* [PATCH 0/2] x86/perf: A CR4.PCE bugfix and clarification
@ 2017-03-16 19:59 Andy Lutomirski
2017-03-16 19:59 ` [PATCH 1/2] x86/perf: Fix CR4.PCE propagation to use active_mm instead of mm Andy Lutomirski
2017-03-16 19:59 ` [PATCH 2/2] x86/perf: Clarify why x86_pmu_event_mapped() isn't racy Andy Lutomirski
0 siblings, 2 replies; 5+ messages in thread
From: Andy Lutomirski @ 2017-03-16 19:59 UTC (permalink / raw)
To: X86 ML; +Cc: linux-kernel, Borislav Petkov, Vince Weaver, Andy Lutomirski
Hi all-
Vince found a bug in our CR4.PCE handling. While investigating, I
found what looked like another bug but actually wasn't.
Here's a fix for the bug (cc'd to stable) and a comment and lockdep
annotation for why the other non-bug isn't actually a bug.
Andy Lutomirski (2):
x86/perf: Fix CR4.PCE propagation to use active_mm instead of mm
x86/perf: Clarify why x86_pmu_event_mapped() isn't racy
arch/x86/events/core.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
--
2.9.3
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 1/2] x86/perf: Fix CR4.PCE propagation to use active_mm instead of mm
2017-03-16 19:59 [PATCH 0/2] x86/perf: A CR4.PCE bugfix and clarification Andy Lutomirski
@ 2017-03-16 19:59 ` Andy Lutomirski
2017-03-17 10:16 ` [tip:perf/urgent] " tip-bot for Andy Lutomirski
2017-03-16 19:59 ` [PATCH 2/2] x86/perf: Clarify why x86_pmu_event_mapped() isn't racy Andy Lutomirski
1 sibling, 1 reply; 5+ messages in thread
From: Andy Lutomirski @ 2017-03-16 19:59 UTC (permalink / raw)
To: X86 ML
Cc: linux-kernel, Borislav Petkov, Vince Weaver, Andy Lutomirski, stable
If one thread mmaps a perf event while another thread in the same mm
is in some context where active_mm != mm (which can happen in the
scheduler, for example), refresh_pce() would write the wrong value
to CR4.PCE. This broke some PAPI tests.
Cc: stable@vger.kernel.org
Fixes: 7911d3f7af14 ("perf/x86: Only allow rdpmc if a perf_event is mapped")
Reported-and-tested-by: Vince Weaver <vincent.weaver@maine.edu>
Signed-off-by: Andy Lutomirski <luto@kernel.org>
---
arch/x86/events/core.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c
index 349d4d17aa7f..4f564df73b8f 100644
--- a/arch/x86/events/core.c
+++ b/arch/x86/events/core.c
@@ -2101,8 +2101,8 @@ static int x86_pmu_event_init(struct perf_event *event)
static void refresh_pce(void *ignored)
{
- if (current->mm)
- load_mm_cr4(current->mm);
+ if (current->active_mm)
+ load_mm_cr4(current->active_mm);
}
static void x86_pmu_event_mapped(struct perf_event *event)
--
2.9.3
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 2/2] x86/perf: Clarify why x86_pmu_event_mapped() isn't racy
2017-03-16 19:59 [PATCH 0/2] x86/perf: A CR4.PCE bugfix and clarification Andy Lutomirski
2017-03-16 19:59 ` [PATCH 1/2] x86/perf: Fix CR4.PCE propagation to use active_mm instead of mm Andy Lutomirski
@ 2017-03-16 19:59 ` Andy Lutomirski
2017-03-17 10:17 ` [tip:perf/urgent] " tip-bot for Andy Lutomirski
1 sibling, 1 reply; 5+ messages in thread
From: Andy Lutomirski @ 2017-03-16 19:59 UTC (permalink / raw)
To: X86 ML; +Cc: linux-kernel, Borislav Petkov, Vince Weaver, Andy Lutomirski
Naively, it looks racy, but mmap_sem saves it. Add a comment and a
lockdep assertion.
Signed-off-by: Andy Lutomirski <luto@kernel.org>
---
arch/x86/events/core.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c
index 4f564df73b8f..2aa1ad194db2 100644
--- a/arch/x86/events/core.c
+++ b/arch/x86/events/core.c
@@ -2110,6 +2110,18 @@ static void x86_pmu_event_mapped(struct perf_event *event)
if (!(event->hw.flags & PERF_X86_EVENT_RDPMC_ALLOWED))
return;
+ /*
+ * This function relies on not being called concurrently in two
+ * tasks in the same mm. Otherwise one task could observe
+ * perf_rdpmc_allowed > 1 and return all the way back to
+ * userspace with CR4.PCE clear while another task is still
+ * doing on_each_cpu_mask() to propagate CR4.PCE.
+ *
+ * For now, this can't happen because all callers hold mmap_sem
+ * for write. If this changes, we'll need a different solution.
+ */
+ lockdep_assert_held_exclusive(¤t->mm->mmap_sem);
+
if (atomic_inc_return(¤t->mm->context.perf_rdpmc_allowed) == 1)
on_each_cpu_mask(mm_cpumask(current->mm), refresh_pce, NULL, 1);
}
--
2.9.3
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [tip:perf/urgent] x86/perf: Fix CR4.PCE propagation to use active_mm instead of mm
2017-03-16 19:59 ` [PATCH 1/2] x86/perf: Fix CR4.PCE propagation to use active_mm instead of mm Andy Lutomirski
@ 2017-03-17 10:16 ` tip-bot for Andy Lutomirski
0 siblings, 0 replies; 5+ messages in thread
From: tip-bot for Andy Lutomirski @ 2017-03-17 10:16 UTC (permalink / raw)
To: linux-tip-commits
Cc: luto, mingo, acme, vincent.weaver, eranian, hpa, peterz,
alexander.shishkin, torvalds, tglx, bpetkov, linux-kernel, jolsa
Commit-ID: 5dc855d44c2ad960a86f593c60461f1ae1566b6d
Gitweb: http://git.kernel.org/tip/5dc855d44c2ad960a86f593c60461f1ae1566b6d
Author: Andy Lutomirski <luto@kernel.org>
AuthorDate: Thu, 16 Mar 2017 12:59:39 -0700
Committer: Ingo Molnar <mingo@kernel.org>
CommitDate: Fri, 17 Mar 2017 08:28:26 +0100
x86/perf: Fix CR4.PCE propagation to use active_mm instead of mm
If one thread mmaps a perf event while another thread in the same mm
is in some context where active_mm != mm (which can happen in the
scheduler, for example), refresh_pce() would write the wrong value
to CR4.PCE. This broke some PAPI tests.
Reported-and-tested-by: Vince Weaver <vincent.weaver@maine.edu>
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Borislav Petkov <bpetkov@suse.de>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Fixes: 7911d3f7af14 ("perf/x86: Only allow rdpmc if a perf_event is mapped")
Link: http://lkml.kernel.org/r/0c5b38a76ea50e405f9abe07a13dfaef87c173a1.1489694270.git.luto@kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
arch/x86/events/core.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c
index 1635c0c..e07b36c 100644
--- a/arch/x86/events/core.c
+++ b/arch/x86/events/core.c
@@ -2100,8 +2100,8 @@ static int x86_pmu_event_init(struct perf_event *event)
static void refresh_pce(void *ignored)
{
- if (current->mm)
- load_mm_cr4(current->mm);
+ if (current->active_mm)
+ load_mm_cr4(current->active_mm);
}
static void x86_pmu_event_mapped(struct perf_event *event)
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [tip:perf/urgent] x86/perf: Clarify why x86_pmu_event_mapped() isn't racy
2017-03-16 19:59 ` [PATCH 2/2] x86/perf: Clarify why x86_pmu_event_mapped() isn't racy Andy Lutomirski
@ 2017-03-17 10:17 ` tip-bot for Andy Lutomirski
0 siblings, 0 replies; 5+ messages in thread
From: tip-bot for Andy Lutomirski @ 2017-03-17 10:17 UTC (permalink / raw)
To: linux-tip-commits
Cc: torvalds, alexander.shishkin, linux-kernel, bpetkov, luto, tglx,
vincent.weaver, eranian, jolsa, hpa, mingo, peterz, acme
Commit-ID: 4b07372a32c0c1505a7634ad7e607d83340ef645
Gitweb: http://git.kernel.org/tip/4b07372a32c0c1505a7634ad7e607d83340ef645
Author: Andy Lutomirski <luto@kernel.org>
AuthorDate: Thu, 16 Mar 2017 12:59:40 -0700
Committer: Ingo Molnar <mingo@kernel.org>
CommitDate: Fri, 17 Mar 2017 08:28:26 +0100
x86/perf: Clarify why x86_pmu_event_mapped() isn't racy
Naively, it looks racy, but ->mmap_sem saves it. Add a comment and a
lockdep assertion.
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Borislav Petkov <bpetkov@suse.de>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vince Weaver <vincent.weaver@maine.edu>
Link: http://lkml.kernel.org/r/03a1e629063899168dfc4707f3bb6e581e21f5c6.1489694270.git.luto@kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
arch/x86/events/core.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c
index e07b36c..183a972 100644
--- a/arch/x86/events/core.c
+++ b/arch/x86/events/core.c
@@ -2109,6 +2109,18 @@ static void x86_pmu_event_mapped(struct perf_event *event)
if (!(event->hw.flags & PERF_X86_EVENT_RDPMC_ALLOWED))
return;
+ /*
+ * This function relies on not being called concurrently in two
+ * tasks in the same mm. Otherwise one task could observe
+ * perf_rdpmc_allowed > 1 and return all the way back to
+ * userspace with CR4.PCE clear while another task is still
+ * doing on_each_cpu_mask() to propagate CR4.PCE.
+ *
+ * For now, this can't happen because all callers hold mmap_sem
+ * for write. If this changes, we'll need a different solution.
+ */
+ lockdep_assert_held_exclusive(¤t->mm->mmap_sem);
+
if (atomic_inc_return(¤t->mm->context.perf_rdpmc_allowed) == 1)
on_each_cpu_mask(mm_cpumask(current->mm), refresh_pce, NULL, 1);
}
^ permalink raw reply related [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-03-17 10:43 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-03-16 19:59 [PATCH 0/2] x86/perf: A CR4.PCE bugfix and clarification Andy Lutomirski
2017-03-16 19:59 ` [PATCH 1/2] x86/perf: Fix CR4.PCE propagation to use active_mm instead of mm Andy Lutomirski
2017-03-17 10:16 ` [tip:perf/urgent] " tip-bot for Andy Lutomirski
2017-03-16 19:59 ` [PATCH 2/2] x86/perf: Clarify why x86_pmu_event_mapped() isn't racy Andy Lutomirski
2017-03-17 10:17 ` [tip:perf/urgent] " tip-bot for Andy Lutomirski
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).