Commit 828b6f0e authored by Peter Zijlstra's avatar Peter Zijlstra Committed by Ingo Molnar

perf: Fix NULL deref

Dan reported:

  1229                  if (ctx->task == TASK_TOMBSTONE ||
  1230                      !atomic_inc_not_zero(&ctx->refcount)) {
  1231                          raw_spin_unlock(&ctx->lock);
  1232                          ctx = NULL;
                                ^^^^^^^^^^
ctx is NULL.

  1233                  }
  1234
  1235                  WARN_ON_ONCE(ctx->task != task);
                                     ^^^^^^^^^^^^^^^^^
The patch adds a NULL dereference.
Reported-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vince Weaver <vincent.weaver@maine.edu>
Fixes: 63b6da39 ("perf: Fix perf_event_exit_task() race")
Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
parent 8f04b853
...@@ -1230,10 +1230,10 @@ perf_lock_task_context(struct task_struct *task, int ctxn, unsigned long *flags) ...@@ -1230,10 +1230,10 @@ perf_lock_task_context(struct task_struct *task, int ctxn, unsigned long *flags)
!atomic_inc_not_zero(&ctx->refcount)) { !atomic_inc_not_zero(&ctx->refcount)) {
raw_spin_unlock(&ctx->lock); raw_spin_unlock(&ctx->lock);
ctx = NULL; ctx = NULL;
} } else {
WARN_ON_ONCE(ctx->task != task); WARN_ON_ONCE(ctx->task != task);
} }
}
rcu_read_unlock(); rcu_read_unlock();
if (!ctx) if (!ctx)
local_irq_restore(*flags); local_irq_restore(*flags);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment