From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Oleg Nesterov <oleg@redhat.com>,
"Peter Zijlstra (Intel)" <peterz@infradead.org>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Andrew Morton <akpm@linux-foundation.org>,
Andy Lutomirski <luto@amacapital.net>,
Borislav Petkov <bp@alien8.de>, Brian Gerst <brgerst@gmail.com>,
Denys Vlasenko <dvlasenk@redhat.com>,
"H. Peter Anvin" <hpa@zytor.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
"Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
Thomas Gleixner <tglx@linutronix.de>,
dave@stgolabs.net, der.herr@hofr.at, josh@joshtriplett.org,
tj@kernel.org, Ingo Molnar <mingo@kernel.org>
Subject: [PATCH 4.1 02/11] perf: Fix ring_buffer_attach() RCU sync, again
Date: Fri, 26 Jun 2015 18:09:05 -0700 [thread overview]
Message-ID: <20150627010859.911919392@linuxfoundation.org> (raw)
In-Reply-To: <20150627010859.834155797@linuxfoundation.org>
4.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Oleg Nesterov <oleg@redhat.com>
commit 2f993cf093643b98477c421fa2b9a98dcc940323 upstream.
While looking for other users of get_state/cond_sync. I Found
ring_buffer_attach() and it looks obviously buggy?
Don't we need to ensure that we have "synchronize" _between_
list_del() and list_add() ?
IOW. Suppose that ring_buffer_attach() preempts right_after
get_state_synchronize_rcu() and gp completes before spin_lock().
In this case cond_synchronize_rcu() does nothing and we reuse
->rb_entry without waiting for gp in between?
It also moves the ->rcu_pending check under "if (rb)", to make it
more readable imo.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: dave@stgolabs.net
Cc: der.herr@hofr.at
Cc: josh@joshtriplett.org
Cc: tj@kernel.org
Fixes: b69cf53640da ("perf: Fix a race between ring_buffer_detach() and ring_buffer_attach()")
Link: http://lkml.kernel.org/r/20150530200425.GA15748@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/events/core.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -4331,20 +4331,20 @@ static void ring_buffer_attach(struct pe
WARN_ON_ONCE(event->rcu_pending);
old_rb = event->rb;
- event->rcu_batches = get_state_synchronize_rcu();
- event->rcu_pending = 1;
-
spin_lock_irqsave(&old_rb->event_lock, flags);
list_del_rcu(&event->rb_entry);
spin_unlock_irqrestore(&old_rb->event_lock, flags);
- }
- if (event->rcu_pending && rb) {
- cond_synchronize_rcu(event->rcu_batches);
- event->rcu_pending = 0;
+ event->rcu_batches = get_state_synchronize_rcu();
+ event->rcu_pending = 1;
}
if (rb) {
+ if (event->rcu_pending) {
+ cond_synchronize_rcu(event->rcu_batches);
+ event->rcu_pending = 0;
+ }
+
spin_lock_irqsave(&rb->event_lock, flags);
list_add_rcu(&event->rb_entry, &rb->event_list);
spin_unlock_irqrestore(&rb->event_lock, flags);
next prev parent reply other threads:[~2015-06-27 1:12 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-27 1:09 [PATCH 4.1 00/11] 4.1.1-stable review Greg Kroah-Hartman
2015-06-27 1:09 ` [PATCH 4.1 01/11] x86/boot: Fix overflow warning with 32-bit binutils Greg Kroah-Hartman
2015-06-27 1:09 ` Greg Kroah-Hartman [this message]
2015-06-27 1:09 ` [PATCH 4.1 03/11] perf/x86: Add more Broadwell model numbers Greg Kroah-Hartman
2015-06-27 1:09 ` [PATCH 4.1 04/11] perf/x86/intel/bts: Fix DS area sharing with x86_pmu events Greg Kroah-Hartman
2015-06-27 1:09 ` [PATCH 4.1 05/11] perf/x86: Honor the architectural performance monitoring version Greg Kroah-Hartman
2015-06-27 1:09 ` [PATCH 4.1 06/11] perf tools: Fix build breakage if prefix= is specified Greg Kroah-Hartman
2015-06-27 1:09 ` [PATCH 4.1 07/11] Bluetooth: ath3k: Add support of 04ca:300d AR3012 device Greg Kroah-Hartman
2015-06-27 1:09 ` [PATCH 4.1 08/11] ath3k: Add support of 0489:e076 " Greg Kroah-Hartman
2015-06-27 1:09 ` [PATCH 4.1 09/11] ath3k: add support of 13d3:3474 " Greg Kroah-Hartman
2015-06-27 1:09 ` [PATCH 4.1 11/11] cdc-acm: Add support of ATOL FPrint fiscal printers Greg Kroah-Hartman
2015-06-27 3:13 ` [PATCH 4.1 00/11] 4.1.1-stable review Shuah Khan
2015-06-27 15:37 ` Greg Kroah-Hartman
2015-06-27 6:07 ` Guenter Roeck
2015-06-27 15:38 ` Greg Kroah-Hartman
2015-06-27 8:18 ` Sudip Mukherjee
2015-06-27 15:38 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150627010859.911919392@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=alexander.shishkin@linux.intel.com \
--cc=bp@alien8.de \
--cc=brgerst@gmail.com \
--cc=dave@stgolabs.net \
--cc=der.herr@hofr.at \
--cc=dvlasenk@redhat.com \
--cc=hpa@zytor.com \
--cc=josh@joshtriplett.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mingo@kernel.org \
--cc=oleg@redhat.com \
--cc=paulmck@linux.vnet.ibm.com \
--cc=peterz@infradead.org \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=tj@kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.