[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20250806195624.880096284@linutronix.de>
Date: Wed, 6 Aug 2025 22:12:52 +0200 (CEST)
From: Thomas Gleixner <tglx@...utronix.de>
To: LKML <linux-kernel@...r.kernel.org>
Cc: Linus Torvalds <torvalds@...uxfoundation.org>,
Peter Zijlstra <peterz@...radead.org>,
Ingo Molnar <mingo@...nel.org>,
Namhyung Kim <namhyung@...nel.org>,
Arnaldo Carvalho de Melo <acme@...hat.com>,
Lorenzo Stoakes <lorenzo.stoakes@...cle.com>,
Kees Cook <kees@...nel.org>
Subject: [patch 0/6] perf: Convert mmap() related reference counts to
refcount_t
The recently fixed reference count leaks could have been detected by using
refcount_t and refcount_t would have mitigated the potential overflow at
least.
It turned out that converting the code as is does not work as the
allocation code ends up doing a refcount_inc() for the first allocation,
which causes refcount_t sanity checks to emit a UAF warning.
The reason is that the code is sharing functionality at the wrong level and
ends up being overly complicated for no reason. That's what inevitable led
to the refcount leak problems.
Address this by splitting the ringbuffer and the AUX buffer mapping and
allocation parts out into seperate functions, which handle the reference
counts in a sane way.
That not only simplifies the code and makes it halfways comprehensible, but
also allows to convert the mmap() related reference counts to refcount_t.
It survives lightweight testing with perf and passes the perf/mmap
selftest.
The series applies on top of Linus tree and is also available from git:
git://git.kernel.org/pub/scm/linux/kernel/git/tglx/devel.git perf/refcounts
Thanks,
tglx
---
include/linux/perf_event.h | 2
kernel/events/core.c | 361 ++++++++++++++++++++++----------------------
kernel/events/internal.h | 4
kernel/events/ring_buffer.c | 2
4 files changed, 185 insertions(+), 184 deletions(-)
Powered by blists - more mailing lists