In commit 1fd7e4169954 ("perf/core: Remove perf_cpu_context::unique_pmu"),
the search for another user of the pmu_cpu_context was removed, and so
we unconditionally free it during perf_pmu_unregister. This leads to
random corruption later and a BUG at mm/percpu.c:689.
v2: Check for shared pmu_contexts under the mutex.
Fixes: 1fd7e4169954 ("perf/core: Remove perf_cpu_context::unique_pmu")
Signed-off-by: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx>
Cc: David Carrillo-Cisneros <davidcc@xxxxxxxxxx>
Cc: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx>
Cc: Ingo Molnar <mingo@xxxxxxxxxx>
Cc: <stable@xxxxxxxxxxxxxxx> # v4.11+
---
kernel/events/core.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/kernel/events/core.c b/kernel/events/core.c
index aaefaa27e1a6..4f60f66b35ad 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -8983,10 +8983,12 @@ EXPORT_SYMBOL_GPL(perf_pmu_register);
void perf_pmu_unregister(struct pmu *pmu)
{
int remove_device;
+ int remove_context;
mutex_lock(&pmus_lock);
remove_device = pmu_bus_running;
list_del_rcu(&pmu->entry);
+ remove_context = !find_pmu_context(pmu->task_ctx_nr);
mutex_unlock(&pmus_lock);
/*
@@ -9005,7 +9007,8 @@ void perf_pmu_unregister(struct pmu *pmu)
device_del(pmu->dev);
put_device(pmu->dev);
}
- free_pmu_context(pmu);
+ if (remove_context)
+ free_pmu_context(pmu);
}
EXPORT_SYMBOL_GPL(perf_pmu_unregister);
--
2.11.0