From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 14 Feb 2022 07:25:55 +0000 (+0100)
Subject: 5.4-stable patches
X-Git-Tag: v4.9.302~10
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=61a6622e896bc9559df87be492fd3933f468ad67;p=thirdparty%2Fkernel%2Fstable-queue.git

5.4-stable patches

added patches:
	perf-fix-list-corruption-in-perf_cgroup_switch.patch
---

diff --git a/queue-5.4/perf-fix-list-corruption-in-perf_cgroup_switch.patch b/queue-5.4/perf-fix-list-corruption-in-perf_cgroup_switch.patch
new file mode 100644
index 00000000000..8c0a025e175
--- /dev/null
+++ b/queue-5.4/perf-fix-list-corruption-in-perf_cgroup_switch.patch
@@ -0,0 +1,52 @@
+From 5f4e5ce638e6a490b976ade4a40017b40abb2da0 Mon Sep 17 00:00:00 2001
+From: Song Liu <song@kernel.org>
+Date: Thu, 3 Feb 2022 16:40:57 -0800
+Subject: perf: Fix list corruption in perf_cgroup_switch()
+
+From: Song Liu <song@kernel.org>
+
+commit 5f4e5ce638e6a490b976ade4a40017b40abb2da0 upstream.
+
+There's list corruption on cgrp_cpuctx_list. This happens on the
+following path:
+
+  perf_cgroup_switch: list_for_each_entry(cgrp_cpuctx_list)
+      cpu_ctx_sched_in
+         ctx_sched_in
+            ctx_pinned_sched_in
+              merge_sched_in
+                  perf_cgroup_event_disable: remove the event from the list
+
+Use list_for_each_entry_safe() to allow removing an entry during
+iteration.
+
+Fixes: 058fe1c0440e ("perf/core: Make cgroup switch visit only cpuctxs with cgroup events")
+Signed-off-by: Song Liu <song@kernel.org>
+Reviewed-by: Rik van Riel <riel@surriel.com>
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Link: https://lkml.kernel.org/r/20220204004057.2961252-1-song@kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/events/core.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/kernel/events/core.c
++++ b/kernel/events/core.c
+@@ -799,7 +799,7 @@ static DEFINE_PER_CPU(struct list_head,
+  */
+ static void perf_cgroup_switch(struct task_struct *task, int mode)
+ {
+-	struct perf_cpu_context *cpuctx;
++	struct perf_cpu_context *cpuctx, *tmp;
+ 	struct list_head *list;
+ 	unsigned long flags;
+ 
+@@ -810,7 +810,7 @@ static void perf_cgroup_switch(struct ta
+ 	local_irq_save(flags);
+ 
+ 	list = this_cpu_ptr(&cgrp_cpuctx_list);
+-	list_for_each_entry(cpuctx, list, cgrp_cpuctx_entry) {
++	list_for_each_entry_safe(cpuctx, tmp, list, cgrp_cpuctx_entry) {
+ 		WARN_ON_ONCE(cpuctx->ctx.nr_cgroups == 0);
+ 
+ 		perf_ctx_lock(cpuctx, cpuctx->task_ctx);
diff --git a/queue-5.4/series b/queue-5.4/series
index e96da9335fa..1e90ec5bc7a 100644
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -67,3 +67,4 @@ usb-serial-cp210x-add-cpi-bulk-coin-recycler-id.patch
 seccomp-invalidate-seccomp-mode-to-catch-death-failures.patch
 hwmon-dell-smm-speed-up-setting-of-fan-speed.patch
 scsi-lpfc-remove-nvme-support-if-kernel-has-nvme_fc-disabled.patch
+perf-fix-list-corruption-in-perf_cgroup_switch.patch