lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YgeaW4K5XY/66afx@krava>
Date:   Sat, 12 Feb 2022 12:30:35 +0100
From:   Jiri Olsa <olsajiri@...il.com>
To:     Ian Rogers <irogers@...gle.com>
Cc:     Peter Zijlstra <peterz@...radead.org>,
        Ingo Molnar <mingo@...hat.com>,
        Arnaldo Carvalho de Melo <acme@...nel.org>,
        Mark Rutland <mark.rutland@....com>,
        Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
        Jiri Olsa <jolsa@...nel.org>,
        Namhyung Kim <namhyung@...nel.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Darren Hart <dvhart@...radead.org>,
        Davidlohr Bueso <dave@...olabs.net>,
        André Almeida <andrealmeid@...labora.com>,
        James Clark <james.clark@....com>,
        John Garry <john.garry@...wei.com>,
        Riccardo Mancini <rickyman7@...il.com>,
        Yury Norov <yury.norov@...il.com>,
        Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Jin Yao <yao.jin@...ux.intel.com>,
        Adrian Hunter <adrian.hunter@...el.com>,
        Leo Yan <leo.yan@...aro.org>, Andi Kleen <ak@...ux.intel.com>,
        Thomas Richter <tmricht@...ux.ibm.com>,
        Kan Liang <kan.liang@...ux.intel.com>,
        Madhavan Srinivasan <maddy@...ux.ibm.com>,
        Shunsuke Nakamura <nakamura.shun@...itsu.com>,
        Song Liu <song@...nel.org>,
        Masami Hiramatsu <mhiramat@...nel.org>,
        Steven Rostedt <rostedt@...dmis.org>,
        Miaoqian Lin <linmq006@...il.com>,
        Stephen Brennan <stephen.s.brennan@...cle.com>,
        Kajol Jain <kjain@...ux.ibm.com>,
        Alexey Bayduraev <alexey.v.bayduraev@...ux.intel.com>,
        German Gomez <german.gomez@....com>,
        linux-perf-users@...r.kernel.org, linux-kernel@...r.kernel.org,
        Eric Dumazet <edumazet@...gle.com>,
        Dmitry Vyukov <dvyukov@...gle.com>,
        Hao Luo <haoluo@...gle.com>, eranian@...gle.com
Subject: Re: [PATCH v3 04/22] perf dso: Hold lock when accessing nsinfo

On Fri, Feb 11, 2022 at 02:33:57AM -0800, Ian Rogers wrote:
> There may be threads racing to update dso->nsinfo:
> https://lore.kernel.org/linux-perf-users/CAP-5=fWZH20L4kv-BwVtGLwR=Em3AOOT+Q4QGivvQuYn5AsPRg@mail.gmail.com/
> Holding the dso->lock avoids use-after-free, memory leaks and other
> such bugs. Apply the fix in:
> https://lore.kernel.org/linux-perf-users/20211118193714.2293728-1-irogers@google.com/
> of there being a missing nsinfo__put now that the accesses are data race
> free.
> 
> Signed-off-by: Ian Rogers <irogers@...gle.com>
> ---
>  tools/perf/builtin-inject.c   | 4 ++++
>  tools/perf/util/dso.c         | 5 ++++-
>  tools/perf/util/map.c         | 3 +++
>  tools/perf/util/probe-event.c | 2 ++
>  tools/perf/util/symbol.c      | 2 +-
>  5 files changed, 14 insertions(+), 2 deletions(-)
> 
> diff --git a/tools/perf/builtin-inject.c b/tools/perf/builtin-inject.c
> index fbf43a454cba..bede332bf0e2 100644
> --- a/tools/perf/builtin-inject.c
> +++ b/tools/perf/builtin-inject.c
> @@ -363,8 +363,10 @@ static struct dso *findnew_dso(int pid, int tid, const char *filename,
>  	}
>  
>  	if (dso) {
> +		BUG_ON(pthread_mutex_lock(&dso->lock) != 0);
>  		nsinfo__put(dso->nsinfo);
>  		dso->nsinfo = nsi;
> +		pthread_mutex_unlock(&dso->lock);
>  	} else
>  		nsinfo__put(nsi);
>  
> @@ -547,7 +549,9 @@ static int dso__read_build_id(struct dso *dso)
>  	if (dso->has_build_id)
>  		return 0;
>  
> +	BUG_ON(pthread_mutex_lock(&dso->lock) != 0);
>  	nsinfo__mountns_enter(dso->nsinfo, &nsc);
> +	pthread_mutex_unlock(&dso->lock);

so this separates nsinfo__mountns_enter and nsinfo__put,
should we care also about nsinfo__mountns_exit?

jirka

>  	if (filename__read_build_id(dso->long_name, &dso->bid) > 0)
>  		dso->has_build_id = true;
>  	nsinfo__mountns_exit(&nsc);
> diff --git a/tools/perf/util/dso.c b/tools/perf/util/dso.c
> index 6beccffeef7b..b2f570adba35 100644
> --- a/tools/perf/util/dso.c
> +++ b/tools/perf/util/dso.c
> @@ -548,8 +548,11 @@ static int open_dso(struct dso *dso, struct machine *machine)
>  	int fd;
>  	struct nscookie nsc;
>  
> -	if (dso->binary_type != DSO_BINARY_TYPE__BUILD_ID_CACHE)
> +	if (dso->binary_type != DSO_BINARY_TYPE__BUILD_ID_CACHE) {
> +		BUG_ON(pthread_mutex_lock(&dso->lock) != 0);
>  		nsinfo__mountns_enter(dso->nsinfo, &nsc);
> +		pthread_mutex_unlock(&dso->lock);
> +	}
>  	fd = __open_dso(dso, machine);
>  	if (dso->binary_type != DSO_BINARY_TYPE__BUILD_ID_CACHE)
>  		nsinfo__mountns_exit(&nsc);
> diff --git a/tools/perf/util/map.c b/tools/perf/util/map.c
> index 8af693d9678c..ae99b52502d5 100644
> --- a/tools/perf/util/map.c
> +++ b/tools/perf/util/map.c
> @@ -192,7 +192,10 @@ struct map *map__new(struct machine *machine, u64 start, u64 len,
>  			if (!(prot & PROT_EXEC))
>  				dso__set_loaded(dso);
>  		}
> +		BUG_ON(pthread_mutex_lock(&dso->lock) != 0);
> +		nsinfo__put(dso->nsinfo);
>  		dso->nsinfo = nsi;
> +		pthread_mutex_unlock(&dso->lock);
>  
>  		if (build_id__is_defined(bid))
>  			dso__set_build_id(dso, bid);
> diff --git a/tools/perf/util/probe-event.c b/tools/perf/util/probe-event.c
> index a834918a0a0d..7444e689ece7 100644
> --- a/tools/perf/util/probe-event.c
> +++ b/tools/perf/util/probe-event.c
> @@ -180,8 +180,10 @@ struct map *get_target_map(const char *target, struct nsinfo *nsi, bool user)
>  
>  		map = dso__new_map(target);
>  		if (map && map->dso) {
> +			BUG_ON(pthread_mutex_lock(&map->dso->lock) != 0);
>  			nsinfo__put(map->dso->nsinfo);
>  			map->dso->nsinfo = nsinfo__get(nsi);
> +			pthread_mutex_unlock(&map->dso->lock);
>  		}
>  		return map;
>  	} else {
> diff --git a/tools/perf/util/symbol.c b/tools/perf/util/symbol.c
> index 43f47532696f..a504346feb05 100644
> --- a/tools/perf/util/symbol.c
> +++ b/tools/perf/util/symbol.c
> @@ -1774,6 +1774,7 @@ int dso__load(struct dso *dso, struct map *map)
>  	char newmapname[PATH_MAX];
>  	const char *map_path = dso->long_name;
>  
> +	BUG_ON(pthread_mutex_lock(&dso->lock) != 0);
>  	perfmap = strncmp(dso->name, "/tmp/perf-", 10) == 0;
>  	if (perfmap) {
>  		if (dso->nsinfo && (dso__find_perf_map(newmapname,
> @@ -1783,7 +1784,6 @@ int dso__load(struct dso *dso, struct map *map)
>  	}
>  
>  	nsinfo__mountns_enter(dso->nsinfo, &nsc);
> -	BUG_ON(pthread_mutex_lock(&dso->lock) != 0);
>  
>  	/* check again under the dso->lock */
>  	if (dso__loaded(dso)) {
> -- 
> 2.35.1.265.g69c8d7142f-goog
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ