD 0
> Oops: 0000 [#1] SMP KASAN
> CPU: 0 PID: 315 Comm: exclusive-group Tainted: G B 5.4.0-rc3-00181-g72e1839403cb-dirty #878
> RIP: 0010:perf_get_aux_event+0x86/0x270
> Call Trace:
> ? __perf_read_group_add+0x3b0/0x3b0
> ? __kasan_check_write+0x14/0x20
> ? __perf_event_init_context+0x154/0x170
> inherit_task_group.isra.0.part.0+0x14b/0x170
> perf_event_init_task+0x296/0x4b0
Fix this by skipping over events that are getting closed, in the
inheritance path.
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vince Weaver <vincent.weaver@maine.edu>
Fixes: f733c6b508bc ("perf/core: Fix inheritance of aux_output groups")
Link: https://lkml.kernel.org/r/20191101151248.47327-1-alexander.shishkin@linux.intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
kernel/events/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/events/core.c b/kernel/events/core.c
index 022a34b..b752bd3 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -11899,7 +11899,7 @@ static int inherit_group(struct perf_event *parent_event,
if (IS_ERR(child_ctr))
return PTR_ERR(child_ctr);
- if (sub->aux_event == parent_event &&
+ if (sub->aux_event == parent_event && child_ctr &&
!perf_get_aux_event(child_ctr, leader))
return -EINVAL;
}
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-11-13 10:06 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-01 15:12 [PATCH] perf: Fix the aux_output group inheritance fix Alexander Shishkin
2019-11-07 8:08 ` Alexander Shishkin
2019-11-13 10:06 ` [tip: perf/urgent] perf/aux: " tip-bot2 for Alexander Shishkin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).