* [PATCH] perf/core: make account/unaccount_sb_event consistent
@ 2016-06-01 19:33 David Carrillo-Cisneros
2016-06-07 9:15 ` Borislav Petkov
2016-06-08 8:52 ` [tip:perf/core] perf/core: Fix crash due to account/unaccount_sb_event() inconsistency tip-bot for David Carrillo-Cisneros
0 siblings, 2 replies; 3+ messages in thread
From: David Carrillo-Cisneros @ 2016-06-01 19:33 UTC (permalink / raw)
To: linux-kernel
Cc: x86, Ingo Molnar, Yan, Zheng, Andi Kleen, Kan Liang,
Peter Zijlstra, David Carrillo-Cisneros, Stephane Eranian
unaccount_pmu_sb_event did not check for attributes in event->attr
before calling detach_sb_event, while account_pmu_event did.
This caused NULL pointer reference in cgroup events that did not
have any of the attributes checked by account_pmu_event.
To trigger the bug just wait for a cgroup event to terminate, e.g.:
$ mkdir /dev/cgroup/devices/test
$ perf stat -e cycles -a -G test sleep 0
... see crash ...
Patch rebased on peterz/queue/perf/core .
Reviewed-by: Stephane Eranian <eranian@google.com>
Signed-off-by: David Carrillo-Cisneros <davidcc@google.com>
---
kernel/events/core.c | 34 ++++++++++++++++++----------------
1 file changed, 18 insertions(+), 16 deletions(-)
diff --git a/kernel/events/core.c b/kernel/events/core.c
index 1e48efc..6af0f01 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -3682,15 +3682,28 @@ static void detach_sb_event(struct perf_event *event)
raw_spin_unlock(&pel->lock);
}
-static void unaccount_pmu_sb_event(struct perf_event *event)
+static bool is_sb_event(struct perf_event *event)
{
+ struct perf_event_attr *attr = &event->attr;
+
if (event->parent)
- return;
+ return false;
if (event->attach_state & PERF_ATTACH_TASK)
- return;
+ return false;
- detach_sb_event(event);
+ if (attr->mmap || attr->mmap_data || attr->mmap2 ||
+ attr->comm || attr->comm_exec ||
+ attr->task ||
+ attr->context_switch)
+ return true;
+ return false;
+}
+
+static void unaccount_pmu_sb_event(struct perf_event *event)
+{
+ if (is_sb_event(event))
+ detach_sb_event(event);
}
static void unaccount_event_cpu(struct perf_event *event, int cpu)
@@ -8666,18 +8679,7 @@ static void attach_sb_event(struct perf_event *event)
*/
static void account_pmu_sb_event(struct perf_event *event)
{
- struct perf_event_attr *attr = &event->attr;
-
- if (event->parent)
- return;
-
- if (event->attach_state & PERF_ATTACH_TASK)
- return;
-
- if (attr->mmap || attr->mmap_data || attr->mmap2 ||
- attr->comm || attr->comm_exec ||
- attr->task ||
- attr->context_switch)
+ if (is_sb_event(event))
attach_sb_event(event);
}
--
2.8.0.rc3.226.g39d4020
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] perf/core: make account/unaccount_sb_event consistent
2016-06-01 19:33 [PATCH] perf/core: make account/unaccount_sb_event consistent David Carrillo-Cisneros
@ 2016-06-07 9:15 ` Borislav Petkov
2016-06-08 8:52 ` [tip:perf/core] perf/core: Fix crash due to account/unaccount_sb_event() inconsistency tip-bot for David Carrillo-Cisneros
1 sibling, 0 replies; 3+ messages in thread
From: Borislav Petkov @ 2016-06-07 9:15 UTC (permalink / raw)
To: David Carrillo-Cisneros
Cc: linux-kernel, x86, Ingo Molnar, Yan, Zheng, Andi Kleen,
Kan Liang, Peter Zijlstra, Stephane Eranian
On Wed, Jun 01, 2016 at 12:33:05PM -0700, David Carrillo-Cisneros wrote:
> unaccount_pmu_sb_event did not check for attributes in event->attr
> before calling detach_sb_event, while account_pmu_event did.
>
> This caused NULL pointer reference in cgroup events that did not
> have any of the attributes checked by account_pmu_event.
>
> To trigger the bug just wait for a cgroup event to terminate, e.g.:
>
> $ mkdir /dev/cgroup/devices/test
> $ perf stat -e cycles -a -G test sleep 0
>
> ... see crash ...
>
> Patch rebased on peterz/queue/perf/core .
>
> Reviewed-by: Stephane Eranian <eranian@google.com>
> Signed-off-by: David Carrillo-Cisneros <davidcc@google.com>
> ---
> kernel/events/core.c | 34 ++++++++++++++++++----------------
> 1 file changed, 18 insertions(+), 16 deletions(-)
Tested-by: Borislav Petkov <bp@suse.de>
--
Regards/Gruss,
Boris.
ECO tip #101: Trim your mails when you reply.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [tip:perf/core] perf/core: Fix crash due to account/unaccount_sb_event() inconsistency
2016-06-01 19:33 [PATCH] perf/core: make account/unaccount_sb_event consistent David Carrillo-Cisneros
2016-06-07 9:15 ` Borislav Petkov
@ 2016-06-08 8:52 ` tip-bot for David Carrillo-Cisneros
1 sibling, 0 replies; 3+ messages in thread
From: tip-bot for David Carrillo-Cisneros @ 2016-06-08 8:52 UTC (permalink / raw)
To: linux-tip-commits
Cc: jolsa, alexander.shishkin, acme, mingo, torvalds, davidcc, hpa,
linux-kernel, tglx, eranian, peterz, zheng.z.yan, kan.liang
Commit-ID: a4f144ebbdf6f7807c477bce8e136047ed27321f
Gitweb: http://git.kernel.org/tip/a4f144ebbdf6f7807c477bce8e136047ed27321f
Author: David Carrillo-Cisneros <davidcc@google.com>
AuthorDate: Wed, 1 Jun 2016 12:33:05 -0700
Committer: Ingo Molnar <mingo@kernel.org>
CommitDate: Wed, 8 Jun 2016 09:18:45 +0200
perf/core: Fix crash due to account/unaccount_sb_event() inconsistency
unaccount_pmu_sb_event() did not check for attributes in event->attr
before calling detach_sb_event(), while account_pmu_event() did.
This caused NULL pointer reference in cgroup events that did not
have any of the attributes checked by account_pmu_event().
To trigger the bug just wait for a cgroup event to terminate, e.g.:
$ mkdir /dev/cgroup/devices/test
$ perf stat -e cycles -a -G test sleep 0
... see crash ...
Signed-off-by: David Carrillo-Cisneros <davidcc@google.com>
Reviewed-by: Stephane Eranian <eranian@google.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Kan Liang <kan.liang@intel.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Zheng <zheng.z.yan@intel.com>
Link: http://lkml.kernel.org/r/1464809585-66072-1-git-send-email-davidcc@google.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
kernel/events/core.c | 34 ++++++++++++++++++----------------
1 file changed, 18 insertions(+), 16 deletions(-)
diff --git a/kernel/events/core.c b/kernel/events/core.c
index 5d48306..ae081a1 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -3682,15 +3682,28 @@ static void detach_sb_event(struct perf_event *event)
raw_spin_unlock(&pel->lock);
}
-static void unaccount_pmu_sb_event(struct perf_event *event)
+static bool is_sb_event(struct perf_event *event)
{
+ struct perf_event_attr *attr = &event->attr;
+
if (event->parent)
- return;
+ return false;
if (event->attach_state & PERF_ATTACH_TASK)
- return;
+ return false;
- detach_sb_event(event);
+ if (attr->mmap || attr->mmap_data || attr->mmap2 ||
+ attr->comm || attr->comm_exec ||
+ attr->task ||
+ attr->context_switch)
+ return true;
+ return false;
+}
+
+static void unaccount_pmu_sb_event(struct perf_event *event)
+{
+ if (is_sb_event(event))
+ detach_sb_event(event);
}
static void unaccount_event_cpu(struct perf_event *event, int cpu)
@@ -8666,18 +8679,7 @@ static void attach_sb_event(struct perf_event *event)
*/
static void account_pmu_sb_event(struct perf_event *event)
{
- struct perf_event_attr *attr = &event->attr;
-
- if (event->parent)
- return;
-
- if (event->attach_state & PERF_ATTACH_TASK)
- return;
-
- if (attr->mmap || attr->mmap_data || attr->mmap2 ||
- attr->comm || attr->comm_exec ||
- attr->task ||
- attr->context_switch)
+ if (is_sb_event(event))
attach_sb_event(event);
}
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-06-08 8:52 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-06-01 19:33 [PATCH] perf/core: make account/unaccount_sb_event consistent David Carrillo-Cisneros
2016-06-07 9:15 ` Borislav Petkov
2016-06-08 8:52 ` [tip:perf/core] perf/core: Fix crash due to account/unaccount_sb_event() inconsistency tip-bot for David Carrillo-Cisneros
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).