[Patch v3 3/7] perf/x86: Check if cpuc->events[*] pointer exists before accessing it

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Dapeng Mi <dapeng1.mi@linux.intel.com>
To: Peter Zijlstra <peterz@infradead.org>,
	Ingo Molnar <mingo@redhat.com>,
	Arnaldo Carvalho de Melo <acme@kernel.org>,
	Namhyung Kim <namhyung@kernel.org>,
	Ian Rogers <irogers@google.com>,
	Adrian Hunter <adrian.hunter@intel.com>,
	Alexander Shishkin <alexander.shishkin@linux.intel.com>,
	Kan Liang <kan.liang@linux.intel.com>,
	Andi Kleen <ak@linux.intel.com>,
	Eranian Stephane <eranian@google.com>
Cc: linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org,
	Dapeng Mi <dapeng1.mi@intel.com>,
	Dapeng Mi <dapeng1.mi@linux.intel.com>,
	kernel test robot <oliver.sang@intel.com>
Subject: [Patch v3 3/7] perf/x86: Check if cpuc->events[*] pointer exists before accessing it
Date: Wed, 20 Aug 2025 10:30:28 +0800	[thread overview]
Message-ID: <20250820023032.17128-4-dapeng1.mi@linux.intel.com> (raw)
In-Reply-To: <20250820023032.17128-1-dapeng1.mi@linux.intel.com>

When intel_pmu_drain_pebs_icl() is called to drain PEBS records, the
perf_event_overflow() could be called to process the last PEBS record.

While perf_event_overflow() could trigger the interrupt throttle and
stop all events of the group, like what the below call-chain shows.

perf_event_overflow()
  -> __perf_event_overflow()
    ->__perf_event_account_interrupt()
      -> perf_event_throttle_group()
        -> perf_event_throttle()
          -> event->pmu->stop()
            -> x86_pmu_stop()

The side effect of stopping the events is that all corresponding event
pointers in cpuc->events[] array are cleared to NULL.

Assume there are two PEBS events (event a and event b) in a group. When
intel_pmu_drain_pebs_icl() calls perf_event_overflow() to process the
last PEBS record of PEBS event a, interrupt throttle is triggered and
all pointers of event a and event b are cleared to NULL. Then
intel_pmu_drain_pebs_icl() tries to process the last PEBS record of
event b and encounters NULL pointer access.

Since the left PEBS records have been processed when stopping the event,
check and skip to process the last PEBS record if cpuc->events[*] is
NULL.

Reported-by: kernel test robot <oliver.sang@intel.com>
Closes: https://lore.kernel.org/oe-lkp/202507042103.a15d2923-lkp@intel.com
Fixes: 9734e25fbf5a ("perf: Fix the throttle logic for a group")
Signed-off-by: Dapeng Mi <dapeng1.mi@linux.intel.com>
Tested-by: kernel test robot <oliver.sang@intel.com>
---
 arch/x86/events/intel/ds.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/arch/x86/events/intel/ds.c b/arch/x86/events/intel/ds.c
index c0b7ac1c7594..dcf29c099ad2 100644
--- a/arch/x86/events/intel/ds.c
+++ b/arch/x86/events/intel/ds.c
@@ -2663,6 +2663,16 @@ static void intel_pmu_drain_pebs_icl(struct pt_regs *iregs, struct perf_sample_d
 			continue;
 
 		event = cpuc->events[bit];
+		/*
+		 * perf_event_overflow() called by below __intel_pmu_pebs_last_event()
+		 * could trigger interrupt throttle and clear all event pointers of the
+		 * group in cpuc->events[] to NULL. So need to re-check if cpuc->events[*]
+		 * is NULL, if so it indicates the event has been throttled (stopped) and
+		 * the corresponding last PEBS records have been processed in stopping
+		 * event, don't need to process it again.
+		 */
+		if (!event)
+			continue;
 
 		__intel_pmu_pebs_last_event(event, iregs, regs, data, last[bit],
 					    counts[bit], setup_pebs_adaptive_sample_data);
-- 
2.34.1

next prev parent reply	other threads:[~2025-08-20  2:31 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-08-20  2:30 [Patch v3 0/7] x86 perf bug fixes and optimization Dapeng Mi
2025-08-20  2:30 ` [Patch v3 1/7] perf/x86/intel: Use early_initcall() to hook bts_init() Dapeng Mi
2025-08-25 10:24   ` [tip: perf/core] " tip-bot2 for Dapeng Mi
2025-08-20  2:30 ` [Patch v3 2/7] perf/x86/intel: Fix IA32_PMC_x_CFG_B MSRs access error Dapeng Mi
2025-08-25 10:24   ` [tip: perf/core] " tip-bot2 for Dapeng Mi
2025-08-20  2:30 ` Dapeng Mi [this message]
2025-08-20  3:41   ` [Patch v3 3/7] perf/x86: Check if cpuc->events[*] pointer exists before accessing it Andi Kleen
2025-08-20  5:33     ` Mi, Dapeng
2025-08-20  5:44       ` Andi Kleen
2025-08-20  5:54         ` Mi, Dapeng
2025-08-21  1:51           ` Andi Kleen
2025-08-21 13:35   ` Peter Zijlstra
2025-08-22  5:26     ` Mi, Dapeng
2025-08-26  3:47       ` Mi, Dapeng
2025-08-20  2:30 ` [Patch v3 4/7] perf/x86: Add PERF_CAP_PEBS_TIMING_INFO flag Dapeng Mi
2025-08-25 10:24   ` [tip: perf/core] " tip-bot2 for Dapeng Mi
2025-08-20  2:30 ` [Patch v3 5/7] perf/x86/intel: Change macro GLOBAL_CTRL_EN_PERF_METRICS to BIT_ULL(48) Dapeng Mi
2025-08-25 10:24   ` [tip: perf/core] " tip-bot2 for Dapeng Mi
2025-10-02 16:19   ` [Patch v3 5/7] " ChaosEsque Team
2025-08-20  2:30 ` [Patch v3 6/7] perf/x86/intel: Add ICL_FIXED_0_ADAPTIVE bit into INTEL_FIXED_BITS_MASK Dapeng Mi
2025-08-25 10:24   ` [tip: perf/core] " tip-bot2 for Dapeng Mi
2025-08-20  2:30 ` [Patch v3 7/7] perf/x86: Print PMU counters bitmap in x86_pmu_show_pmu_cap() Dapeng Mi
2025-08-25 10:24   ` [tip: perf/core] " tip-bot2 for Dapeng Mi
2025-08-20 15:55 ` [Patch v3 0/7] x86 perf bug fixes and optimization Liang, Kan
2025-08-21 13:39   ` Peter Zijlstra
2025-08-22  5:29     ` Mi, Dapeng

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:c0b7ac1c759 dfblob:dcf29c099ad )
 OR (
bs:"[Patch v3 3/7] perf/x86: Check if cpuc->events[*] pointer exists before accessing it" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250820023032.17128-4-dapeng1.mi@linux.intel.com \
    --to=dapeng1.mi@linux.intel.com \
    --cc=acme@kernel.org \
    --cc=adrian.hunter@intel.com \
    --cc=ak@linux.intel.com \
    --cc=alexander.shishkin@linux.intel.com \
    --cc=dapeng1.mi@intel.com \
    --cc=eranian@google.com \
    --cc=irogers@google.com \
    --cc=kan.liang@linux.intel.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-perf-users@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=namhyung@kernel.org \
    --cc=oliver.sang@intel.com \
    --cc=peterz@infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.