All of lore.kernel.org
 help / color / mirror / Atom feed
From: Qing Wang <wangqing7171@gmail.com>
To: irogers@google.com
Cc: acme@kernel.org, adrian.hunter@intel.com,
	alexander.shishkin@linux.intel.com, james.clark@linaro.org,
	jolsa@kernel.org, linux-kernel@vger.kernel.org,
	linux-perf-users@vger.kernel.org, mark.rutland@arm.com,
	mingo@redhat.com, namhyung@kernel.org, peterz@infradead.org,
	syzbot+196a82fd904572696b3c@syzkaller.appspotmail.com,
	wangqing7171@gmail.com, yuhaocheng035@gmail.com
Subject: Re: [PATCH] perf: Fix deadlock in perf_mmap()
Date: Tue, 10 Mar 2026 11:37:42 +0800	[thread overview]
Message-ID: <20260310033742.3606390-1-wangqing7171@gmail.com> (raw)
In-Reply-To: <CAP-5=fW3jcUyOOF5ikEUHbp8r=yMZE=iUPVesUhcba38T8ayZA@mail.gmail.com>

On Tue, 10 Mar 2026 at 02:59, Ian Rogers <irogers@google.com> wrote:
> Hi Qing, thank you for looking into this. I proposed a similar fix:
> https://lore.kernel.org/lkml/CAP-5=fW-wHEv=TCULwk_HVOhWHdqRd8AZoESZsU_vnhLjghUBQ@mail.gmail.com/
> but Haocheng noted it reintroduced the race condition the original fix
> was targeting. Haocheng has a larger fix in:
> https://lore.kernel.org/lkml/20260306093616.84299-1-yuhaocheng035@gmail.com/
> that should handle both the original race condition and the deadlock.

Oh, this fix is too large.

> I wonder that fix may be made smaller by passing a parameter like
> "holds_event_mmap_mutex" to perf_mmap_close, something like:
> ```
> static void __perf_mmap_close(struct vm_area_struct *vma, struct
> perf_event *event, bool holds_event_mmap_lock)
> {
>    ... // code from original perf_mmap_close
>    if ((!holds_event_mmap_lock &&
> !refcount_dec_and_mutex_lock(&event->mmap_count, &event->mmap_mutex))
> ||
>        (holds_event_mmap_lock && !refcount_dec_and_test(&event->mmap_count)))
>      ...
> 
> static void perf_mmap_close(struct vm_area_struct *vma)
> {
>        struct perf_event *event = vma->vm_file->private_data;
>        __perf_mmap_close(vma, event, /*holds_event_mmap_lock=*/false);
> }
> 
> static void perf_mmap_close_locked(struct vm_area_struct *vma, struct
> perf_event *event)
> {
>        __perf_mmap_close(vma, event, /*holds_event_mmap_lock=*/true);
> }
> ```
> 
> Thanks,
> Ian

LGTM, your fix is better.

But, can you explain why there is still race issue after applying my patch?

Thanks,
Qing

  reply	other threads:[~2026-03-10  3:37 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-03-09  8:25 [PATCH] perf: Fix deadlock in perf_mmap() Qing Wang
2026-03-09 18:59 ` Ian Rogers
2026-03-10  3:37   ` Qing Wang [this message]
2026-03-10  4:45     ` Ian Rogers
2026-03-24 18:38       ` Ian Rogers
2026-03-25  6:58         ` Haocheng Yu
2026-03-25 10:20           ` [PATCH v3] perf/core: Fix refcount bug and potential UAF in perf_mmap yuhaocheng035
2026-03-25 15:08             ` Ian Rogers
2026-03-25 15:17             ` Peter Zijlstra
2026-03-25 15:32               ` Peter Zijlstra
2026-03-26  3:18               ` Qing Wang
2026-03-26 11:28                 ` Peter Zijlstra
2026-03-27 12:29                   ` [PATCH v4] " yuhaocheng035
2026-03-27 12:31                     ` Haocheng Yu
2026-03-27 12:34                     ` Peter Zijlstra
2026-05-05 10:50                   ` [tip: perf/core] perf/core: Fix deadlock in perf_mmap() failure path tip-bot2 for Peter Zijlstra

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260310033742.3606390-1-wangqing7171@gmail.com \
    --to=wangqing7171@gmail.com \
    --cc=acme@kernel.org \
    --cc=adrian.hunter@intel.com \
    --cc=alexander.shishkin@linux.intel.com \
    --cc=irogers@google.com \
    --cc=james.clark@linaro.org \
    --cc=jolsa@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-perf-users@vger.kernel.org \
    --cc=mark.rutland@arm.com \
    --cc=mingo@redhat.com \
    --cc=namhyung@kernel.org \
    --cc=peterz@infradead.org \
    --cc=syzbot+196a82fd904572696b3c@syzkaller.appspotmail.com \
    --cc=yuhaocheng035@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.