Re: [PATCH 2/4] perf: Fix irq work dereferencing garbage
From: Peter Zijlstra
Date: Fri May 02 2025 - 07:30:22 EST
On Fri, May 02, 2025 at 12:29:18PM +0200, Peter Zijlstra wrote:
> > @@ -13951,18 +13943,25 @@ perf_event_exit_event(struct perf_event *event,
> > /*
> > * Child events can be freed.
> > */
> > - if (is_child) {
> > - if (parent_event) {
> > - mutex_unlock(&parent_event->child_mutex);
> > - /*
> > - * Kick perf_poll() for is_event_hup();
> > - */
> > - perf_event_wakeup(parent_event);
> > + if (parent_event) {
> > + mutex_unlock(&parent_event->child_mutex);
> > + /*
> > + * Kick perf_poll() for is_event_hup();
> > + */
> > + perf_event_wakeup(parent_event);
>
> Should not this perf_event_wakeup() be inside the next if() as well?
> doing anything on parent_event when !ATTACH_CHILD seems dodgy.
I made this change, and munged the original changelog on top and stuffed
the patches into queue/perf/core.
> > +
> > + /*
> > + * Match the refcount initialization. Make sure it doesn't happen
> > + * twice if pmu_detach_event() calls it on an already exited task.
> > + */
> > + if (attach_state & PERF_ATTACH_CHILD) {
> > /*
> > * pmu_detach_event() will have an extra refcount.
> > + * perf_pending_task() might have one too.
> > */
> > put_event(event);
> > }
> > +
> > return;
> > }