| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250811090416.GC1613200@noisy.programming.kicks-ass.net>
Date: Mon, 11 Aug 2025 11:04:16 +0200
From: Peter Zijlstra <peterz@...radead.org>
To: Thomas Gleixner <tglx@...utronix.de>
Cc: LKML <linux-kernel@...r.kernel.org>,
Linus Torvalds <torvalds@...uxfoundation.org>,
Ingo Molnar <mingo@...nel.org>, Namhyung Kim <namhyung@...nel.org>,
Arnaldo Carvalho de Melo <acme@...hat.com>,
Lorenzo Stoakes <lorenzo.stoakes@...cle.com>,
Kees Cook <kees@...nel.org>
Subject: Re: [patch V2 m@/6] perf/core: Split out AUX buffer allocation
On Mon, Aug 11, 2025 at 09:06:41AM +0200, Thomas Gleixner wrote:
> @@ -7055,51 +7122,15 @@ static int perf_mmap(struct file *file,
> }
>
> } else {
> - /*
> - * AUX area mapping: if rb->aux_nr_pages != 0, it's already
> - * mapped, all subsequent mappings should have the same size
> - * and offset. Must be above the normal perf buffer.
> - */
> - u64 aux_offset, aux_size;
> -
> - rb = event->rb;
> - if (!rb)
> - goto aux_unlock;
> -
> - aux_mutex = &rb->aux_mutex;
> - mutex_lock(aux_mutex);
> -
> - aux_offset = READ_ONCE(rb->user_page->aux_offset);
> - aux_size = READ_ONCE(rb->user_page->aux_size);
> -
> - if (aux_offset < perf_data_size(rb) + PAGE_SIZE)
> - goto aux_unlock;
> -
> - if (aux_offset != vma->vm_pgoff << PAGE_SHIFT)
> - goto aux_unlock;
> -
> - /* already mapped with a different offset */
> - if (rb_has_aux(rb) && rb->aux_pgoff != vma->vm_pgoff)
> - goto aux_unlock;
> -
> - if (aux_size != nr_pages * PAGE_SIZE)
> - goto aux_unlock;
> -
> - /* already mapped with a different size */
> - if (rb_has_aux(rb) && rb->aux_nr_pages != nr_pages)
> - goto aux_unlock;
> -
> - if (!is_power_of_2(nr_pages))
> - goto aux_unlock;
> -
> - if (!atomic_inc_not_zero(&rb->mmap_count))
> - goto aux_unlock;
> -
> - if (rb_has_aux(rb)) {
> - atomic_inc(&rb->aux_mmap_count);
> - ret = 0;
> - goto unlock;
> + if (!event->rb) {
> + ret = -EINVAL;
> + } else {
> + scoped_guard(mutex, &event->rb->aux_mutex)
> + ret = perf_mmap_aux(vma, event, nr_pages);
> }
> + // Temporary workaround to split out AUX handling first
> + mutex_unlock(&event->mmap_mutex);
> + goto out;
> }
>
> if (!perf_mmap_calc_limits(vma, &user_extra, &extra)) {
> @@ -7132,28 +7163,16 @@ static int perf_mmap(struct file *file,
> perf_event_init_userpage(event);
> perf_event_update_userpage(event);
> ret = 0;
> - } else {
> - ret = rb_alloc_aux(rb, event, vma->vm_pgoff, nr_pages,
> - event->attr.aux_watermark, flags);
> - if (!ret) {
> - atomic_set(&rb->aux_mmap_count, 1);
> - rb->aux_mmap_locked = extra;
> - }
> }
> -
> unlock:
> if (!ret) {
> perf_mmap_account(vma, user_extra, extra);
> atomic_inc(&event->mmap_count);
> - } else if (rb) {
> - /* AUX allocation failed */
> - atomic_dec(&rb->mmap_count);
> }
> -aux_unlock:
> - if (aux_mutex)
> - mutex_unlock(aux_mutex);
> mutex_unlock(&event->mmap_mutex);
>
> +// Temporary until RB allocation is split out.
> +out:
> if (ret)
> return ret;
Its a bit of a struggle getting back to work after spending 3 weeks on a
beach with the kids, but doesn't this remove the perf_mmap_account()
call out from under aux_mutex?
Notably, perf_mmap_close() seems to rely on this being the case.
Powered by blists - more mailing lists