]> sourceware.org Git - systemtap.git/commit
git://sourceware.org / systemtap.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f463f60) | patch
Fix races in perf probe task finder callback
authorSultan Alsawaf <sultan@openresty.com>
Fri, 17 Sep 2021 21:17:16 +0000 (14:17 -0700)
committerSultan Alsawaf <sultan@openresty.com>
Fri, 17 Sep 2021 22:16:19 +0000 (15:16 -0700)
commit2dfd140fd2b4be96d5ac3090e9ef2b60185db22c
tree837451c657da5b2c83eb5f9745660934578f5f3btree
parentf463f6053e6d28da2095d5b4b9da0cbac3d522afcommit | diff
Fix races in perf probe task finder callback

The task finder callback for a perf probe can run concurrently across
different tasks' workers, resulting in redundant registrations since
_stp_perf_init() and _stp_perf_del() lack synchronization. This results
in the redundant perf events never being removed and a use-after-free
scenario occurring in the kernel's core perf code after the stap module
is unloaded. Adding a mutex lock to the task finder callback fixes the
issue.

This fixes the following crash:
BUG: unable to handle page fault for address: ffffffffc045a777
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
PGD 2a15067 P4D 2a15067 PUD 2a17067 PMD 1c4a96067 PTE 0
Oops: 0010 [#1] SMP NOPTI
CPU: 5 PID: 78029 Comm: cat Tainted: G           OE     5.13.9 #78
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ArchLinux 1.14.0-1 04/01/2014
RIP: 0010:0xffffffffc045a777
Code: Unable to access opcode bytes at RIP 0xffffffffc045a74d.
RSP: 0018:ffffc900001d8d80 EFLAGS: 00010046
RAX: ffffffffc045a777 RBX: ffff8881e60f2ee0 RCX: ffffc9000403fc18
RDX: ffffc9000403fc18 RSI: ffffc900001d8dc0 RDI: ffff8881e60f2ee0
RBP: ffffc900001d8db0 R08: 00000000ffffffff R09: 0000000000000000
R10: 0000000000000000 R11: ffffc900001d8ff8 R12: ffffc900001d8dc0
R13: 0000000000000000 R14: ffffc9000403fc18 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888237b40000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffc045a74d CR3: 0000000002a10005 CR4: 0000000000370ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 ? __perf_event_overflow+0x60/0xd7
 ? __perf_event_overflow+0xd7/0xd7
 perf_swevent_hrtimer+0xd3/0x147
 ? nohz_balancer_kick+0x35/0x221
 ? tick_sched_do_timer+0x5a/0x5a
 ? trigger_load_balance+0x41/0x54
 ? scheduler_tick+0x132/0x153
 ? __pv_queued_spin_lock_slowpath+0x115/0x1c1
 ? timerqueue_del+0x24/0x49
 ? __remove_hrtimer+0x3c/0x6c
 __run_hrtimer+0xd3/0x166
 __hrtimer_run_queues+0x67/0x76
 hrtimer_interrupt+0xea/0x21e
 local_apic_timer_interrupt+0x2e/0x54
 __sysvec_apic_timer_interrupt+0x6e/0xb2
 sysvec_apic_timer_interrupt+0x73/0x83
 </IRQ>
 asm_sysvec_apic_timer_interrupt+0x12/0x20
runtime/linux/perf.h diff | blob | blame | history
tapset-perfmon.cxx diff | blob | blame | history
systemtap: system-wide probe/trace tool
This page took 0.030068 seconds and 5 git commands to generate.