mirror of
https://github.com/torvalds/linux
synced 2024-09-19 18:46:35 +00:00
edd4cab2d4
Fix a use after put reference count issue. maps is copied from leader, but the leader is put on line 79 and then maps is used to read the reference count below - so a use after put, with the put of maps happening within thread__put. Fix by reversing the order of puts so that the leader is put last. To explain the reference count checker, I wrote this up as a little example here: https://perf.wiki.kernel.org/index.php/Reference_Count_Checking Note, the bug was introduced by the committer and wasn't present in the original reference count patch set. Committer notes: Yes, the bug predated your patch and is detected by the reference count checking you contributed. This was just part of splitting up your series into smaller chunks, in this case either we fix the problem detected while developing this reference counting infrastructure before the patch introducing REFCNT_CHECKING or fix it later after the merged infrastructure, when built with EXTRA_CFLAGS="-DREFCNT_CHECKING=1" detects it when running 'perf test', which is what this patch does. Signed-off-by: Ian Rogers <irogers@google.com> Cc: Adrian Hunter <adrian.hunter@intel.com> Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Jiri Olsa <jolsa@kernel.org> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Peter Zijlstra <peterz@infradead.org> Link: http://lore.kernel.org/lkml/20230420030430.489243-1-irogers@google.com Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
101 lines
3 KiB
C
101 lines
3 KiB
C
// SPDX-License-Identifier: GPL-2.0
|
|
#include "tests.h"
|
|
#include "machine.h"
|
|
#include "thread.h"
|
|
#include "debug.h"
|
|
|
|
static int test__thread_maps_share(struct test_suite *test __maybe_unused, int subtest __maybe_unused)
|
|
{
|
|
struct machines machines;
|
|
struct machine *machine;
|
|
|
|
/* thread group */
|
|
struct thread *leader;
|
|
struct thread *t1, *t2, *t3;
|
|
struct maps *maps;
|
|
|
|
/* other process */
|
|
struct thread *other, *other_leader;
|
|
struct maps *other_maps;
|
|
|
|
/*
|
|
* This test create 2 processes abstractions (struct thread)
|
|
* with several threads and checks they properly share and
|
|
* maintain maps info (struct maps).
|
|
*
|
|
* thread group (pid: 0, tids: 0, 1, 2, 3)
|
|
* other group (pid: 4, tids: 4, 5)
|
|
*/
|
|
|
|
machines__init(&machines);
|
|
machine = &machines.host;
|
|
|
|
/* create process with 4 threads */
|
|
leader = machine__findnew_thread(machine, 0, 0);
|
|
t1 = machine__findnew_thread(machine, 0, 1);
|
|
t2 = machine__findnew_thread(machine, 0, 2);
|
|
t3 = machine__findnew_thread(machine, 0, 3);
|
|
|
|
/* and create 1 separated process, without thread leader */
|
|
other = machine__findnew_thread(machine, 4, 5);
|
|
|
|
TEST_ASSERT_VAL("failed to create threads",
|
|
leader && t1 && t2 && t3 && other);
|
|
|
|
maps = leader->maps;
|
|
TEST_ASSERT_EQUAL("wrong refcnt", refcount_read(maps__refcnt(maps)), 4);
|
|
|
|
/* test the maps pointer is shared */
|
|
TEST_ASSERT_VAL("maps don't match", RC_CHK_ACCESS(maps) == RC_CHK_ACCESS(t1->maps));
|
|
TEST_ASSERT_VAL("maps don't match", RC_CHK_ACCESS(maps) == RC_CHK_ACCESS(t2->maps));
|
|
TEST_ASSERT_VAL("maps don't match", RC_CHK_ACCESS(maps) == RC_CHK_ACCESS(t3->maps));
|
|
|
|
/*
|
|
* Verify the other leader was created by previous call.
|
|
* It should have shared maps with no change in
|
|
* refcnt.
|
|
*/
|
|
other_leader = machine__find_thread(machine, 4, 4);
|
|
TEST_ASSERT_VAL("failed to find other leader", other_leader);
|
|
|
|
/*
|
|
* Ok, now that all the rbtree related operations were done,
|
|
* lets remove all of them from there so that we can do the
|
|
* refcounting tests.
|
|
*/
|
|
machine__remove_thread(machine, leader);
|
|
machine__remove_thread(machine, t1);
|
|
machine__remove_thread(machine, t2);
|
|
machine__remove_thread(machine, t3);
|
|
machine__remove_thread(machine, other);
|
|
machine__remove_thread(machine, other_leader);
|
|
|
|
other_maps = other->maps;
|
|
TEST_ASSERT_EQUAL("wrong refcnt", refcount_read(maps__refcnt(other_maps)), 2);
|
|
|
|
TEST_ASSERT_VAL("maps don't match", RC_CHK_ACCESS(other_maps) == RC_CHK_ACCESS(other_leader->maps));
|
|
|
|
/* release thread group */
|
|
thread__put(t3);
|
|
TEST_ASSERT_EQUAL("wrong refcnt", refcount_read(maps__refcnt(maps)), 3);
|
|
|
|
thread__put(t2);
|
|
TEST_ASSERT_EQUAL("wrong refcnt", refcount_read(maps__refcnt(maps)), 2);
|
|
|
|
thread__put(t1);
|
|
TEST_ASSERT_EQUAL("wrong refcnt", refcount_read(maps__refcnt(maps)), 1);
|
|
|
|
thread__put(leader);
|
|
|
|
/* release other group */
|
|
thread__put(other_leader);
|
|
TEST_ASSERT_EQUAL("wrong refcnt", refcount_read(maps__refcnt(other_maps)), 1);
|
|
|
|
thread__put(other);
|
|
|
|
machines__exit(&machines);
|
|
return 0;
|
|
}
|
|
|
|
DEFINE_SUITE("Share thread maps", thread_maps_share);
|