| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250604153219.GJ39944@noisy.programming.kicks-ass.net> Date: Wed, 4 Jun 2025 17:32:19 +0200 From: Peter Zijlstra <peterz@...radead.org> To: Mark Rutland <mark.rutland@....com> Cc: Baisheng Gao <baisheng.gao@...soc.com>, Ingo Molnar <mingo@...hat.com>, Arnaldo Carvalho de Melo <acme@...nel.org>, Namhyung Kim <namhyung@...nel.org>, Alexander Shishkin <alexander.shishkin@...ux.intel.com>, Jiri Olsa <jolsa@...nel.org>, Ian Rogers <irogers@...gle.com>, Adrian Hunter <adrian.hunter@...el.com>, "reviewer:PERFORMANCE EVENTS SUBSYSTEM" <kan.liang@...ux.intel.com>, "open list:PERFORMANCE EVENTS SUBSYSTEM" <linux-perf-users@...r.kernel.org>, "open list:PERFORMANCE EVENTS SUBSYSTEM" <linux-kernel@...r.kernel.org>, cixi.geng@...ux.dev, hao_hao.wang@...soc.com Subject: Re: [PATCH] perf/core: Handling the race between exit_mmap and perf sample On Wed, Jun 04, 2025 at 03:55:01PM +0100, Mark Rutland wrote: > I think we might need something in the perf core for cpu-bound events, assuming > those can also potentially make samples. > > From a quick scan of perf_event_sample_format: > > PERF_SAMPLE_IP // safe > PERF_SAMPLE_TID // safe > PERF_SAMPLE_TIME // safe > PERF_SAMPLE_ADDR // ??? Safe, set by driver, or 0. > PERF_SAMPLE_READ // ??? This is basically read(2) on a fd, but in sample format. Only the count values. This good. > PERF_SAMPLE_CALLCHAIN // may access mm Right. > PERF_SAMPLE_ID // safe > PERF_SAMPLE_CPU // safe > PERF_SAMPLE_PERIOD // safe > PERF_SAMPLE_STREAM_ID // ??? safe > PERF_SAMPLE_RAW // ??? safe, this is random data returned by the driver > PERF_SAMPLE_BRANCH_STACK // safe > PERF_SAMPLE_REGS_USER // safe > PERF_SAMPLE_STACK_USER // may access mm > PERF_SAMPLE_WEIGHT // ??? > PERF_SAMPLE_DATA_SRC // ??? Both should be safe, driver sets them. > PERF_SAMPLE_IDENTIFIER // safe > PERF_SAMPLE_TRANSACTION // ??? Safe, another random thing the driver can set. This was for transactional memory stuff. > PERF_SAMPLE_REGS_INTR // safe > PERF_SAMPLE_PHYS_ADDR // safe; handles mm==NULL && addr < TASK_SIZE > PERF_SAMPLE_AUX // ??? Safe, should be driver, PT for Intel, or that CoreSight for ARM. > PERF_SAMPLE_CGROUP // safe > PERF_SAMPLE_DATA_PAGE_SIZE // partial; doesn't check addr < TASK_SIZE > PERF_SAMPLE_CODE_PAGE_SIZE // partial; doesn't check addr < TASK_SIZE But does use init_mm when !mm, perf_get_page_size(). > PERF_SAMPLE_WEIGHT_STRUCT // ??? Safe, driver bits again. > > ... I think all the dodgy cases use mm somehow, so maybe the perf core > should check for current->mm? This then... I suppose. --- diff --git a/kernel/events/core.c b/kernel/events/core.c index f34c99f8ce8f..49944e4ec3e7 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -7439,6 +7439,10 @@ perf_sample_ustack_size(u16 stack_size, u16 header_size, if (!regs) return 0; + /* No mm, no stack, no dump. */ + if (!current->mm) + return 0; + /* * Check if we fit in with the requested stack size into the: * - TASK_SIZE @@ -8153,6 +8157,9 @@ perf_callchain(struct perf_event *event, struct pt_regs *regs) if (!kernel && !user) return &__empty_callchain; + if (!current->mm) + user = false; + callchain = get_perf_callchain(regs, 0, kernel, user, max_stack, crosstask, true); return callchain ?: &__empty_callchain;
Powered by blists - more mailing lists