From: Jiri Olsa <jolsa@redhat.com>
To: Peter Zijlstra <peterz@infradead.org>
Cc: CAI Qian <caiqian@redhat.com>, Rob Herring <robh@kernel.org>,
Kan Liang <kan.liang@intel.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
Ingo Molnar <mingo@kernel.org>
Subject: [PATCH] perf: Protect pmu device removal with pmu_bus_running check CONFIG_DEBUG_TEST_DRIVER_REMOVE kernel panic
Date: Thu, 20 Oct 2016 13:10:11 +0200 [thread overview]
Message-ID: <20161020111011.GA13361@krava> (raw)
In-Reply-To: <20161020094259.GA14853@krava>
On Thu, Oct 20, 2016 at 11:42:59AM +0200, Jiri Olsa wrote:
> On Thu, Oct 20, 2016 at 11:04:16AM +0200, Peter Zijlstra wrote:
> > On Thu, Oct 20, 2016 at 10:58:03AM +0200, Jiri Olsa wrote:
> >
> > > @@ -8869,11 +8869,15 @@ void perf_pmu_unregister(struct pmu *pmu)
> > > free_percpu(pmu->pmu_disable_count);
> > > if (pmu->type >= PERF_TYPE_MAX)
> > > idr_remove(&pmu_idr, pmu->type);
> > > - if (pmu->nr_addr_filters)
> > > - device_remove_file(pmu->dev, &dev_attr_nr_addr_filters);
> > > - device_del(pmu->dev);
> > > - put_device(pmu->dev);
> > > + mutex_lock(&pmus_lock);
> > > + if (pmu_bus_running) {
> > > + if (pmu->nr_addr_filters)
> > > + device_remove_file(pmu->dev, &dev_attr_nr_addr_filters);
> > > + device_del(pmu->dev);
> > > + put_device(pmu->dev);
> > > + }
> > > free_pmu_context(pmu);
> > > + mutex_unlock(&pmus_lock);
> > > }
> > > EXPORT_SYMBOL_GPL(perf_pmu_unregister);
> >
> > I think that is still racy..
> >
> >
> > unregister: sysfs_init:
> >
> > mutex_lock(&pmus_lock);
> > list_del_rcu(&pmu->entry);
> > mutex_unlock(&pmus_lock);
> >
> > synchronize_*rcu();
> >
> > mutex_lock(&pmus_lock);
> > list_for_each_entry(pmu, &pmus, entry) {
> > /* add device muck */
>
> ah, I thought this part would add the device back.. but it's
> already out of the pmu list.. right :-\
attached fix, thanks
jirka
---
CAI Qian reported crash [1] in uncore device removal related
to CONFIG_DEBUG_TEST_DRIVER_REMOVE option.
The reason for crash is that perf_pmu_unregister tries to remove
pmu device which is not added at this point. We add pmu devices
only after pmu_bus is registered which happens in perf_event_sysfs_init
init call and sets pmu_bus_running flag.
The fix is to get the pmu_bus_running flag state at the point
the pmu is taken out of the pmus list and remove the device
later only if it's set.
[1] https://marc.info/?l=linux-kernel&m=147688837328451
Reported-by: CAI Qian <caiqian@redhat.com>
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
---
kernel/events/core.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/kernel/events/core.c b/kernel/events/core.c
index c6e47e97b33f..a5d2e62faf7e 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -8855,7 +8855,10 @@ EXPORT_SYMBOL_GPL(perf_pmu_register);
void perf_pmu_unregister(struct pmu *pmu)
{
+ int remove_device;
+
mutex_lock(&pmus_lock);
+ remove_device = pmu_bus_running;
list_del_rcu(&pmu->entry);
mutex_unlock(&pmus_lock);
@@ -8869,10 +8872,12 @@ void perf_pmu_unregister(struct pmu *pmu)
free_percpu(pmu->pmu_disable_count);
if (pmu->type >= PERF_TYPE_MAX)
idr_remove(&pmu_idr, pmu->type);
- if (pmu->nr_addr_filters)
- device_remove_file(pmu->dev, &dev_attr_nr_addr_filters);
- device_del(pmu->dev);
- put_device(pmu->dev);
+ if (remove_device) {
+ if (pmu->nr_addr_filters)
+ device_remove_file(pmu->dev, &dev_attr_nr_addr_filters);
+ device_del(pmu->dev);
+ put_device(pmu->dev);
+ }
free_pmu_context(pmu);
}
EXPORT_SYMBOL_GPL(perf_pmu_unregister);
--
2.7.4
next prev parent reply other threads:[~2016-10-20 11:10 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <907882571.66590.1476113724660.JavaMail.zimbra@redhat.com>
2016-10-10 15:37 ` kasan inline + CONFIG_DEBUG_TEST_DRIVER_REMOVE kernel panic CAI Qian
2016-10-10 17:09 ` Rob Herring
2016-10-10 18:25 ` CAI Qian
2016-10-10 17:20 ` Greg Kroah-Hartman
2016-10-10 18:15 ` Rob Herring
2016-10-10 18:22 ` CAI Qian
2016-10-10 19:34 ` Rob Herring
2016-10-10 20:09 ` CAI Qian
2016-10-19 14:45 ` [4.9-rc1+] intel_uncore builtin " CAI Qian
2016-10-19 19:19 ` Jiri Olsa
2016-10-19 20:18 ` CAI Qian
2016-10-20 5:39 ` Peter Zijlstra
2016-10-20 8:58 ` Jiri Olsa
2016-10-20 9:04 ` Peter Zijlstra
2016-10-20 9:42 ` Jiri Olsa
2016-10-20 11:10 ` Jiri Olsa [this message]
2016-10-20 14:30 ` [PATCH] perf: Protect pmu device removal with pmu_bus_running check " CAI Qian
2016-10-28 10:10 ` [tip:perf/urgent] perf/core: Protect PMU device removal with a 'pmu_bus_running' check, to fix CONFIG_DEBUG_TEST_DRIVER_REMOVE=y " tip-bot for Jiri Olsa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161020111011.GA13361@krava \
--to=jolsa@redhat.com \
--cc=caiqian@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=kan.liang@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=peterz@infradead.org \
--cc=robh@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.