[PATCH v2] perf: avoid lockdep warning in self-monitoring perf_event_open

[PATCH v2] perf: avoid lockdep warning in self-monitoring perf_event_open

[l1za0.sec]

From: Haocheng Yu <3230100410@zju.edu.cn>

A lockdep warning: possible deadlock in __perf_event_task_sched_out is
reported by a modified Syzkaller-based kernel fuzzing tool we use.

The warning is triggered on the self-monitoring perf_event_open() path.
When perf_install_in_context() targets the current task, it goes through
task_function_call() and the synchronous smp_call_function_single()
self-call path. The reported lockdep chain contains:

  rq->__lock -> ctx->lock

and an existing reverse dependency from:

  ctx->lock -> ... -> p->pi_lock -> rq->__lock

The current fix adds a fast path for task == current in
perf_install_in_context() and calls __perf_install_in_context()
directly.

This fix removes the self-call path for the reported self-monitoring
case. It does not change the scheduler-side locking order in
__perf_event_task_sched_out(), so it should be treated as a targeted
mitigation for this trigger path.

Signed-off-by: Haocheng Yu <3230100410@zju.edu.cn>
Signed-off-by: Haocheng Yu <l1za0.sec@gmail.com>
---
 kernel/events/core.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/kernel/events/core.c b/kernel/events/core.c
index 7935d5663944..97837242db32 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -3199,6 +3199,15 @@ perf_install_in_context(struct perf_event_context *ctx,
 	 */
 	smp_mb();
 again:
+	if (task == current) {
+		unsigned long flags;
+		preempt_disable();
+		local_irq_save(flags);
+		__perf_install_in_context(event);
+		local_irq_restore(flags);
+		preempt_enable();
+		return;
+	}
 	if (!task_function_call(task, __perf_install_in_context, event))
 		return;
 

base-commit: 33d8d8ec31b591952ded59d596c2f3db45004937
-- 
2.51.0

Re: [PATCH v2] perf: avoid lockdep warning in self-monitoring perf_event_open

[sashiko-bot]

Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:

Pre-existing issues:
- [High] Incomplete fix for a core lock inversion (potential deadlock) between the scheduler runqueue lock and perf context lock.
--

commit 008930a2883145d064fbb634b2b2120e78395849
Author: Haocheng Yu <3230100410@zju.edu.cn>

perf: avoid lockdep warning in self-monitoring perf_event_open

This commit adds a fast path for self-monitoring events in
perf_install_in_context() to bypass task_function_call(). It is intended as a
targeted mitigation to avoid a lockdep warning about a potential deadlock
between the scheduler runqueue lock and the perf context lock.

> diff --git a/kernel/events/core.c b/kernel/events/core.c
> index 7935d5663944e..97837242db328 100644
> --- a/kernel/events/core.c
> +++ b/kernel/events/core.c

[ ... ]

> @@ -3199,6 +3199,15 @@ perf_install_in_context(struct perf_event_context *ctx,
>  	 */
>  	smp_mb();
>  again:
> +	if (task == current) {
> +		unsigned long flags;
> +		preempt_disable();
> +		local_irq_save(flags);
> +		__perf_install_in_context(event);
> +		local_irq_restore(flags);
> +		preempt_enable();
> +		return;
> +	}

[Severity: High]
This isn't a bug introduced by this patch, but does this actually resolve the
underlying lock inversion?

The commit message documents an ABBA deadlock cycle involving rq->__lock and
ctx->lock. While this fast path avoids the specific lockdep warning triggered
during self-monitoring, cross-task monitoring (task != current) will skip this
block and fall through to task_function_call().

Does this mean the exact same lock inversion and potential deadlock remain
fully reachable by userspace when monitoring a different task?

>  	if (!task_function_call(task, __perf_install_in_context, event))
>  		return;
>

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260609153724.7878-1-l1za0.sec@gmail.com?part=1