[PATCH 1/1] perf: Prevent race in PERF_SAMPLE_READ group format sample output

From: Jiri Olsa
Date: Wed Jun 25 2014 - 14:45:04 EST


From: Jiri Olsa <jolsa@xxxxxxxxxx>

While iterating siblings in perf_output_read_group we could
race with addition and removal of sibling in perf_group_attach
and perf_group_detach respective.

While in perf_output_read_group we are under active context,
so the only sibling_list modification could come via IPI in:
perf_install_in_context or perf_remove_from_context

Disable interrupts before iterating siblings to prevent
this race.

Cc: Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>
Cc: Corey Ashford <cjashfor@xxxxxxxxxxxxxxxxxx>
Cc: Frederic Weisbecker <fweisbec@xxxxxxxxx>
Cc: Ingo Molnar <mingo@xxxxxxxxxx>
Cc: Paul Mackerras <paulus@xxxxxxxxx>
Cc: Peter Zijlstra <a.p.zijlstra@xxxxxxxxx>
Signed-off-by: Jiri Olsa <jolsa@xxxxxxxxxx>
---
kernel/events/core.c | 11 +++++++++++
1 file changed, 11 insertions(+)

diff --git a/kernel/events/core.c b/kernel/events/core.c
index a33d9a2b..66649d3 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -4509,6 +4509,7 @@ static void perf_output_read_group(struct perf_output_handle *handle,
{
struct perf_event *leader = event->group_leader, *sub;
u64 read_format = event->attr.read_format;
+ unsigned long flags;
u64 values[5];
int n = 0;

@@ -4529,6 +4530,15 @@ static void perf_output_read_group(struct perf_output_handle *handle,

__output_copy(handle, values, n * sizeof(u64));

+ /*
+ * We are now under active context, so the only sibling_list
+ * modification could come via IPI in:
+ * perf_install_in_context and perf_remove_from_context
+ *
+ * Disable interrupts to prevent this race.
+ */
+ local_irq_save(flags);
+
list_for_each_entry(sub, &leader->sibling_list, group_entry) {
n = 0;

@@ -4542,6 +4552,7 @@ static void perf_output_read_group(struct perf_output_handle *handle,

__output_copy(handle, values, n * sizeof(u64));
}
+ local_irq_restore(flags);
}

#define PERF_FORMAT_TOTAL_TIMES (PERF_FORMAT_TOTAL_TIME_ENABLED|\
--
1.8.3.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/