Re: [PATCH 1/4] perf: Fix failing inherit_event() doing extra refcount decrement on parent

From: Peter Zijlstra
Date: Thu Apr 24 2025 - 12:17:00 EST

Next message: David Lechner: "Re: [PATCH v5] iio: adc: stm32: add oversampling support"
Previous message: Michael Liang: "[PATCH v3 0/1] nvme-tcp: wait socket wmem to drain in queue stop"
In reply to: Frederic Weisbecker: "[PATCH 1/4] perf: Fix failing inherit_event() doing extra refcount decrement on parent"
Next in thread: Frederic Weisbecker: "[PATCH 2/4] perf: Fix irq work dereferencing garbage"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Apr 24, 2025 at 06:11:25PM +0200, Frederic Weisbecker wrote:
> When inherit_event() fails after the child allocation but before the
> parent refcount has been incremented, calling put_event() wrongly
> decrements the reference to the parent, risking to free it too early.
>
> Also pmu_get_event() can't be holding a reference to the child
> concurrently at this point since it is under pmus_srcu critical section.
>
> Fix it with restoring the deleted free_event() function and call it on
> the failing child in order to free it directly under the verified
> assumption that its refcount is only 1. The refcount to the parent is
> then voluntarily omitted.
>
> Fixes: da916e96e2de ("perf: Make perf_pmu_unregister() useable")
> Signed-off-by: Frederic Weisbecker <frederic@xxxxxxxxxx>

Bah, yes, another bad interaction between your fix and my patch :/

Next message: David Lechner: "Re: [PATCH v5] iio: adc: stm32: add oversampling support"
Previous message: Michael Liang: "[PATCH v3 0/1] nvme-tcp: wait socket wmem to drain in queue stop"
In reply to: Frederic Weisbecker: "[PATCH 1/4] perf: Fix failing inherit_event() doing extra refcount decrement on parent"
Next in thread: Frederic Weisbecker: "[PATCH 2/4] perf: Fix irq work dereferencing garbage"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]