trace: fix race in perf_trace_buf initialization
A race condition exists while initialiazing perf_trace_buf from
perf_trace_init() and perf_kprobe_init().
CPU0 CPU1
perf_trace_init()
mutex_lock(&event_mutex)
perf_trace_event_init()
perf_trace_event_reg()
total_ref_count == 0
buf = alloc_percpu()
perf_trace_buf[i] = buf
tp_event->class->reg() //fails perf_kprobe_init()
goto fail perf_trace_event_init()
perf_trace_event_reg()
fail:
total_ref_count == 0
total_ref_count == 0
buf = alloc_percpu()
perf_trace_buf[i] = buf
tp_event->class->reg()
total_ref_count++
free_percpu(perf_trace_buf[i])
perf_trace_buf[i] = NULL
Any subsequent call to perf_trace_event_reg() will observe
total_ref_count > 0, causing the perf_trace_buf to be NULL
always. This can result in perf_trace_buf getting accessed
from perf_trace_buf_alloc() without being initialized.
Acquiring event_mutex in perf_kprobe_init() before calling
perf_trace_event_init() should fix this race.
Change-Id: Ifa626940d86c574a15c554a0aef4a83d4b989698
Signed-off-by: 
Prateek Sood <prsood@codeaurora.org>
Loading
Please register or sign in to comment