mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-16 18:26:42 +00:00
- Fix perf's AUX buffer serialization
- Prevent uninitialized struct members in perf's uprobes handling -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmbdaUMACgkQEsHwGGHe VUoo5hAAkDYx/gqFiU4Zqr4EXu6mfG5qFRnSE5PMsgGYDt1gE+dY6Xugs5vYa7uh AzzqcFLw46ZbrOjXv359WBxljYMQCnFI9SbP/1pAYqtUs1X1q3bMl6iuYbHU8DkB NHaSCmcyxPBLANezxka554pg0Yqsb/ME4tnxomVH65GosgfG4dxCOpGB8S1jB9Wt g8TeXn+pEYwn50wFOTA2MTy+OtwcJZxl1cPRLhJGywY20znJrU0OAFTySdZeAfjm 3ekMau9coXErmETsiTj5+B6ornWfCvGgYMFpZxj4lkWppJEoxEovzOauUSgkxEjZ qM056212tqfTYHVC6SO70mKkRcGQBD3FEQFi7+Ugv9GVIhzML5UN9z0eIKCNvcvU dWTCaFPPG1/WwlsKXKaaCJkvt6f+rGuL2zdyZczeiiKlcyvuABSZv/9DscxmhQUh 5n2ZfigNXTnjUj0c2LxjBuXFmHrdbLnz5IGVr/9Ux0euXSBWJR+1HNoGpWTSHFWy aHioF3rgPHMvV0YVzpzb5Arz+ldUEV+ymHwtWOGuxGAtyk7SydpkbKEqZ1AYXyUX FEeRP/ryYw8FxTOvsNvpB85X24YDG/LrUgJdX7fbYeZjlm6Nd8IpU8LKdyLTmhmg YuIENCa+U6RQZd1dsRW4SqdOuackRyjH4pcQqZsg5i4nNczH+Z4= =Alrr -----END PGP SIGNATURE----- Merge tag 'perf_urgent_for_v6.11_rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull perf fixes from Borislav Petkov: - Fix perf's AUX buffer serialization - Prevent uninitialized struct members in perf's uprobes handling * tag 'perf_urgent_for_v6.11_rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf/aux: Fix AUX buffer serialization uprobes: Use kzalloc to allocate xol area
This commit is contained in:
commit
e20398877b
@ -1255,8 +1255,9 @@ static void put_ctx(struct perf_event_context *ctx)
|
||||
* perf_event_context::mutex
|
||||
* perf_event::child_mutex;
|
||||
* perf_event_context::lock
|
||||
* perf_event::mmap_mutex
|
||||
* mmap_lock
|
||||
* perf_event::mmap_mutex
|
||||
* perf_buffer::aux_mutex
|
||||
* perf_addr_filters_head::lock
|
||||
*
|
||||
* cpu_hotplug_lock
|
||||
@ -6373,12 +6374,11 @@ static void perf_mmap_close(struct vm_area_struct *vma)
|
||||
event->pmu->event_unmapped(event, vma->vm_mm);
|
||||
|
||||
/*
|
||||
* rb->aux_mmap_count will always drop before rb->mmap_count and
|
||||
* event->mmap_count, so it is ok to use event->mmap_mutex to
|
||||
* serialize with perf_mmap here.
|
||||
* The AUX buffer is strictly a sub-buffer, serialize using aux_mutex
|
||||
* to avoid complications.
|
||||
*/
|
||||
if (rb_has_aux(rb) && vma->vm_pgoff == rb->aux_pgoff &&
|
||||
atomic_dec_and_mutex_lock(&rb->aux_mmap_count, &event->mmap_mutex)) {
|
||||
atomic_dec_and_mutex_lock(&rb->aux_mmap_count, &rb->aux_mutex)) {
|
||||
/*
|
||||
* Stop all AUX events that are writing to this buffer,
|
||||
* so that we can free its AUX pages and corresponding PMU
|
||||
@ -6395,7 +6395,7 @@ static void perf_mmap_close(struct vm_area_struct *vma)
|
||||
rb_free_aux(rb);
|
||||
WARN_ON_ONCE(refcount_read(&rb->aux_refcount));
|
||||
|
||||
mutex_unlock(&event->mmap_mutex);
|
||||
mutex_unlock(&rb->aux_mutex);
|
||||
}
|
||||
|
||||
if (atomic_dec_and_test(&rb->mmap_count))
|
||||
@ -6483,6 +6483,7 @@ static int perf_mmap(struct file *file, struct vm_area_struct *vma)
|
||||
struct perf_event *event = file->private_data;
|
||||
unsigned long user_locked, user_lock_limit;
|
||||
struct user_struct *user = current_user();
|
||||
struct mutex *aux_mutex = NULL;
|
||||
struct perf_buffer *rb = NULL;
|
||||
unsigned long locked, lock_limit;
|
||||
unsigned long vma_size;
|
||||
@ -6531,6 +6532,9 @@ static int perf_mmap(struct file *file, struct vm_area_struct *vma)
|
||||
if (!rb)
|
||||
goto aux_unlock;
|
||||
|
||||
aux_mutex = &rb->aux_mutex;
|
||||
mutex_lock(aux_mutex);
|
||||
|
||||
aux_offset = READ_ONCE(rb->user_page->aux_offset);
|
||||
aux_size = READ_ONCE(rb->user_page->aux_size);
|
||||
|
||||
@ -6681,6 +6685,8 @@ unlock:
|
||||
atomic_dec(&rb->mmap_count);
|
||||
}
|
||||
aux_unlock:
|
||||
if (aux_mutex)
|
||||
mutex_unlock(aux_mutex);
|
||||
mutex_unlock(&event->mmap_mutex);
|
||||
|
||||
/*
|
||||
|
@ -40,6 +40,7 @@ struct perf_buffer {
|
||||
struct user_struct *mmap_user;
|
||||
|
||||
/* AUX area */
|
||||
struct mutex aux_mutex;
|
||||
long aux_head;
|
||||
unsigned int aux_nest;
|
||||
long aux_wakeup; /* last aux_watermark boundary crossed by aux_head */
|
||||
|
@ -337,6 +337,8 @@ ring_buffer_init(struct perf_buffer *rb, long watermark, int flags)
|
||||
*/
|
||||
if (!rb->nr_pages)
|
||||
rb->paused = 1;
|
||||
|
||||
mutex_init(&rb->aux_mutex);
|
||||
}
|
||||
|
||||
void perf_aux_output_flag(struct perf_output_handle *handle, u64 flags)
|
||||
|
@ -1489,7 +1489,7 @@ static struct xol_area *__create_xol_area(unsigned long vaddr)
|
||||
struct xol_area *area;
|
||||
void *insns;
|
||||
|
||||
area = kmalloc(sizeof(*area), GFP_KERNEL);
|
||||
area = kzalloc(sizeof(*area), GFP_KERNEL);
|
||||
if (unlikely(!area))
|
||||
goto out;
|
||||
|
||||
@ -1499,7 +1499,6 @@ static struct xol_area *__create_xol_area(unsigned long vaddr)
|
||||
goto free_area;
|
||||
|
||||
area->xol_mapping.name = "[uprobes]";
|
||||
area->xol_mapping.fault = NULL;
|
||||
area->xol_mapping.pages = area->pages;
|
||||
area->pages[0] = alloc_page(GFP_HIGHUSER);
|
||||
if (!area->pages[0])
|
||||
|
Loading…
x
Reference in New Issue
Block a user