[RFC 1/3] perf: Add new late event free callback
From: Tvrtko Ursulin
Date: Mon Jan 15 2024 - 12:01:55 EST
From: Tvrtko Ursulin <tvrtko.ursulin@xxxxxxxxx>
This allows drivers to implement a PMU with support for unbinding the
device, for example by making event->pmu reference counted on the driver
side and its lifetime matching the struct perf_event init/free.
Otherwise, if an open perf fd is kept past driver unbind, the perf code
can dereference the potentially freed struct pmu from the _free_event
steps which follow the existing destroy callback.
TODO/FIXME/QQQ:
A simpler version could be to simply move the ->destroy() callback to
later in _free_event(). However a comment there claims there are steps
which need to run after the existing destroy callbacks, hence I opted for
an initially cautious approach.
Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@xxxxxxxxx>
Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
Cc: Umesh Nerlige Ramappa <umesh.nerlige.ramappa@xxxxxxxxx>
Cc: Aravind Iddamsetty <aravind.iddamsetty@xxxxxxxxxxxxxxx>
---
include/linux/perf_event.h | 1 +
kernel/events/core.c | 13 +++++++++++--
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h
index 5547ba68e6e4..a567d2d98be1 100644
--- a/include/linux/perf_event.h
+++ b/include/linux/perf_event.h
@@ -799,6 +799,7 @@ struct perf_event {
struct perf_event *aux_event;
void (*destroy)(struct perf_event *);
+ void (*free)(struct perf_event *);
struct rcu_head rcu_head;
struct pid_namespace *ns;
diff --git a/kernel/events/core.c b/kernel/events/core.c
index a64165af45c1..4b62d2201ca7 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -5242,6 +5242,9 @@ static void _free_event(struct perf_event *event)
exclusive_event_destroy(event);
module_put(event->pmu->module);
+ if (event->free)
+ event->free(event);
+
call_rcu(&event->rcu_head, free_event_rcu);
}
@@ -11662,8 +11665,12 @@ static int perf_try_init_event(struct pmu *pmu, struct perf_event *event)
event_has_any_exclude_flag(event))
ret = -EINVAL;
- if (ret && event->destroy)
- event->destroy(event);
+ if (ret) {
+ if (event->destroy)
+ event->destroy(event);
+ if (event->free)
+ event->free(event);
+ }
}
if (ret)
@@ -12090,6 +12097,8 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu,
perf_detach_cgroup(event);
if (event->destroy)
event->destroy(event);
+ if (event->free)
+ event->free(event);
module_put(pmu->module);
err_ns:
if (event->hw.target)
--
2.40.1