From: David Carrillo-Cisneros Date: Wed, 1 Jun 2016 19:33:05 +0000 (-0700) Subject: perf/core: Fix crash due to account/unaccount_sb_event() inconsistency X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=a4f144ebbdf6f7807c477bce8e136047ed27321f;p=GitHub%2FLineageOS%2FG12%2Fandroid_kernel_amlogic_linux-4.9.git perf/core: Fix crash due to account/unaccount_sb_event() inconsistency unaccount_pmu_sb_event() did not check for attributes in event->attr before calling detach_sb_event(), while account_pmu_event() did. This caused NULL pointer reference in cgroup events that did not have any of the attributes checked by account_pmu_event(). To trigger the bug just wait for a cgroup event to terminate, e.g.: $ mkdir /dev/cgroup/devices/test $ perf stat -e cycles -a -G test sleep 0 ... see crash ... Signed-off-by: David Carrillo-Cisneros Reviewed-by: Stephane Eranian Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Kan Liang Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: Zheng Link: http://lkml.kernel.org/r/1464809585-66072-1-git-send-email-davidcc@google.com Signed-off-by: Ingo Molnar --- diff --git a/kernel/events/core.c b/kernel/events/core.c index 5d48306879d5..ae081a141a4a 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -3682,15 +3682,28 @@ static void detach_sb_event(struct perf_event *event) raw_spin_unlock(&pel->lock); } -static void unaccount_pmu_sb_event(struct perf_event *event) +static bool is_sb_event(struct perf_event *event) { + struct perf_event_attr *attr = &event->attr; + if (event->parent) - return; + return false; if (event->attach_state & PERF_ATTACH_TASK) - return; + return false; - detach_sb_event(event); + if (attr->mmap || attr->mmap_data || attr->mmap2 || + attr->comm || attr->comm_exec || + attr->task || + attr->context_switch) + return true; + return false; +} + +static void unaccount_pmu_sb_event(struct perf_event *event) +{ + if (is_sb_event(event)) + detach_sb_event(event); } static void unaccount_event_cpu(struct perf_event *event, int cpu) @@ -8666,18 +8679,7 @@ static void attach_sb_event(struct perf_event *event) */ static void account_pmu_sb_event(struct perf_event *event) { - struct perf_event_attr *attr = &event->attr; - - if (event->parent) - return; - - if (event->attach_state & PERF_ATTACH_TASK) - return; - - if (attr->mmap || attr->mmap_data || attr->mmap2 || - attr->comm || attr->comm_exec || - attr->task || - attr->context_switch) + if (is_sb_event(event)) attach_sb_event(event); }