From nobody Tue Oct 7 14:57:06 2025 Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DF70B2FC3AD for ; Fri, 11 Jul 2025 18:38:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.180.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752259137; cv=none; b=m3/wdmVqBYfm3f/lUbNqAyK2kryfAC+FoLXBAZ7Gix5EFuyiUsCM/Ny51zFsKQWuF+HS4rWjrZ+BQgd0NEa9zCxIzLJA+P8KCvOXfT8n6txCj+0kvbQZAKLdAau/Db8Fcw2R7sUnL8gf/Sthb5XrBSpJ6ZgeTYynmd1uoouXDqw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752259137; c=relaxed/simple; bh=h4W3cQp+TtmS0aGmcxVT5XdwRqSpxAq9CwXvrr3v8JQ=; h=From:Date:Subject:MIME-Version:Content-Type:Message-ID:References: In-Reply-To:To:CC; b=VlMwLxI9sk0iXlDqW9KCulIB3dFMOsTGOvO+bYB0TkOmHGFDam+eKCdckVfnahpUkXWJA6IKrFYALZnGSqlskx7UmL3FPIMj2Cq1bCnHhzhSAy9/ufbaUxDQEnCWQIdv4v595EP9zXXFtrZLeoObTl3VzVngPOkP7F7krcrJwsk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com; spf=pass smtp.mailfrom=quicinc.com; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b=F8Fj2Oii; arc=none smtp.client-ip=205.220.180.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=quicinc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b="F8Fj2Oii" Received: from pps.filterd (m0279872.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 56BB1Y8c005759; Fri, 11 Jul 2025 18:38:51 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=qcppdkim1; bh= dVm2mEmkYwfztpM3N9zWYd/1ThH+3xOMrRcm7lERDx0=; b=F8Fj2OiiBLX98bfG pbEZKR6ELfLahrRUcJkUTRXeDLYn1OWxR0w7R2T5pP/8iJD/MIxMsNW6hSPlN8O6 f0XjanRpBvjqnyqvqd5Xc2AqdV+eNgp+2Ro2C994f/H7CVM6WvRXBbVJSPcvx8sR 4Os3ZffhFAngPdYKEi+a+NeGBWDl9yDgynNcFGUvKcyVqF5BXgBgXUBkTBZ4/MoV /457xQbryT4asJZ9h1uiv3flgQNj7u8tS5UO3e4tzh69jfnXwE8xeYJhVnOWPp62 zAVtg0Wqt0GY227DVANFhebBd4xPdbH6zggeHjtOyESQgUY5LFqJr2llhPQlVY1u L8gOmg== Received: from nasanppmta04.qualcomm.com (i-global254.qualcomm.com [199.106.103.254]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 47u1c597nb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 11 Jul 2025 18:38:51 +0000 (GMT) Received: from nasanex01b.na.qualcomm.com (nasanex01b.na.qualcomm.com [10.46.141.250]) by NASANPPMTA04.qualcomm.com (8.18.1.2/8.18.1.2) with ESMTPS id 56BIcocO018746 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 11 Jul 2025 18:38:50 GMT Received: from hu-achillar-hyd.qualcomm.com (10.80.80.8) by nasanex01b.na.qualcomm.com (10.46.141.250) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1748.10; Fri, 11 Jul 2025 11:38:48 -0700 From: Aditya Chillara Date: Sat, 12 Jul 2025 00:01:48 +0530 Subject: [PATCH v2 1/2] tracing/perf: Prevent double unregister of perf probes Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-ID: <20250712-fix-double-perf-probe-unregister-v2-1-328b275672c5@quicinc.com> References: <20250712-fix-double-perf-probe-unregister-v2-0-328b275672c5@quicinc.com> In-Reply-To: <20250712-fix-double-perf-probe-unregister-v2-0-328b275672c5@quicinc.com> To: Steven Rostedt , Ingo Molnar , Mathieu Desnoyers CC: , Aditya Chillara X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1752259126; l=2268; i=quic_achillar@quicinc.com; s=20250630; h=from:subject:message-id; bh=h4W3cQp+TtmS0aGmcxVT5XdwRqSpxAq9CwXvrr3v8JQ=; b=T5InSNJ6BLhMSfjyejFthJn1WR2fOz5APDavRmEBC7J6voK5Tn4mVVXN3u7C4SVLKPleufVp+ u74qnuzCjmGCmodBzNmmHb8/FmHBSMkjtQlZ8KlODMfz3VxnhNN2E40 X-Developer-Key: i=quic_achillar@quicinc.com; a=ed25519; pk=n9YdZ9C822pphDmKHNwLKAFOJBiDCIOL/n1Mzy7/lg4= X-ClientProxiedBy: nasanex01a.na.qualcomm.com (10.52.223.231) To nasanex01b.na.qualcomm.com (10.46.141.250) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-ORIG-GUID: iXJE2-wt696bkeKCCSc58cvKHgJhb2rM X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNzExMDEzOCBTYWx0ZWRfX2ESPk3Bvne2X vSDiNeIvlIR40ms13730dGOJEvJP1Rd+tVzG7ULgUrjxPbHh43osSb61DgTOxbWY7dXInNTHIRG tZ0tiWfqevbkDPWU8vN+fyD0GdNntktic3g0bYZxprjxHZas+E/tusbPaeO8m5JDqK5jVCkHIqH re9FqBVr8QXYJZWs455a3R2mm5Yqh1wadngbDt4VwXZfhMOl/ynXBBFQdi3ow5ztaydwDTriCKg 2KLnM/xAVUjfvdebdDKFfRs0wNX3Pfn7bgfOyHcmxBIBCGCiEcULsYyMqHRB8QH2dnYleMDTZmj BEIQ2b+qgAtJKUTuFxXRu9UIIEpnna1TItGRgz4MzVeH9Xtu3Ua/tvkdgIyRp8sXsL+OwDu5WVI UDYTqVK8kyl7mF6H1vq29qDFL8EcnwfxMzxpXby9soEv7Eh7woj4panwQKdhY4000lWdThc9 X-Proofpoint-GUID: iXJE2-wt696bkeKCCSc58cvKHgJhb2rM X-Authority-Analysis: v=2.4 cv=N9MpF39B c=1 sm=1 tr=0 ts=68715a3b cx=c_pps a=JYp8KDb2vCoCEuGobkYCKw==:117 a=JYp8KDb2vCoCEuGobkYCKw==:17 a=GEpy-HfZoHoA:10 a=IkcTkHD0fZMA:10 a=Wb1JkmetP80A:10 a=COk6AnOGAAAA:8 a=nA_d3Nbw2aago_QP_ScA:9 a=QEXdDO2ut3YA:10 a=TjNXssC_j7lpFel5tvFf:22 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.1.7,FMLib:17.12.80.40 definitions=2025-07-11_05,2025-07-09_01,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 priorityscore=1501 mlxscore=0 bulkscore=0 impostorscore=0 lowpriorityscore=0 spamscore=0 malwarescore=0 suspectscore=0 adultscore=0 mlxlogscore=609 clxscore=1011 classifier=spam authscore=0 authtc=n/a authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2505280000 definitions=main-2507110138 Double perf_trace_event_unreg is allowed causing perf_refcount to go negative. total_ref_count also goes negative because the return value of tracepoint_probe_unregister is ignored. Once total_ref_count is negative, the next call to perf_trace_event_reg will register perf_probe but will not allocate perf_trace_buf and sets it to NULL instead. The subsequent trace_##call() will mem abort in perf_trace_buf_alloc because memset will be called on the NULL perf_trace_buf. Gracefully handle the error in perf_trace_event_unreg to prevent double unregister. Signed-off-by: Aditya Chillara --- kernel/trace/trace_event_perf.c | 8 ++++++-- kernel/trace/trace_events.c | 3 +-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/kernel/trace/trace_event_perf.c b/kernel/trace/trace_event_per= f.c index 61e3a2620fa3c9417ac23cf5a18aeb86e7393dcc..247db88accd88eb0acf3692ea59= 3d576519ce8b1 100644 --- a/kernel/trace/trace_event_perf.c +++ b/kernel/trace/trace_event_perf.c @@ -154,12 +154,16 @@ static int perf_trace_event_reg(struct trace_event_ca= ll *tp_event, static void perf_trace_event_unreg(struct perf_event *p_event) { struct trace_event_call *tp_event =3D p_event->tp_event; - int i; + int i, ret; =20 if (--tp_event->perf_refcount > 0) return; =20 - tp_event->class->reg(tp_event, TRACE_REG_PERF_UNREGISTER, NULL); + ret =3D tp_event->class->reg(tp_event, TRACE_REG_PERF_UNREGISTER, NULL); + if (ret) { + ++tp_event->perf_refcount; + return; + } =20 /* * Ensure our callback won't be called anymore. The buffers diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c index 0356cae0cf74e79075f607bc841df05568688baa..50e0e08b29aa6617a04b191419a= d1e587adf69fe 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c @@ -530,10 +530,9 @@ int trace_event_reg(struct trace_event_call *call, call->class->perf_probe, call); case TRACE_REG_PERF_UNREGISTER: - tracepoint_probe_unregister(call->tp, + return tracepoint_probe_unregister(call->tp, call->class->perf_probe, call); - return 0; case TRACE_REG_PERF_OPEN: case TRACE_REG_PERF_CLOSE: case TRACE_REG_PERF_ADD: --=20 2.34.1 From nobody Tue Oct 7 14:57:06 2025 Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EE1FA2FC018 for ; Fri, 11 Jul 2025 18:38:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.168.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752259140; cv=none; b=m7ad59fU0EARq4hr/FiPJMjgNt4VQDNrnYMGdnHghe3ZRX0kTPN+IPE14yG1eQCDfzxqYaIH5gIqvqY7xTA8Mg2H+XchnJ9W4C/D2ATwj86k1BtgEaUFr1JpGsNSmy7FosjNlvmTr6M02OUKCPPGyO9KnIsXoWWg+G1oVtIOJ44= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752259140; c=relaxed/simple; bh=oRcfnyZvrV2VkZH1U3gf55zJWHhtns3VEqkXw6uHOTM=; h=From:Date:Subject:MIME-Version:Content-Type:Message-ID:References: In-Reply-To:To:CC; b=BOliFwhStlc5xbFy0D3GxE1stbWhGJZ5MclaiUbc597aWQmhNMrRE/n/Ehv6LXwXWYBCJKIATDBCE+sZDmHCHxKS6pXv06lgyDxLCtBZG1OKdVSaz+jOBup91ZQRUZCDgKn6lXSFlMUylKlBWEFshVV7XuHujwSGwQqNOHdvw/U= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com; spf=pass smtp.mailfrom=quicinc.com; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b=DFdzF1Fl; arc=none smtp.client-ip=205.220.168.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=quicinc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b="DFdzF1Fl" Received: from pps.filterd (m0279864.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 56BAYatP018395; Fri, 11 Jul 2025 18:38:52 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=qcppdkim1; bh= hgGEbyKbUqvSoQQtfL6Dyz1Bh0Bad7htneSu8o6XWQY=; b=DFdzF1Flqqa6Jsb0 acSKoe3i/MNlLQohjztEXmfJbB0CrB+AQMcNp6mYhyZl1IRMei1KZvx2I2yUbciT 1dQAwQ2JZOd8zWbxe6R+uLNg2Pluln8EEeNWtxD4ssv81SZzfAClDT6ad+49cl4T 2SkUURFkamJNwL+hvX6BxVEgfjjTEgWVVNcr8IZ2gK8xyMgBAfWnLsH3zFjcaAJi 2gJaeMOqQo5pATaIDLH5MYLrzIE70x/ThXbS3HNs5mf53ZC0XnnCfl0JGjgorGUk /dvuJx2rfEdSZipfPTWMRYOU5A6aHt2yYOdgJaMpKrewAwSrUOCS1d7o3xUgzEyW 13MV6Q== Received: from nasanppmta02.qualcomm.com (i-global254.qualcomm.com [199.106.103.254]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 47tkf33g19-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 11 Jul 2025 18:38:52 +0000 (GMT) Received: from nasanex01b.na.qualcomm.com (nasanex01b.na.qualcomm.com [10.46.141.250]) by NASANPPMTA02.qualcomm.com (8.18.1.2/8.18.1.2) with ESMTPS id 56BIcqd7010984 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 11 Jul 2025 18:38:52 GMT Received: from hu-achillar-hyd.qualcomm.com (10.80.80.8) by nasanex01b.na.qualcomm.com (10.46.141.250) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1748.10; Fri, 11 Jul 2025 11:38:50 -0700 From: Aditya Chillara Date: Sat, 12 Jul 2025 00:01:49 +0530 Subject: [PATCH v2 2/2] tracing: Prevent double unregister of tracepoint probes Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-ID: <20250712-fix-double-perf-probe-unregister-v2-2-328b275672c5@quicinc.com> References: <20250712-fix-double-perf-probe-unregister-v2-0-328b275672c5@quicinc.com> In-Reply-To: <20250712-fix-double-perf-probe-unregister-v2-0-328b275672c5@quicinc.com> To: Steven Rostedt , Ingo Molnar , Mathieu Desnoyers CC: , Aditya Chillara X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1752259126; l=1759; i=quic_achillar@quicinc.com; s=20250630; h=from:subject:message-id; bh=oRcfnyZvrV2VkZH1U3gf55zJWHhtns3VEqkXw6uHOTM=; b=lNt2qYRsrDzUJvJlPuvUyN5ovXbpDra78UPEP3bF7HBgsr6dWHwpHtK1cVg843uyGqAKATJt3 8N3OKqpYcKJA9R0jOwqnFDeEa9B6fWzUPGf9Gu/DS4qlPSBrEe04Dht X-Developer-Key: i=quic_achillar@quicinc.com; a=ed25519; pk=n9YdZ9C822pphDmKHNwLKAFOJBiDCIOL/n1Mzy7/lg4= X-ClientProxiedBy: nasanex01a.na.qualcomm.com (10.52.223.231) To nasanex01b.na.qualcomm.com (10.46.141.250) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNzExMDEzOCBTYWx0ZWRfXz2qUi3suyKL+ vzzEh+kHqvOzMospGOs6ZsWNnHaQHEAvlwhwho825ixuHMGwqSKQUhVM/LTpsurfulpqP9iXGOG Erbwe1BMIwIG63/ZEwRJwtxXv+aLjXQe1Fn1K+Gpjv0dllp60kRlojJ9mvENZ58EpMnryV2oJrg lL91tJLh+aZ9b1OeWvWC8wVMfbaMyBwQiUl0/VaID9epdR5au/FRwxQf5+LFJLGKxUvG+rjxKN1 vALL7+hMvp2oVZInDXZ1loiJGNqRa+PKB0VXmeR8N6dZGzqO4b1/bS3R7W6IZD5/gCiQ7cGJ+ez FJrT/2Wh/1ZSN1FW8nTk+D6iXjdGawMxG1ZLGVPeit1xy7FuytD3ArMem7q96ZsfjMmbYrwaNVA gunD7zBKKjcNWU6tFAe17LxL9n+VfBWT02cVxr0w6VGOY0hFKu82zJce5IOLI3EdzQ/ce0h2 X-Proofpoint-GUID: SPXTINe4Iw6N4Uub13QS5ucT0sV3Y_x5 X-Authority-Analysis: v=2.4 cv=Xuf6OUF9 c=1 sm=1 tr=0 ts=68715a3c cx=c_pps a=JYp8KDb2vCoCEuGobkYCKw==:117 a=JYp8KDb2vCoCEuGobkYCKw==:17 a=GEpy-HfZoHoA:10 a=IkcTkHD0fZMA:10 a=Wb1JkmetP80A:10 a=COk6AnOGAAAA:8 a=12tNh57-wRayZMwsPSUA:9 a=QEXdDO2ut3YA:10 a=TjNXssC_j7lpFel5tvFf:22 X-Proofpoint-ORIG-GUID: SPXTINe4Iw6N4Uub13QS5ucT0sV3Y_x5 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.1.7,FMLib:17.12.80.40 definitions=2025-07-11_05,2025-07-09_01,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 bulkscore=0 spamscore=0 lowpriorityscore=0 impostorscore=0 clxscore=1011 priorityscore=1501 malwarescore=0 adultscore=0 mlxscore=0 phishscore=0 mlxlogscore=691 classifier=spam authscore=0 authtc=n/a authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2505280000 definitions=main-2507110138 Prevent tracepoint_probe_unregister from being executed multiple times for the same probe, which can cause issues with perf due to the lack of error handling. Return an error if the probe is not present in the list of probes. Signed-off-by: Aditya Chillara --- kernel/tracepoint.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/kernel/tracepoint.c b/kernel/tracepoint.c index ef42c1a1192053cc05b45ccb61358a4996453add..6e7b6dd3bdd5eb0ae92b2fd4376= 7e8da942f2c18 100644 --- a/kernel/tracepoint.c +++ b/kernel/tracepoint.c @@ -232,7 +232,7 @@ func_add(struct tracepoint_func **funcs, struct tracepo= int_func *tp_func, static void *func_remove(struct tracepoint_func **funcs, struct tracepoint_func *tp_func) { - int nr_probes =3D 0, nr_del =3D 0, i; + int nr_probes =3D 0, nr_del =3D 0, nr_tp_stub_del =3D 0, i; struct tracepoint_func *old, *new; =20 old =3D *funcs; @@ -244,13 +244,20 @@ static void *func_remove(struct tracepoint_func **fun= cs, /* (N -> M), (N > 1, M >=3D 0) probes */ if (tp_func->func) { for (nr_probes =3D 0; old[nr_probes].func; nr_probes++) { - if ((old[nr_probes].func =3D=3D tp_func->func && - old[nr_probes].data =3D=3D tp_func->data) || - old[nr_probes].func =3D=3D tp_stub_func) + if (old[nr_probes].func =3D=3D tp_func->func && + old[nr_probes].data =3D=3D tp_func->data) nr_del++; + else if (old[nr_probes].func =3D=3D tp_stub_func) + nr_tp_stub_del++; } } =20 + /* If there is nothing to delete, do not allow */ + if (!nr_del) + return ERR_PTR(-ENOENT); + + nr_del +=3D nr_tp_stub_del; + /* * If probe is NULL, then nr_probes =3D nr_del =3D 0, and then the * entire entry will be removed. --=20 2.34.1