From ac43b10b632fac3412f18100e463e2129318bd3a Mon Sep 17 00:00:00 2001 From: Amulya Y Date: Fri, 6 Apr 2018 15:42:31 -0700 Subject: perf: Fix race in swevent hash There's a race on CPU unplug where we free the swevent hash array while it can still have events on. This will result in a use-after-free which is BAD. Simply do not free the hash array on unplug. This leaves the thing around and no use-after-free takes place. When the last swevent dies, we do a for_each_possible_cpu() iteration anyway to clean these up, at which time we'll free it, so no leakage will occur. Bug 1823317 But 1935735 Change-Id: I309528873f8576f96663afbe51ce2739934df16c Reported-by: Sasha Levin Tested-by: Sasha Levin Signed-off-by: Peter Zijlstra (Intel) Cc: Arnaldo Carvalho de Melo Cc: Frederic Weisbecker Cc: Jiri Olsa Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Stephane Eranian Cc: Thomas Gleixner Cc: Vince Weaver Signed-off-by: Ingo Molnar Signed-off-by: Gagan Grover Signed-off-by: Amulya Yarlagadda Reviewed-on: http://git-master/r/1259934 (cherry picked from commit 5ea640855404df656d94bfa3990d8eba2b5f90f9) Reviewed-on: https://git-master.nvidia.com/r/1690284 GVS: Gerrit_Virtual_Submit Reviewed-by: Bibek Basu Reviewed-by: Winnie Hsu --- kernel/events/core.c | 6 ------ 1 file changed, 6 deletions(-) (limited to 'kernel') diff --git a/kernel/events/core.c b/kernel/events/core.c index f8eb2b154bdb..be3b4cc87eeb 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -7450,13 +7450,7 @@ static void perf_event_exit_cpu_context(int cpu) static void perf_event_exit_cpu(int cpu) { - struct swevent_htable *swhash = &per_cpu(swevent_htable, cpu); - perf_event_exit_cpu_context(cpu); - - mutex_lock(&swhash->hlist_mutex); - swevent_hlist_release(swhash); - mutex_unlock(&swhash->hlist_mutex); } #else static inline void perf_event_exit_cpu(int cpu) { } -- cgit v1.2.3