github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-12 16:18:45 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
e5cf0260a7
linux/kernel/events
History
Peter Zijlstra c69df06e4e perf/core: Fix deadlock in perf_mmap() failure path 
Ian noted that commit 77de62ad3d ("perf/core: Fix refcount bug and
potential UAF in perf_mmap") would cause a deadlock due to
event->mmap_mutex recursion.

This happens because we're now calling perf_mmap_close() under
mmap_mutex, while that function itself can also take mmap_mutex.

Solve this by noting that perf_mmap_close() is far more complicated
than we need at this particular point, since it deals with scenarios
that cannot happen in this particular case.

Replace the call to perf_mmap_close() with a very narrow undo for the
case of first-exposure. If this is not the first mmap(), there is no
race and it is fine to drop the lock and call perf_mmap_close() to
handle to more complicated scenarios.

Note: move the rb->mmap_user (namespace) handling into the rb
init/free code such that it does not complicate the mmap handling.

Fixes: 77de62ad3d ("perf/core: Fix refcount bug and potential UAF in perf_mmap")
Reported-by: Ian Rogers <irogers@google.com>
Closes: https://patch.msgid.link/CAP-5%3DfVJyVMZw%3DDqP53Kxg58nUmJ_0bxoaeOKAbC03BVc11HaA%40mail.gmail.com
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://patch.msgid.link/20260326112821.GK3738786@noisy.programming.kicks-ass.net
2026-05-05 12:47:20 +02:00
..
callchain.c perf: sched: Fix perf crash with new is_user_task() helper 2026-01-30 23:06:07 +01:00
core.c perf/core: Fix deadlock in perf_mmap() failure path 2026-05-05 12:47:20 +02:00
hw_breakpoint_test.c perf/hw_breakpoint: remove MODULE_LICENSE in non-modules 2023-04-13 13:13:52 -07:00
hw_breakpoint.c Convert remaining multi-line kmalloc_obj/flex GFP_KERNEL uses 2026-02-22 08:26:33 -08:00
internal.h perf/core: Fix deadlock in perf_mmap() failure path 2026-05-05 12:47:20 +02:00
Makefile perf/hw_breakpoint: Add KUnit test for constraints accounting 2022-08-30 10:56:20 +02:00
ring_buffer.c perf/core: Fix deadlock in perf_mmap() failure path 2026-05-05 12:47:20 +02:00
uprobes.c treewide: change inode->i_ino from unsigned long to u64 2026-03-06 14:31:28 +01:00