Re: BUG: KASAN: slab-out-of-bounds in perf_callchain_user+0x494/0x530

From: Peter Zijlstra
Date: Wed Dec 06 2017 - 11:40:23 EST


On Thu, Dec 07, 2017 at 12:49:57AM +0900, Namhyung Kim wrote:

> So, are you ok with this?

yeah, that should work.

> diff --git a/kernel/events/callchain.c b/kernel/events/callchain.c
> index 1b2be63c8528..ee0ba22d3993 100644
> --- a/kernel/events/callchain.c
> +++ b/kernel/events/callchain.c
> @@ -137,8 +137,11 @@ int get_callchain_buffers(int event_max_stack)
>
> err = alloc_callchain_buffers();
> exit:
> - if (err)
> - atomic_dec(&nr_callchain_events);
> + if (err) {
> + /* might race with put_callchain_buffers() */
> + if (atomic_dec_and_test(&nr_callchain_events))
> + release_callchain_buffers();
> + }
>
> mutex_unlock(&callchain_mutex);
>