Re: [PATCH tip] perf/events/core: fix race in bpf program unregister
From: Peter Zijlstra
Date: Wed May 20 2015 - 02:58:39 EST
On Tue, May 19, 2015 at 10:27:05PM -0700, Alexei Starovoitov wrote:
> On 5/15/15 12:15 PM, Alexei Starovoitov wrote:
> >there is a race between perf_event_free_bpf_prog() and free_trace_kprobe():
> >
> >__free_event()
> > event->destroy(event)
> > tp_perf_event_destroy()
> > perf_trace_destroy()
> > perf_trace_event_unreg()
> >
> >which is dropping event->tp_event->perf_refcount and allows to proceed in:
> >
> >unregister_trace_kprobe()
> > unregister_kprobe_event()
> > trace_remove_event_call()
> > probe_remove_event_call()
> >free_trace_kprobe()
> >
> >while __free_event does:
> >call_rcu(&event->rcu_head, free_event_rcu);
> > free_event_rcu()
> > perf_event_free_bpf_prog()
> >
> >To fix the race simply move perf_event_free_bpf_prog() before
> >event->destroy(), since event->tp_event is still valid at that point.
> >
> >Note, perf_trace_destroy() is not racing with trace_remove_event_call()
> >since they both grab event_mutex.
> >
> >Fixes: 2541517c32be ("tracing, perf: Implement BPF programs attached to kprobes")
> >Reported-by: Wang Nan <wangnan0@xxxxxxxxxx>
> >Signed-off-by: Alexei Starovoitov <ast@xxxxxxxxxxxx>
>
> ping.
> This is needed in 4.1.
Thanks, queued for perf/urgent.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/