From: Peter Zijlstra Date: Wed, 25 Feb 2015 14:56:04 +0000 (+0100) Subject: perf: Fix racy group access X-Git-Tag: firefly_0821_release~176^2~1816^2~60 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=ccd41c86ad4d464d0ed4e48d80759ff85c2115b0;p=firefly-linux-kernel-4.4.55.git perf: Fix racy group access While looking at some fuzzer output I noticed that we do not hold any locks on leader->ctx and therefore the sibling_list iteration is unsafe. Acquire the relevant ctx->mutex before calling into the pmu specific code. Signed-off-by: Peter Zijlstra (Intel) Cc: Vince Weaver Cc: Jiri Olsa Cc: Sasha Levin Link: http://lkml.kernel.org/r/20150225151639.GL5029@twins.programming.kicks-ass.net Signed-off-by: Ingo Molnar --- diff --git a/kernel/events/core.c b/kernel/events/core.c index b01dfb602db1..bb1a7c36e794 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -7036,12 +7036,23 @@ EXPORT_SYMBOL_GPL(perf_pmu_unregister); static int perf_try_init_event(struct pmu *pmu, struct perf_event *event) { + struct perf_event_context *ctx = NULL; int ret; if (!try_module_get(pmu->module)) return -ENODEV; + + if (event->group_leader != event) { + ctx = perf_event_ctx_lock(event->group_leader); + BUG_ON(!ctx); + } + event->pmu = pmu; ret = pmu->event_init(event); + + if (ctx) + perf_event_ctx_unlock(event->group_leader, ctx); + if (ret) module_put(pmu->module);