Re: [PATCH v3 00/15] perf: Convert mmap() related reference counts to refcount_t
From: Lorenzo Stoakes
Date: Wed Aug 13 2025 - 03:15:13 EST
On Tue, Aug 12, 2025 at 12:38:58PM +0200, Peter Zijlstra wrote:
> Took over the series from Thomas; much thanks to him for cleaning this up.
>
> The recently fixed reference count leaks could have been detected by using
> refcount_t and refcount_t would have mitigated the potential overflow at
> least.
>
> It turned out that converting the code as is does not work as the
> allocation code ends up doing a refcount_inc() for the first allocation,
> which causes refcount_t sanity checks to emit a UAF warning.
>
> The reason is that the code is sharing functionality at the wrong level and
> ends up being overly complicated for no reason. That's what inevitable led
> to the refcount leak problems.
>
> Address this by splitting the ringbuffer and the AUX buffer mapping and
> allocation parts out into seperate functions, which handle the reference
> counts in a sane way.
>
> That not only simplifies the code and makes it halfways comprehensible, but
> also allows to convert the mmap() related reference counts to refcount_t.
>
> It survives lightweight testing with perf and passes the perf/mmap
> selftest.
>
> Also available at:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/peterz/queue.git perf/core
>
> ---
> v2: https://lkml.kernel.org/r/20250811123458.050061356@xxxxxxxxxxxxx
>
> Changes vs v2:
> - replaced patches 4,5 with fine grained steps
>
Whole series LGTM, various nits/comments but nothing of importance.
I also build-checked every commit and checked the new mmap self test all
looks good.
Thanks for this guys, huge improvement! :)