Re: [perf] more perf_fuzzer memory corruption

From: Vince Weaver
Date: Thu May 01 2014 - 17:29:25 EST

Next message: Kees Cook: "[PATCH v3 0/4] sysctl: fix incorrect write position handling"
Previous message: Kees Cook: "[PATCH 4/4] test: validate sysctl_writes_strict"
In reply to: Vince Weaver: "Re: [perf] more perf_fuzzer memory corruption"
Next in thread: Peter Zijlstra: "Re: [perf] more perf_fuzzer memory corruption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

OK, with the following patch I've been running the problem test case for
an hour without triggering the bug.

I'm sure this is the wrong fix (maybe patching over the problem istead of
fixing the root cause), but it works for me.

It looks like this whole mess got introduced with 76e1d9047 in Linux
2.6.35 when the swevent code was converted to use a hashed list.

Signed-off-by: Vince Weaver <vincent.weaver@xxxxxxxxx>

diff --git a/kernel/events/core.c b/kernel/events/core.c
index f83a71a..970d711 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -5775,6 +5800,11 @@ static void sw_perf_event_destroy(struct perf_event *event)

WARN_ON(event->parent);

+ perf_pmu_disable(event->pmu);
+ if ((event->hlist_entry.pprev) && (event->hlist_entry.pprev!=LIST_POISON2))
+ event->pmu->del(event, 0);
+ perf_pmu_enable(event->pmu);
+
static_key_slow_dec(&perf_swevent_enabled[event_id]);
swevent_hlist_put(event);
}
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Kees Cook: "[PATCH v3 0/4] sysctl: fix incorrect write position handling"
Previous message: Kees Cook: "[PATCH 4/4] test: validate sysctl_writes_strict"
In reply to: Vince Weaver: "Re: [perf] more perf_fuzzer memory corruption"
Next in thread: Peter Zijlstra: "Re: [perf] more perf_fuzzer memory corruption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]