Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp4183874rwb; Tue, 16 Aug 2022 16:32:00 -0700 (PDT) X-Google-Smtp-Source: AA6agR4hM+EFpXDCiUcFMZ0Gtv5VMasd8DQunVNbRa4AiG2H/2c/UCck3j0OdbCAqeG+YR471ksO X-Received: by 2002:a17:903:2483:b0:16c:dfcf:38e8 with SMTP id p3-20020a170903248300b0016cdfcf38e8mr24402814plw.43.1660692720316; Tue, 16 Aug 2022 16:32:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1660692720; cv=none; d=google.com; s=arc-20160816; b=sCtvtaevbh6Psd/x8PBoLIxZIPYzXMLDaWz46rBqLBrO0nF+CuEiK+WAfchAOyPCDy P8CKGj4rXiQCzoSuh+/Ds0PY0hilNVLrmHpa9r45ygkJlzIwThlwRzfVryel08JTKxlu kzs6rIbPDshOYAMEPS4YXgZxsb2PWTmZ6kf0zltojXGW7KX77epQkfEjj6ig2ct0BZXo P8Ky2RWif4JVOiV5KxNvfSGFs3Q7Rdvz/JTVnR+OMDodGcli885BUxnligF4kfMH+nEz QBGKSCQvIJ/ErdzF5Z3rhWi5pQxjMqbUuHVH3PC2LmsHGgM20PbDR5oEZVAUCQG7RVWS jWvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:subject:cc:to:from:date; bh=3cRzS949oojbS9xl7tgW304HbJ22+jsKMP0m/RWrhX8=; b=TgGfHsuXlRxoGTJnEtlplxFU9UTto8P3mXaP7IDcDgsAhU+l4TwR3X5IrbjhizW2O6 i8GGhshPDCqYQkOKY0Nr7vrn32RZBhl2+Uu8v8msc2s6zP0iBYc650KG/lGmtpVZbQAB Bw8Cr8reFC/M/0F2F5liVYi59lJ6zSiNkVRbBTPFXucQvIx76K8DaXtvt4qTR7GIrU8K KrjvW2IRuiTq84uYnuij4iJZXpuiKXkGRi7u6TqGvt6mTuCVend3Hwfo3/hE0Ulhs/RI C8h1dgrve1gQnTjOQVLoFe/1epRU0BQT/kZ4CbzJUNCbe9/1SxNpiLVr8jAMendbr2NU Hc1w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e5-20020a17090301c500b00171311470f7si16250018plh.3.2022.08.16.16.31.45; Tue, 16 Aug 2022 16:32:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229675AbiHPX2Q (ORCPT + 99 others); Tue, 16 Aug 2022 19:28:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51956 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232754AbiHPX2O (ORCPT ); Tue, 16 Aug 2022 19:28:14 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 566D0219A for ; Tue, 16 Aug 2022 16:28:13 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id BD405B81B47 for ; Tue, 16 Aug 2022 23:28:11 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2AE52C433D6; Tue, 16 Aug 2022 23:28:09 +0000 (UTC) Date: Tue, 16 Aug 2022 19:28:17 -0400 From: Steven Rostedt To: LKML Cc: Jiri Olsa , Peter Zijlstra , Frederic Weisbecker , Ingo Molnar , David Reaver , Masami Hiramatsu , Krister Johansen Subject: [PATCH] tracing/perf: Fix double put of trace event when init fails Message-ID: <20220816192817.43d5e17f@gandalf.local.home> X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.33; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-6.7 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: "Steven Rostedt (Google)" If in perf_trace_event_init(), the perf_trace_event_open() fails, then it will call perf_trace_event_unreg() which will not only unregister the perf trace event, but will also call the put() function of the tp_event. The problem here is that the trace_event_try_get_ref() is called by the caller of perf_trace_event_init() and if perf_trace_event_init() returns a failure, it will then call trace_event_put(). But since the perf_trace_event_unreg() already called the trace_event_put() function, it triggers a WARN_ON(). WARNING: CPU: 1 PID: 30309 at kernel/trace/trace_dynevent.c:46 trace_event_dyn_put_ref+0x15/0x20 If perf_trace_event_reg() does not call the trace_event_try_get_ref() then the perf_trace_event_unreg() should not be calling trace_event_put(). This breaks symmetry and causes bugs like these. Pull out the trace_event_put() from perf_trace_event_unreg() and call it in the locations that perf_trace_event_unreg() is called. This not only fixes this bug, but also brings back the proper symmetry of the reg/unreg vs get/put logic. Link: https://lore.kernel.org/all/cover.1660347763.git.kjlx@templeofstupid.com/ Reported-by: Krister Johansen Reviewed-by: Krister Johansen Tested-by: Krister Johansen Signed-off-by: Steven Rostedt (Google) --- kernel/trace/trace_event_perf.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/kernel/trace/trace_event_perf.c b/kernel/trace/trace_event_perf.c index a114549720d6..61e3a2620fa3 100644 --- a/kernel/trace/trace_event_perf.c +++ b/kernel/trace/trace_event_perf.c @@ -157,7 +157,7 @@ static void perf_trace_event_unreg(struct perf_event *p_event) int i; if (--tp_event->perf_refcount > 0) - goto out; + return; tp_event->class->reg(tp_event, TRACE_REG_PERF_UNREGISTER, NULL); @@ -176,8 +176,6 @@ static void perf_trace_event_unreg(struct perf_event *p_event) perf_trace_buf[i] = NULL; } } -out: - trace_event_put_ref(tp_event); } static int perf_trace_event_open(struct perf_event *p_event) @@ -241,6 +239,7 @@ void perf_trace_destroy(struct perf_event *p_event) mutex_lock(&event_mutex); perf_trace_event_close(p_event); perf_trace_event_unreg(p_event); + trace_event_put_ref(p_event->tp_event); mutex_unlock(&event_mutex); } @@ -292,6 +291,7 @@ void perf_kprobe_destroy(struct perf_event *p_event) mutex_lock(&event_mutex); perf_trace_event_close(p_event); perf_trace_event_unreg(p_event); + trace_event_put_ref(p_event->tp_event); mutex_unlock(&event_mutex); destroy_local_trace_kprobe(p_event->tp_event); @@ -347,6 +347,7 @@ void perf_uprobe_destroy(struct perf_event *p_event) mutex_lock(&event_mutex); perf_trace_event_close(p_event); perf_trace_event_unreg(p_event); + trace_event_put_ref(p_event->tp_event); mutex_unlock(&event_mutex); destroy_local_trace_uprobe(p_event->tp_event); } -- 2.35.1