From: "Luis Claudio R. Goncalves" <lgoncalv@redhat.com>
To: Steven Rostedt <rostedt@goodmis.org>
Cc: tglozar@redhat.com, linux-trace-kernel@vger.kernel.org,
linux-kernel@vger.kernel.org, jkacur@redhat.com
Subject: Re: [PATCH] tracing/timerlat: Check tlat_var for NULL in timerlat_fd_release
Date: Thu, 22 Aug 2024 08:20:52 -0300 [thread overview]
Message-ID: <ZscfFFUM6pBuwpGZ@uudg.org> (raw)
In-Reply-To: <20240821160316.02c03c44@gandalf.local.home>
On Wed, Aug 21, 2024 at 04:03:16PM -0400, Steven Rostedt wrote:
> On Tue, 20 Aug 2024 15:00:01 +0200
> tglozar@redhat.com wrote:
>
> > From: Tomas Glozar <tglozar@redhat.com>
> >
> > When running timerlat with a userspace workload (NO_OSNOISE_WORKLOAD),
> > NULL pointer dereference can be triggered by sending consequent SIGINT
> > and SIGTERM signals to the workload process. That then causes
> > timerlat_fd_release to be called twice in a row, and the second time,
> > hrtimer_cancel is called on a zeroed hrtimer struct, causing the NULL
> > dereference.
> >
> > This can be reproduced using rtla:
> > ```
> > $ while true; do rtla timerlat top -u -q & PID=$!; sleep 5; \
> > kill -INT $PID; sleep 0.001; kill -TERM $PID; wait $PID; done
> > [1] 1675
> > [1]+ Aborted (SIGTERM) rtla timerlat top -u -q
> > [1] 1688
> > client_loop: send disconnect: Broken pipe
> > ```
> > triggering the bug:
>
> I'm able to reproduce this with the above. Unfortunately, I can still
> reproduce it after applying this patch :-(
We were able to mitigate the problem (triggered by that command line) simply
by handling SIGTERM in the userspace tool the same way it handles SIGINT. That
was one of the factors that helped the "closing the file descriptor twice"
theory.
Would you mind sharing the backtrace you got? That would also help us
investigating.
> Looking at the code, the logic for handling the kthread seems off. I'll
> spend a little time to see if I can figure it out.
You mean the
+ if (!tlat_var->kthread) {
+ /* the fd has been closed already */
bit or the kthread handling in rtla itself?
As Tomas already said, thank you for testing and reviewing the suggested fix!
Luis
next prev parent reply other threads:[~2024-08-22 11:20 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-20 13:00 [PATCH] tracing/timerlat: Check tlat_var for NULL in timerlat_fd_release tglozar
2024-08-21 20:03 ` Steven Rostedt
2024-08-22 9:32 ` Tomas Glozar
2024-08-22 14:32 ` Steven Rostedt
2024-08-22 14:37 ` Steven Rostedt
2024-08-22 11:20 ` Luis Claudio R. Goncalves [this message]
2024-08-22 14:34 ` Steven Rostedt
2024-08-23 16:54 ` Steven Rostedt
2024-08-23 18:52 ` Steven Rostedt
2024-08-26 13:01 ` Tomas Glozar
2024-08-26 17:26 ` Steven Rostedt
2024-08-27 14:34 ` Tomas Glozar
2024-08-29 23:40 ` Luis Claudio R. Goncalves
2024-08-30 0:31 ` Luis Claudio R. Goncalves
2024-09-03 12:47 ` Tomas Glozar
2024-09-03 15:00 ` Steven Rostedt
2024-09-04 14:21 ` Steven Rostedt
2024-09-05 10:38 ` Tomas Glozar
2024-09-05 12:31 ` Steven Rostedt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZscfFFUM6pBuwpGZ@uudg.org \
--to=lgoncalv@redhat.com \
--cc=jkacur@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=rostedt@goodmis.org \
--cc=tglozar@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).