[patch 3/4] perf: Plug potential memory leak in CPU_UP_PREPARE

From: Thomas Gleixner
Date: Tue Feb 09 2016 - 15:12:56 EST

Next message: Thomas Gleixner: "[patch 4/4] perf: Remove unused arguments from a bunch of functions"
Previous message: Thomas Gleixner: "[patch 2/4] perf: Remove the bogus and dangerous CPU_DOWN_FAILED hotplug state"
In reply to: Thomas Gleixner: "[patch 2/4] perf: Remove the bogus and dangerous CPU_DOWN_FAILED hotplug state"
Next in thread: Thomas Gleixner: "[patch 4/4] perf: Remove unused arguments from a bunch of functions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If CPU_UP_PREPARE is called it is not guaranteed, that a previously allocated
and assigned hash has been freed already, but perf_event_init_cpu()
unconditionally allocates and assignes a new hash if the swhash is referenced.
By overwriting the pointer the existing hash is not longer accessible.

Verify that there is no hash assigned on this cpu before allocating and
assigning a new one.

Signed-off-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
---
kernel/events/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -9206,7 +9206,7 @@ static void perf_event_init_cpu(int cpu)
struct swevent_htable *swhash = &per_cpu(swevent_htable, cpu);

mutex_lock(&swhash->hlist_mutex);
- if (swhash->hlist_refcount > 0) {
+ if (swhash->hlist_refcount > 0 && !swevent_hlist_deref(swhash)) {
struct swevent_hlist *hlist;

hlist = kzalloc_node(sizeof(*hlist), GFP_KERNEL, cpu_to_node(cpu));

Next message: Thomas Gleixner: "[patch 4/4] perf: Remove unused arguments from a bunch of functions"
Previous message: Thomas Gleixner: "[patch 2/4] perf: Remove the bogus and dangerous CPU_DOWN_FAILED hotplug state"
In reply to: Thomas Gleixner: "[patch 2/4] perf: Remove the bogus and dangerous CPU_DOWN_FAILED hotplug state"
Next in thread: Thomas Gleixner: "[patch 4/4] perf: Remove unused arguments from a bunch of functions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]