From: Marco Elver <elver@google.com>
To: peterz@infradead.org
Cc: alexander.shishkin@linux.intel.com, acme@kernel.org,
mingo@redhat.com, jolsa@redhat.com, mark.rutland@arm.com,
namhyung@kernel.org, tglx@linutronix.de, glider@google.com,
viro@zeniv.linux.org.uk, arnd@arndb.de, christian@brauner.io,
dvyukov@google.com, jannh@google.com, axboe@kernel.dk,
mascasa@google.com, pcc@google.com, irogers@google.com,
kasan-dev@googlegroups.com, linux-arch@vger.kernel.org,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
x86@kernel.org, linux-kselftest@vger.kernel.org
Subject: Re: [PATCH v3 01/11] perf: Rework perf_event_exit_event()
Date: Thu, 25 Mar 2021 11:17:09 +0100 [thread overview]
Message-ID: <YFxjJam0ErVmk99i@elver.google.com> (raw)
In-Reply-To: <20210324112503.623833-2-elver@google.com>
On Wed, Mar 24, 2021 at 12:24PM +0100, Marco Elver wrote:
> From: Peter Zijlstra <peterz@infradead.org>
>
> Make perf_event_exit_event() more robust, such that we can use it from
> other contexts. Specifically the up and coming remove_on_exec.
>
> For this to work we need to address a few issues. Remove_on_exec will
> not destroy the entire context, so we cannot rely on TASK_TOMBSTONE to
> disable event_function_call() and we thus have to use
> perf_remove_from_context().
>
> When using perf_remove_from_context(), there's two races to consider.
> The first is against close(), where we can have concurrent tear-down
> of the event. The second is against child_list iteration, which should
> not find a half baked event.
>
> To address this, teach perf_remove_from_context() to special case
> !ctx->is_active and about DETACH_CHILD.
>
> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
> Signed-off-by: Marco Elver <elver@google.com>
> ---
> v3:
> * New dependency for series:
> https://lkml.kernel.org/r/YFn/I3aKF+TOjGcl@hirez.programming.kicks-ass.net
> ---
syzkaller found a crash with stack trace pointing at changes in this
patch. Can't tell if this is an old issue or introduced in this series.
It looks like task_pid_ptr() wants to access task_struct::signal, but
the task_struct pointer is NULL.
Any ideas?
general protection fault, probably for non-canonical address 0xdffffc0000000103: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000818-0x000000000000081f]
CPU: 2 PID: 15084 Comm: syz-executor.1 Not tainted 5.12.0-rc4+ #5
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014
RIP: 0010:task_pid_ptr kernel/pid.c:325 [inline]
RIP: 0010:__task_pid_nr_ns+0x137/0x3e0 kernel/pid.c:500
Code: 8b 75 00 eb 08 e8 59 28 29 00 45 31 f6 31 ff 44 89 fe e8 5c 2c 29 00 45 85 ff 74 49 48 81 c3 20 08 00 00 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 aa 03 6d 00 48 8b 2b 44 89 fb bf
RSP: 0018:ffffc9000c76f6d0 EFLAGS: 00010007
RAX: 0000000000000103 RBX: 000000000000081f RCX: ffff8880717d8000
RDX: ffff8880717d8000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000001 R08: ffffffff814fe814 R09: fffffbfff1f296b1
R10: fffffbfff1f296b1 R11: 0000000000000000 R12: dffffc0000000000
R13: 1ffff1100e6dfc5c R14: ffff888057fba108 R15: 0000000000000001
FS: 0000000000000000(0000) GS:ffff88802cf00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffcc3b05bc0 CR3: 0000000040ac0000 CR4: 0000000000750ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
PKRU: 55555554
Call Trace:
perf_event_pid_type kernel/events/core.c:1412 [inline]
perf_event_pid kernel/events/core.c:1421 [inline]
perf_event_read_event kernel/events/core.c:7511 [inline]
sync_child_event kernel/events/core.c:12521 [inline]
perf_child_detach kernel/events/core.c:2223 [inline]
__perf_remove_from_context+0x569/0xd30 kernel/events/core.c:2359
perf_remove_from_context+0x19d/0x220 kernel/events/core.c:2395
perf_event_exit_event+0x76/0x950 kernel/events/core.c:12559
perf_event_exit_task_context kernel/events/core.c:12640 [inline]
perf_event_exit_task+0x715/0xa40 kernel/events/core.c:12673
do_exit+0x6c2/0x2290 kernel/exit.c:834
do_group_exit+0x168/0x2d0 kernel/exit.c:922
get_signal+0x1734/0x1ef0 kernel/signal.c:2779
arch_do_signal_or_restart+0x41/0x620 arch/x86/kernel/signal.c:789
handle_signal_work kernel/entry/common.c:147 [inline]
exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
exit_to_user_mode_prepare+0xac/0x1e0 kernel/entry/common.c:208
irqentry_exit_to_user_mode+0x6/0x40 kernel/entry/common.c:314
exc_general_protection+0x222/0x370 arch/x86/kernel/traps.c:530
asm_exc_general_protection+0x1e/0x30 arch/x86/include/asm/idtentry.h:571
next prev parent reply other threads:[~2021-03-25 10:18 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-24 11:24 [PATCH v3 00/11] Add support for synchronous signals on perf events Marco Elver
2021-03-24 11:24 ` [PATCH v3 01/11] perf: Rework perf_event_exit_event() Marco Elver
2021-03-25 10:17 ` Marco Elver [this message]
2021-03-25 16:17 ` Marco Elver
2021-03-25 19:10 ` Marco Elver
2021-03-29 11:50 ` Peter Zijlstra
2021-03-24 11:24 ` [PATCH v3 02/11] perf: Apply PERF_EVENT_IOC_MODIFY_ATTRIBUTES to children Marco Elver
2021-03-24 11:24 ` [PATCH v3 03/11] perf: Support only inheriting events if cloned with CLONE_THREAD Marco Elver
2021-03-24 11:24 ` [PATCH v3 04/11] perf: Add support for event removal on exec Marco Elver
2021-03-24 11:24 ` [PATCH v3 05/11] signal: Introduce TRAP_PERF si_code and si_perf to siginfo Marco Elver
2021-03-24 11:24 ` [PATCH v3 06/11] perf: Add support for SIGTRAP on perf events Marco Elver
2021-03-25 8:14 ` Marco Elver
2021-03-29 12:07 ` Peter Zijlstra
2021-03-29 14:27 ` Oleg Nesterov
2021-03-29 14:32 ` Marco Elver
2021-03-30 7:04 ` Peter Zijlstra
2021-03-29 18:22 ` Marco Elver
2021-03-29 18:33 ` Oleg Nesterov
2021-03-31 12:32 ` Marco Elver
2021-03-31 14:51 ` Peter Zijlstra
2021-03-31 16:50 ` Marco Elver
2021-03-24 11:24 ` [PATCH v3 07/11] perf: Add breakpoint information to siginfo on SIGTRAP Marco Elver
2021-03-24 12:53 ` Peter Zijlstra
2021-03-24 13:01 ` Peter Zijlstra
2021-03-24 13:21 ` Peter Zijlstra
2021-03-24 13:43 ` Peter Zijlstra
2021-03-24 14:00 ` Peter Zijlstra
2021-03-24 14:05 ` Marco Elver
2021-03-24 14:12 ` Dmitry Vyukov
2021-03-24 14:15 ` Dmitry Vyukov
2021-03-25 7:00 ` Marco Elver
2021-03-25 14:18 ` Ingo Molnar
2021-03-25 15:17 ` Marco Elver
2021-03-25 15:35 ` Ingo Molnar
2021-03-24 13:47 ` Marco Elver
2021-03-24 11:25 ` [PATCH v3 08/11] selftests/perf_events: Add kselftest for process-wide sigtrap handling Marco Elver
2021-03-24 11:25 ` [PATCH v3 09/11] selftests/perf_events: Add kselftest for remove_on_exec Marco Elver
2021-03-24 11:25 ` [PATCH v3 10/11] tools headers uapi: Sync tools/include/uapi/linux/perf_event.h Marco Elver
2021-03-24 11:25 ` [PATCH v3 11/11] perf test: Add basic stress test for sigtrap handling Marco Elver
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YFxjJam0ErVmk99i@elver.google.com \
--to=elver@google.com \
--cc=acme@kernel.org \
--cc=alexander.shishkin@linux.intel.com \
--cc=arnd@arndb.de \
--cc=axboe@kernel.dk \
--cc=christian@brauner.io \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=irogers@google.com \
--cc=jannh@google.com \
--cc=jolsa@redhat.com \
--cc=kasan-dev@googlegroups.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=mascasa@google.com \
--cc=mingo@redhat.com \
--cc=namhyung@kernel.org \
--cc=pcc@google.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=viro@zeniv.linux.org.uk \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).