[tip:perf/urgent] perf events: Fix ring_buffer_wakeup() brown paperbag bug
From: tip-bot for Will Deacon
Date: Wed Dec 14 2011 - 05:22:19 EST
Commit-ID: 44b7f4b98d8877e2a4427f2a2f2e42ae8227a58f
Gitweb: http://git.kernel.org/tip/44b7f4b98d8877e2a4427f2a2f2e42ae8227a58f
Author: Will Deacon <will.deacon@xxxxxxx>
AuthorDate: Tue, 13 Dec 2011 20:40:45 +0100
Committer: Ingo Molnar <mingo@xxxxxxx>
CommitDate: Wed, 14 Dec 2011 08:44:53 +0100
perf events: Fix ring_buffer_wakeup() brown paperbag bug
Commit 10c6db11 ("perf: Fix loss of notification with multi-event")
seems to unconditionally dereference event->rb in the wakeup handler,
this is wrong, there might not be a buffer attached.
Signed-off-by: Will Deacon <will.deacon@xxxxxxx>
Signed-off-by: Peter Zijlstra <a.p.zijlstra@xxxxxxxxx>
Link: http://lkml.kernel.org/r/20111213152651.GP20297@xxxxxxxxxxxxxxxxxxxxxxxxxx
[ minor edits ]
Signed-off-by: Ingo Molnar <mingo@xxxxxxx>
---
kernel/events/core.c | 8 ++++++--
1 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/kernel/events/core.c b/kernel/events/core.c
index d3b9df5..58690af 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -3558,9 +3558,13 @@ static void ring_buffer_wakeup(struct perf_event *event)
rcu_read_lock();
rb = rcu_dereference(event->rb);
- list_for_each_entry_rcu(event, &rb->event_list, rb_entry) {
+ if (!rb)
+ goto unlock;
+
+ list_for_each_entry_rcu(event, &rb->event_list, rb_entry)
wake_up_all(&event->waitq);
- }
+
+unlock:
rcu_read_unlock();
}
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/