diff options
author | Peter Zijlstra <a.p.zijlstra@chello.nl> | 2009-12-30 10:00:35 -0500 |
---|---|---|
committer | Ingo Molnar <mingo@elte.hu> | 2009-12-31 07:11:31 -0500 |
commit | 05cbaa2853cdfc255fdd04e65a82bfe9208c4e52 (patch) | |
tree | 83a6b8ea45fe181e623aa6c532cb9176400199de /kernel/perf_event.c | |
parent | 48b5ba9cc98d676712da29d9931f1c88e5185ff2 (diff) |
perf: Fix NULL deref in inheritance code
Liming found a NULL deref when a task has a perf context but no
counters when it forks.
This can occur in two cases, a race during construction where
the fork hits after installing the context but before the first
counter gets inserted, or more reproducably, a fork after the
last counter is closed (which leaves the context around).
Reported-by: Wang Liming <liming.wang@windriver.com>
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Paul Mackerras <paulus@samba.org>
CC: <stable@kernel.org>
LKML-Reference: <1262185684.7135.222.camel@laptop>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Diffstat (limited to 'kernel/perf_event.c')
-rw-r--r-- | kernel/perf_event.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/kernel/perf_event.c b/kernel/perf_event.c index 03cc061398d..58ed1dae587 100644 --- a/kernel/perf_event.c +++ b/kernel/perf_event.c | |||
@@ -5148,7 +5148,7 @@ int perf_event_init_task(struct task_struct *child) | |||
5148 | GFP_KERNEL); | 5148 | GFP_KERNEL); |
5149 | if (!child_ctx) { | 5149 | if (!child_ctx) { |
5150 | ret = -ENOMEM; | 5150 | ret = -ENOMEM; |
5151 | goto exit; | 5151 | break; |
5152 | } | 5152 | } |
5153 | 5153 | ||
5154 | __perf_event_init_context(child_ctx, child); | 5154 | __perf_event_init_context(child_ctx, child); |
@@ -5164,7 +5164,7 @@ int perf_event_init_task(struct task_struct *child) | |||
5164 | } | 5164 | } |
5165 | } | 5165 | } |
5166 | 5166 | ||
5167 | if (inherited_all) { | 5167 | if (child_ctx && inherited_all) { |
5168 | /* | 5168 | /* |
5169 | * Mark the child context as a clone of the parent | 5169 | * Mark the child context as a clone of the parent |
5170 | * context, or of whatever the parent is a clone of. | 5170 | * context, or of whatever the parent is a clone of. |
@@ -5184,7 +5184,6 @@ int perf_event_init_task(struct task_struct *child) | |||
5184 | get_ctx(child_ctx->parent_ctx); | 5184 | get_ctx(child_ctx->parent_ctx); |
5185 | } | 5185 | } |
5186 | 5186 | ||
5187 | exit: | ||
5188 | mutex_unlock(&parent_ctx->mutex); | 5187 | mutex_unlock(&parent_ctx->mutex); |
5189 | 5188 | ||
5190 | perf_unpin_context(parent_ctx); | 5189 | perf_unpin_context(parent_ctx); |