From: Namhyung Kim <namhyung@kernel.org>
To: Ian Rogers <irogers@google.com>
Cc: "Peter Zijlstra" <peterz@infradead.org>,
"Ingo Molnar" <mingo@redhat.com>,
"Arnaldo Carvalho de Melo" <acme@kernel.org>,
"Mark Rutland" <mark.rutland@arm.com>,
"Alexander Shishkin" <alexander.shishkin@linux.intel.com>,
"Jiri Olsa" <jolsa@kernel.org>,
"Adrian Hunter" <adrian.hunter@intel.com>,
"Kan Liang" <kan.liang@linux.intel.com>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <benno.lossin@proton.me>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Alice Ryhl" <aliceryhl@google.com>,
"Trevor Gross" <tmgross@umich.edu>,
"Danilo Krummrich" <dakr@kernel.org>,
"Jiapeng Chong" <jiapeng.chong@linux.alibaba.com>,
"James Clark" <james.clark@linaro.org>,
"Howard Chu" <howardchu95@gmail.com>,
"Weilin Wang" <weilin.wang@intel.com>,
"Stephen Brennan" <stephen.s.brennan@oracle.com>,
"Andi Kleen" <ak@linux.intel.com>,
"Dmitry Vyukov" <dvyukov@google.com>,
linux-perf-users@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2 4/7] perf intel-tpebs: Avoid race when evlist is being deleted
Date: Wed, 28 May 2025 15:23:56 -0700 [thread overview]
Message-ID: <aDeM_OlCkNUBDkis@google.com> (raw)
In-Reply-To: <CAP-5=fW17hJkTCEu6pCwN1CoEVHQAmVggi=wLwcNcM_dbeVAAg@mail.gmail.com>
On Wed, May 28, 2025 at 01:44:36PM -0700, Ian Rogers wrote:
> On Wed, May 28, 2025 at 1:13 PM Namhyung Kim <namhyung@kernel.org> wrote:
> >
> > On Wed, May 28, 2025 at 11:02:44AM -0700, Ian Rogers wrote:
> > > On Wed, May 28, 2025 at 10:53 AM Namhyung Kim <namhyung@kernel.org> wrote:
> > > >
> > > > Hi Ian,
> > > >
> > > > On Tue, May 27, 2025 at 08:26:34PM -0700, Ian Rogers wrote:
> > > > > Reading through the evsel->evlist may seg fault if a sample arrives
> > > > > when the evlist is being deleted. Detect this case and ignore samples
> > > > > arriving when the evlist is being deleted.
> > > > >
> > > > > Fixes: bcfab08db7fb ("perf intel-tpebs: Filter non-workload samples")
> > > > > Signed-off-by: Ian Rogers <irogers@google.com>
> > > > > ---
> > > > > tools/perf/util/intel-tpebs.c | 12 ++++++++++--
> > > > > 1 file changed, 10 insertions(+), 2 deletions(-)
> > > > >
> > > > > diff --git a/tools/perf/util/intel-tpebs.c b/tools/perf/util/intel-tpebs.c
> > > > > index 4ad4bc118ea5..3b92ebf5c112 100644
> > > > > --- a/tools/perf/util/intel-tpebs.c
> > > > > +++ b/tools/perf/util/intel-tpebs.c
> > > > > @@ -162,9 +162,17 @@ static bool is_child_pid(pid_t parent, pid_t child)
> > > > >
> > > > > static bool should_ignore_sample(const struct perf_sample *sample, const struct tpebs_retire_lat *t)
> > > > > {
> > > > > - pid_t workload_pid = t->evsel->evlist->workload.pid;
> > > > > - pid_t sample_pid = sample->pid;
> > > > > + pid_t workload_pid, sample_pid = sample->pid;
> > > > >
> > > > > + /*
> > > > > + * During evlist__purge the evlist will be removed prior to the
> > > > > + * evsel__exit calling evsel__tpebs_close and taking the
> > > > > + * tpebs_mtx. Avoid a segfault by ignoring samples in this case.
> > > > > + */
> > > > > + if (t->evsel->evlist == NULL)
> > > > > + return true;
> > > > > +
> > > > > + workload_pid = t->evsel->evlist->workload.pid;
> > > >
> > > > I'm curious if there's a chance of TOCTOU race. It'd certainly help
> > > > the segfault but would this code prevent it completely?
> > >
> > > Good point. I think the race is already small as it doesn't happen
> > > without sanitizers for me.
> > > Thinking about the evlist problem. When a destructor (evlist__delete)
> > > it is generally assumed the code is being single threaded and in C++
> > > clang's -Wthread-safety will ignore destructors for this reason
> > > (annoying imo as it hides bugs). I don't see a good way to solve that
> > > for the evlist and evsel for the TPEBS case without using reference
> > > counting. Adding reference counts to evlist and evsel would be do-able
> > > as we could use reference count checking, but it would be a large and
> > > invasive change. Wdyt?
> >
> > Would it be possible to kill the TPEBS thread before deleting evlist?
>
> The TPEBS thread and other data structures are global and not tied to
> the evlist, so there can and are multiple evlists at play. When using
> TPEBS there is the evlist for perf stat, there is also the evlist for
> the samples. There's sense in having the evlist own the TPEBS data
> structures, there's also sense in things being global. I think if I'd
> done it I'd have gone with TPEBS within the evlist, but I suspect in
> the original changes there was a worry about adding cost on non-x86
> builds.
Ok, I thought deleting evlist is quite late in the execution and it may
be easy to make the change. If not, let's see how the current fix will
work before going further. :)
Thanks,
Namhyung
next prev parent reply other threads:[~2025-05-28 22:23 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-28 3:26 [PATCH v2 0/7] Various asan and test fixes Ian Rogers
2025-05-28 3:26 ` [PATCH v2 1/7] perf symbol: Fix use-after-free in filename__read_build_id Ian Rogers
2025-05-28 3:26 ` [PATCH v2 2/7] perf test demangle-java: Don't segv if demangling fails Ian Rogers
2025-05-28 3:26 ` [PATCH v2 3/7] perf symbol: Move demangling code out of symbol-elf.c Ian Rogers
2025-05-28 3:26 ` [PATCH v2 4/7] perf intel-tpebs: Avoid race when evlist is being deleted Ian Rogers
2025-05-28 17:53 ` Namhyung Kim
2025-05-28 18:02 ` Ian Rogers
2025-05-28 20:13 ` Namhyung Kim
2025-05-28 20:44 ` Ian Rogers
2025-05-28 22:23 ` Namhyung Kim [this message]
2025-05-28 3:26 ` [PATCH v2 5/7] perf test intel-pt: Skip jitdump test if no libelf Ian Rogers
2025-05-28 3:26 ` [PATCH v2 6/7] perf test trace_summary: Skip --bpf-summary tests if no libbpf Ian Rogers
2025-05-28 4:17 ` Howard Chu
2025-05-28 12:56 ` Arnaldo Carvalho de Melo
2025-05-28 3:26 ` [PATCH v2 7/7] perf thread: Avoid recursively taking thread__comm_lock Ian Rogers
2025-05-28 18:02 ` [PATCH v2 0/7] Various asan and test fixes Namhyung Kim
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aDeM_OlCkNUBDkis@google.com \
--to=namhyung@kernel.org \
--cc=a.hindborg@kernel.org \
--cc=acme@kernel.org \
--cc=adrian.hunter@intel.com \
--cc=ak@linux.intel.com \
--cc=alex.gaynor@gmail.com \
--cc=alexander.shishkin@linux.intel.com \
--cc=aliceryhl@google.com \
--cc=benno.lossin@proton.me \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=dakr@kernel.org \
--cc=dvyukov@google.com \
--cc=gary@garyguo.net \
--cc=howardchu95@gmail.com \
--cc=irogers@google.com \
--cc=james.clark@linaro.org \
--cc=jiapeng.chong@linux.alibaba.com \
--cc=jolsa@kernel.org \
--cc=kan.liang@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-perf-users@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=mingo@redhat.com \
--cc=ojeda@kernel.org \
--cc=peterz@infradead.org \
--cc=stephen.s.brennan@oracle.com \
--cc=tmgross@umich.edu \
--cc=weilin.wang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.