From: Oleg Nesterov <oleg@redhat.com>
To: Alan Stern <stern@rowland.harvard.edu>,
Arnaldo Carvalho de Melo <acme@redhat.com>,
Frederic Weisbecker <fweisbec@gmail.com>,
Ingo Molnar <mingo@elte.hu>, Paul Mackerras <paulus@samba.org>,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
Prasad <prasad@linux.vnet.ibm.com>,
Roland McGrath <roland@redhat.com>
Cc: linux-kernel@vger.kernel.org
Subject: [PATCH 1/2] perf: fix find_get_context() vs perf_event_exit_task() race
Date: Wed, 19 Jan 2011 19:22:07 +0100 [thread overview]
Message-ID: <20110119182207.GB12183@redhat.com> (raw)
In-Reply-To: <20110119182141.GA12183@redhat.com>
find_get_context() must not install the new perf_event_context if the
task has already passed perf_event_exit_task().
If nothing else, this means the memory leak. Initially ctx->refcount == 2,
it is supposed that perf_event_exit_task_context() should participate and
do the necessary put_ctx().
find_lively_task_by_vpid() checks PF_EXITING but this buys nothing, by the
time we call find_get_context() this task can be already dead. To the point,
cmpxchg() can succeed when the task has already done the last schedule().
Change find_get_context() to populate task->perf_event_ctxp[] under
task->perf_event_mutex, this way we can trust PF_EXITING because
perf_event_exit_task() takes the same mutex.
Also, change perf_event_exit_task_context() to use rcu_dereference().
Probably this is not strictly needed, but with or without this change
find_get_context() can race with setup_new_exec()->perf_event_exit_task(),
rcu_dereference() looks better.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
---
kernel/perf_event.c | 34 ++++++++++++++++++++--------------
1 file changed, 20 insertions(+), 14 deletions(-)
--- git/kernel/perf_event.c~3_find_get_context_vs_exit 2011-01-18 16:57:08.000000000 +0100
+++ git/kernel/perf_event.c 2011-01-19 17:41:16.000000000 +0100
@@ -2201,13 +2201,6 @@ find_lively_task_by_vpid(pid_t vpid)
if (!task)
return ERR_PTR(-ESRCH);
- /*
- * Can't attach events to a dying task.
- */
- err = -ESRCH;
- if (task->flags & PF_EXITING)
- goto errout;
-
/* Reuse ptrace permission checks for now. */
err = -EACCES;
if (!ptrace_may_access(task, PTRACE_MODE_READ))
@@ -2268,14 +2261,27 @@ retry:
get_ctx(ctx);
- if (cmpxchg(&task->perf_event_ctxp[ctxn], NULL, ctx)) {
- /*
- * We raced with some other task; use
- * the context they set.
- */
+ err = 0;
+ mutex_lock(&task->perf_event_mutex);
+ /*
+ * If it has already passed perf_event_exit_task().
+ * we must see PF_EXITING, it takes this mutex too.
+ */
+ if (task->flags & PF_EXITING)
+ err = -ESRCH;
+ else if (task->perf_event_ctxp[ctxn])
+ err = -EAGAIN;
+ else
+ rcu_assign_pointer(task->perf_event_ctxp[ctxn], ctx);
+ mutex_unlock(&task->perf_event_mutex);
+
+ if (unlikely(err)) {
put_task_struct(task);
kfree(ctx);
- goto retry;
+
+ if (err == -EAGAIN)
+ goto retry;
+ goto errout;
}
}
@@ -6127,7 +6133,7 @@ static void perf_event_exit_task_context
* scheduled, so we are now safe from rescheduling changing
* our context.
*/
- child_ctx = child->perf_event_ctxp[ctxn];
+ child_ctx = rcu_dereference(child->perf_event_ctxp[ctxn]);
task_ctx_sched_out(child_ctx, EVENT_ALL);
/*
next prev parent reply other threads:[~2011-01-19 18:30 UTC|newest]
Thread overview: 91+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-11-08 14:56 Q: perf_event && task->ptrace_bps[] Oleg Nesterov
2010-11-08 14:57 ` Q: sys_perf_event_open() && PF_EXITING Oleg Nesterov
2011-01-19 18:21 ` [PATCH 0/2] Was: " Oleg Nesterov
2011-01-19 18:22 ` Oleg Nesterov [this message]
2011-01-19 18:49 ` [PATCH 1/2] perf: fix find_get_context() vs perf_event_exit_task() race Peter Zijlstra
2011-01-19 19:18 ` [tip:perf/urgent] perf: Fix " tip-bot for Oleg Nesterov
2011-01-21 15:29 ` Ingo Molnar
2011-01-21 15:53 ` Oleg Nesterov
2011-01-21 17:45 ` [PATCH] perf: perf_event_exit_task_context: s/rcu_dereference/rcu_dereference_raw/ Oleg Nesterov
2011-01-21 17:53 ` Oleg Nesterov
2011-01-21 21:50 ` Paul E. McKenney
2011-01-24 11:51 ` Oleg Nesterov
2011-01-21 22:12 ` [tip:perf/urgent] " tip-bot for Oleg Nesterov
2011-01-19 18:22 ` [PATCH 2/2] perf: fix perf_event_init_task()/perf_event_free_task() interaction Oleg Nesterov
2011-01-19 18:51 ` Peter Zijlstra
2011-01-19 19:19 ` [tip:perf/urgent] perf: Fix " tip-bot for Oleg Nesterov
2011-01-20 19:30 ` Q: perf_install_in_context/perf_event_enable are racy? Oleg Nesterov
2011-01-21 12:11 ` Peter Zijlstra
2011-01-21 13:03 ` Ingo Molnar
2011-01-21 13:39 ` Peter Zijlstra
2011-01-21 14:26 ` Oleg Nesterov
2011-01-21 15:05 ` Peter Zijlstra
2011-01-21 20:40 ` Frederic Weisbecker
2011-01-24 11:42 ` Oleg Nesterov
2011-01-26 17:53 ` Oleg Nesterov
2011-01-26 18:49 ` Oleg Nesterov
2011-01-26 18:51 ` [PATCH] fix the theoretical task_cpu/task_curr problem in kick_process/task_oncpu_function_call Oleg Nesterov
2011-01-26 19:05 ` Q: perf_install_in_context/perf_event_enable are racy? Peter Zijlstra
2011-01-26 19:33 ` Peter Zijlstra
2011-01-26 19:38 ` Peter Zijlstra
2011-01-26 21:19 ` Oleg Nesterov
2011-01-26 21:33 ` Oleg Nesterov
2011-01-27 10:32 ` Peter Zijlstra
2011-01-27 12:29 ` Peter Zijlstra
2011-01-27 16:10 ` Oleg Nesterov
2011-01-27 16:27 ` Peter Zijlstra
2011-01-27 16:59 ` Oleg Nesterov
2011-01-27 15:52 ` Oleg Nesterov
2011-01-27 13:14 ` Peter Zijlstra
2011-01-27 14:28 ` Peter Zijlstra
2011-01-27 14:58 ` Peter Zijlstra
2011-01-27 16:57 ` Oleg Nesterov
2011-01-27 17:11 ` Peter Zijlstra
2011-01-27 22:18 ` Oleg Nesterov
2011-01-28 11:52 ` Peter Zijlstra
2011-01-28 14:57 ` Peter Zijlstra
2011-01-28 16:28 ` Oleg Nesterov
2011-01-28 18:11 ` Peter Zijlstra
2011-01-31 17:26 ` Oleg Nesterov
2011-01-31 18:23 ` Peter Zijlstra
2011-01-31 19:11 ` Oleg Nesterov
2011-01-31 19:29 ` Peter Zijlstra
2011-02-01 14:03 ` [PATCH] perf: Cure task_oncpu_function_call() races Peter Zijlstra
2011-02-01 17:27 ` Oleg Nesterov
2011-02-01 18:08 ` Peter Zijlstra
2011-02-01 18:18 ` Peter Zijlstra
2011-02-01 21:00 ` Peter Zijlstra
2010-11-08 14:57 ` Q: perf_event && event->owner Oleg Nesterov
2010-11-08 20:11 ` Frederic Weisbecker
2010-11-08 20:41 ` Peter Zijlstra
2010-11-09 16:18 ` Oleg Nesterov
2010-11-09 15:57 ` Oleg Nesterov
2010-11-09 16:56 ` Peter Zijlstra
2010-11-09 16:58 ` Oleg Nesterov
2010-11-09 17:07 ` Peter Zijlstra
2010-11-09 17:42 ` Oleg Nesterov
2010-11-09 18:01 ` Peter Zijlstra
2010-11-09 18:57 ` Oleg Nesterov
2010-11-09 19:16 ` Peter Zijlstra
2010-11-10 15:17 ` Peter Zijlstra
2010-11-10 15:44 ` Oleg Nesterov
2010-11-12 15:48 ` Peter Zijlstra
2010-11-12 18:49 ` Oleg Nesterov
2010-11-18 14:09 ` [tip:perf/urgent] perf: Fix owner-list vs exit tip-bot for Peter Zijlstra
2010-11-08 18:41 ` Q: perf_event && task->ptrace_bps[] Frederic Weisbecker
2010-11-08 19:18 ` Oleg Nesterov
2011-01-17 23:58 ` Frederic Weisbecker
2011-01-18 1:16 ` Roland McGrath
2011-01-17 20:34 ` Oleg Nesterov
2011-01-17 20:52 ` Peter Zijlstra
2011-01-17 21:01 ` Frederic Weisbecker
2011-01-18 16:09 ` [PATCH 0/2] perf: event->cpu checking fixes Oleg Nesterov
2011-01-18 16:10 ` [PATCH 1/2] perf: find_get_context: fix the per-cpu-counter check Oleg Nesterov
2011-01-18 19:06 ` [tip:perf/urgent] perf: Find_get_context: " tip-bot for Oleg Nesterov
2011-01-18 16:10 ` [PATCH 2/2] perf: validate cpu early in perf_event_alloc() Oleg Nesterov
2011-01-18 19:07 ` [tip:perf/urgent] perf: Validate " tip-bot for Oleg Nesterov
2011-01-18 18:42 ` Q: perf_event && task->ptrace_bps[] Frederic Weisbecker
2011-01-19 15:37 ` Oleg Nesterov
2011-01-19 20:05 ` Frederic Weisbecker
2011-01-20 17:28 ` Oleg Nesterov
2011-01-28 17:41 ` Frederic Weisbecker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110119182207.GB12183@redhat.com \
--to=oleg@redhat.com \
--cc=a.p.zijlstra@chello.nl \
--cc=acme@redhat.com \
--cc=fweisbec@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=paulus@samba.org \
--cc=prasad@linux.vnet.ibm.com \
--cc=roland@redhat.com \
--cc=stern@rowland.harvard.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.