Re: [PATCH] bpf: fix a race between perf_event_fd and kprobe freeing
On 5/15/15 3:52 AM, Wang Nan wrote: According to Alexei Starovoitov (http://lkml.org/lkml/2015/5/15/29), there is racing between perf_event_fd and kprobe freeing: ... And he suggest to call perf_event_free_bpf_prog() from __free_event() instead of free_event_rcu() will fix the race, ... @@ -3564,6 +3563,8 @@ static void __free_event(struct perf_event *event) module_put(event->pmu->module); } + perf_event_free_bpf_prog(event); + call_rcu(>rcu_head, free_event_rcu); } I don't think that's the right place. It needs to be before destroy(). I will send a patch soon. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH] bpf: fix a race between perf_event_fd and kprobe freeing
According to Alexei Starovoitov (http://lkml.org/lkml/2015/5/15/29), there is racing between perf_event_fd and kprobe freeing: __free_event() event->destroy(event) perf_trace_destroy perf_trace_event_unreg which is dropping event->tp_event->perf_refcount that allows kprobe freeing to proceed in: unregister_kprobe_event trace_remove_event_call probe_remove_event_call and eventually tp_event to get freed. And he suggest to call perf_event_free_bpf_prog() from __free_event() instead of free_event_rcu() will fix the race, Signed-off-by: Wang Nan --- Hi Alexei Starovoitov, I tried this patch with identical operations and unable to reproduce the problem anymore. I think your analysis is right. However, I heavn't carefully check the base principle. Could you please check it in your environment? Thank you. --- kernel/events/core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kernel/events/core.c b/kernel/events/core.c index 81aa3a4..e1f2d5c 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -3422,7 +3422,6 @@ static void free_event_rcu(struct rcu_head *head) if (event->ns) put_pid_ns(event->ns); perf_event_free_filter(event); - perf_event_free_bpf_prog(event); kfree(event); } @@ -3564,6 +3563,8 @@ static void __free_event(struct perf_event *event) module_put(event->pmu->module); } + perf_event_free_bpf_prog(event); + call_rcu(>rcu_head, free_event_rcu); } -- 1.8.3.4 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH] bpf: fix a race between perf_event_fd and kprobe freeing
According to Alexei Starovoitov (http://lkml.org/lkml/2015/5/15/29), there is racing between perf_event_fd and kprobe freeing: __free_event() event-destroy(event) perf_trace_destroy perf_trace_event_unreg which is dropping event-tp_event-perf_refcount that allows kprobe freeing to proceed in: unregister_kprobe_event trace_remove_event_call probe_remove_event_call and eventually tp_event to get freed. And he suggest to call perf_event_free_bpf_prog() from __free_event() instead of free_event_rcu() will fix the race, Signed-off-by: Wang Nan wangn...@huawei.com --- Hi Alexei Starovoitov, I tried this patch with identical operations and unable to reproduce the problem anymore. I think your analysis is right. However, I heavn't carefully check the base principle. Could you please check it in your environment? Thank you. --- kernel/events/core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kernel/events/core.c b/kernel/events/core.c index 81aa3a4..e1f2d5c 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -3422,7 +3422,6 @@ static void free_event_rcu(struct rcu_head *head) if (event-ns) put_pid_ns(event-ns); perf_event_free_filter(event); - perf_event_free_bpf_prog(event); kfree(event); } @@ -3564,6 +3563,8 @@ static void __free_event(struct perf_event *event) module_put(event-pmu-module); } + perf_event_free_bpf_prog(event); + call_rcu(event-rcu_head, free_event_rcu); } -- 1.8.3.4 -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] bpf: fix a race between perf_event_fd and kprobe freeing
On 5/15/15 3:52 AM, Wang Nan wrote: According to Alexei Starovoitov (http://lkml.org/lkml/2015/5/15/29), there is racing between perf_event_fd and kprobe freeing: ... And he suggest to call perf_event_free_bpf_prog() from __free_event() instead of free_event_rcu() will fix the race, ... @@ -3564,6 +3563,8 @@ static void __free_event(struct perf_event *event) module_put(event-pmu-module); } + perf_event_free_bpf_prog(event); + call_rcu(event-rcu_head, free_event_rcu); } I don't think that's the right place. It needs to be before destroy(). I will send a patch soon. -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
