[tip:perf/core] perf/core: Fix crash due to account/unaccount_sb_event() inconsistency

tip-bot for David Carrillo-Cisneros <tipbot@xxxxxxxxx> · Wed, 8 Jun 2016 01:52:06 -0700

Commit-ID:  a4f144ebbdf6f7807c477bce8e136047ed27321f
Gitweb:     http://git.kernel.org/tip/a4f144ebbdf6f7807c477bce8e136047ed27321f
Author:     David Carrillo-Cisneros <davidcc@xxxxxxxxxx>
AuthorDate: Wed, 1 Jun 2016 12:33:05 -0700
Committer:  Ingo Molnar <mingo@xxxxxxxxxx>
CommitDate: Wed, 8 Jun 2016 09:18:45 +0200

perf/core: Fix crash due to account/unaccount_sb_event() inconsistency

unaccount_pmu_sb_event() did not check for attributes in event->attr
before calling detach_sb_event(), while account_pmu_event() did.

This caused NULL pointer reference in cgroup events that did not
have any of the attributes checked by account_pmu_event().

To trigger the bug just wait for a cgroup event to terminate, e.g.:

  $ mkdir /dev/cgroup/devices/test
  $ perf stat -e cycles -a -G test sleep 0

... see crash ...

Signed-off-by: David Carrillo-Cisneros <davidcc@xxxxxxxxxx>
Reviewed-by: Stephane Eranian <eranian@xxxxxxxxxx>
Cc: Alexander Shishkin <alexander.shishkin@xxxxxxxxxxxxxxx>
Cc: Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>
Cc: Jiri Olsa <jolsa@xxxxxxxxxx>
Cc: Kan Liang <kan.liang@xxxxxxxxx>
Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Cc: Zheng <zheng.z.yan@xxxxxxxxx>
Link: http://lkml.kernel.org/r/1464809585-66072-1-git-send-email-davidcc@xxxxxxxxxx
Signed-off-by: Ingo Molnar <mingo@xxxxxxxxxx>
---
 kernel/events/core.c | 34 ++++++++++++++++++----------------
 1 file changed, 18 insertions(+), 16 deletions(-)

diff --git a/kernel/events/core.c b/kernel/events/core.c
index 5d48306..ae081a1 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -3682,15 +3682,28 @@ static void detach_sb_event(struct perf_event *event)
 	raw_spin_unlock(&pel->lock);
 }
 
-static void unaccount_pmu_sb_event(struct perf_event *event)
+static bool is_sb_event(struct perf_event *event)
 {
+	struct perf_event_attr *attr = &event->attr;
+
 	if (event->parent)
-		return;
+		return false;
 
 	if (event->attach_state & PERF_ATTACH_TASK)
-		return;
+		return false;
 
-	detach_sb_event(event);
+	if (attr->mmap || attr->mmap_data || attr->mmap2 ||
+	    attr->comm || attr->comm_exec ||
+	    attr->task ||
+	    attr->context_switch)
+		return true;
+	return false;
+}
+
+static void unaccount_pmu_sb_event(struct perf_event *event)
+{
+	if (is_sb_event(event))
+		detach_sb_event(event);
 }
 
 static void unaccount_event_cpu(struct perf_event *event, int cpu)
@@ -8666,18 +8679,7 @@ static void attach_sb_event(struct perf_event *event)
  */
 static void account_pmu_sb_event(struct perf_event *event)
 {
-	struct perf_event_attr *attr = &event->attr;
-
-	if (event->parent)
-		return;
-
-	if (event->attach_state & PERF_ATTACH_TASK)
-		return;
-
-	if (attr->mmap || attr->mmap_data || attr->mmap2 ||
-	    attr->comm || attr->comm_exec ||
-	    attr->task ||
-	    attr->context_switch)
+	if (is_sb_event(event))
 		attach_sb_event(event);
 }
 
--
To unsubscribe from this list: send the line "unsubscribe linux-tip-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


