[tip:perf/core] perf tools: Fix race in build_id_cache__add_s()

From: tip-bot for Milos Vyletel
Date: Sun Mar 22 2015 - 06:14:08 EST

Next message: tip-bot for Wang Nan: "[tip:perf/core] perf tools: Don' t allow empty argument for field-separator"
Previous message: tip-bot for Wang Nan: "[tip:perf/core] perf report: Don't allow empty argument for '-t'."
In reply to: Arnaldo Carvalho de Melo: "Re: [PATCH] perf: fix race in build_id_cache__add_s()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Commit-ID: 0635b0f71424be7706793ac260d063491a2889a0
Gitweb: http://git.kernel.org/tip/0635b0f71424be7706793ac260d063491a2889a0
Author: Milos Vyletel <milos@xxxxxxxxxx>
AuthorDate: Fri, 20 Mar 2015 11:37:25 +0100
Committer: Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>
CommitDate: Fri, 20 Mar 2015 17:49:50 -0300

perf tools: Fix race in build_id_cache__add_s()

int build_id_cache__add_s(const char *sbuild_id, const char *debugdir,
const char *name, bool is_kallsyms, bool is_vdso)
{
...
if (access(filename, F_OK)) {
^--------------------------------------------------------- [1]
if (is_kallsyms) {
if (copyfile("/proc/kallsyms", filename))
goto out_free;
} else if (link(realname, filename) && copyfile(name, filename))
^-----------------------------^------------- [2]
\------------ [3]
goto out_free;
}
...

When multiple instances of perf record get to [1] at more or less same time and
run access() one or more may get failure because the file does not exist yet
(since the first instance did not have chance to link it yet).

At this point the race moves to link() at [2] where first thread to get
there links file and goes on but second one gets -EEXIST so it runs
copyfile [3] which truncates the file.

reproducer:

rm -rf /root/.debug
for cpu in $(awk '/processor/ {print $3}' /proc/cpuinfo); do
perf record -a -v -T -F 1000 -C $cpu \
-o perf-${cpu}.data sleep 5 2> /dev/null &
done
wait

and simply search for empty files by:

find /lib/modules/`uname -r`/kernel/* -size 0

Signed-off-by: Milos Vyletel <milos@xxxxxxxxxx>
Acked-by: Jiri Olsa <jolsa@xxxxxxxxxx>
Cc: Namhyung Kim <namhyung@xxxxxxxxxx>
Cc: Paul Mackerras <paulus@xxxxxxxxx>
Cc: Peter Zijlstra <a.p.zijlstra@xxxxxxxxx>
Cc: Stephane Eranian <eranian@xxxxxxxxxx>
Link: http://lkml.kernel.org/r/1426847846-11112-1-git-send-email-milos@xxxxxxxxxx
Signed-off-by: Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>
---
tools/perf/util/build-id.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tools/perf/util/build-id.c b/tools/perf/util/build-id.c
index a196746..f7fb258 100644
--- a/tools/perf/util/build-id.c
+++ b/tools/perf/util/build-id.c
@@ -374,7 +374,8 @@ int build_id_cache__add_s(const char *sbuild_id, const char *name,
if (is_kallsyms) {
if (copyfile("/proc/kallsyms", filename))
goto out_free;
- } else if (link(realname, filename) && copyfile(name, filename))
+ } else if (link(realname, filename) && errno != EEXIST &&
+ copyfile(name, filename))
goto out_free;
}

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: tip-bot for Wang Nan: "[tip:perf/core] perf tools: Don' t allow empty argument for field-separator"
Previous message: tip-bot for Wang Nan: "[tip:perf/core] perf report: Don't allow empty argument for '-t'."
In reply to: Arnaldo Carvalho de Melo: "Re: [PATCH] perf: fix race in build_id_cache__add_s()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]