perf: Fix NULL deref
Dan reported:
1229 if (ctx->task == TASK_TOMBSTONE ||
1230 !atomic_inc_not_zero(&ctx->refcount)) {
1231 raw_spin_unlock(&ctx->lock);
1232 ctx = NULL;
^^^^^^^^^^
ctx is NULL.
1233 }
1234
1235 WARN_ON_ONCE(ctx->task != task);
^^^^^^^^^^^^^^^^^
The patch adds a NULL dereference.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vince Weaver <vincent.weaver@maine.edu>
Fixes: 63b6da39bb
("perf: Fix perf_event_exit_task() race")
Signed-off-by: Ingo Molnar <mingo@kernel.org>
This commit is contained in:
Родитель
8f04b8536f
Коммит
828b6f0e26
|
@ -1230,10 +1230,10 @@ retry:
|
|||
!atomic_inc_not_zero(&ctx->refcount)) {
|
||||
raw_spin_unlock(&ctx->lock);
|
||||
ctx = NULL;
|
||||
}
|
||||
|
||||
} else {
|
||||
WARN_ON_ONCE(ctx->task != task);
|
||||
}
|
||||
}
|
||||
rcu_read_unlock();
|
||||
if (!ctx)
|
||||
local_irq_restore(*flags);
|
||||
|
|
Загрузка…
Ссылка в новой задаче