From: Oleg Nesterov <oleg@redhat.com>
To: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Frederic Weisbecker <fweisbec@gmail.com>,
Alan Stern <stern@rowland.harvard.edu>,
Arnaldo Carvalho de Melo <acme@redhat.com>,
Ingo Molnar <mingo@elte.hu>, Paul Mackerras <paulus@samba.org>,
Prasad <prasad@linux.vnet.ibm.com>,
Roland McGrath <roland@redhat.com>,
linux-kernel@vger.kernel.org
Subject: Re: Q: perf_event && event->owner
Date: Fri, 12 Nov 2010 19:49:37 +0100 [thread overview]
Message-ID: <20101112184937.GA12014@redhat.com> (raw)
In-Reply-To: <1289576883.2084.286.camel@laptop>
On 11/12, Peter Zijlstra wrote:
>
> Utter paranoia took over and I'm still not sure its solid...
Thanks Peter!
I believe this all is correct.
> Subject: perf: Fix owner-list vs exit
> From: Peter Zijlstra <a.p.zijlstra@chello.nl>
> Date: Tue, 09 Nov 2010 19:01:43 +0100
>
> Reported-by: Oleg Nesterov <oleg@redhat.com>
> Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
> LKML-Reference: <1289325703.2191.60.camel@laptop>
> ---
> kernel/perf_event.c | 63 ++++++++++++++++++++++++++++++++++++++++++----------
> 1 file changed, 51 insertions(+), 12 deletions(-)
>
> Index: linux-2.6/kernel/perf_event.c
> ===================================================================
> --- linux-2.6.orig/kernel/perf_event.c
> +++ linux-2.6/kernel/perf_event.c
> @@ -2234,11 +2234,6 @@ int perf_event_release_kernel(struct per
> raw_spin_unlock_irq(&ctx->lock);
> mutex_unlock(&ctx->mutex);
>
> - mutex_lock(&event->owner->perf_event_mutex);
> - list_del_init(&event->owner_entry);
> - mutex_unlock(&event->owner->perf_event_mutex);
> - put_task_struct(event->owner);
> -
> free_event(event);
>
> return 0;
> @@ -2251,9 +2246,43 @@ EXPORT_SYMBOL_GPL(perf_event_release_ker
> static int perf_release(struct inode *inode, struct file *file)
> {
> struct perf_event *event = file->private_data;
> + struct task_struct *owner;
>
> file->private_data = NULL;
>
> + rcu_read_lock();
> + owner = ACCESS_ONCE(event->owner);
> + /*
> + * Matches the smp_wmb() in perf_event_exit_task(). If we observe
> + * !owner it means the list deletion is complete and we can indeed
> + * free this event, otherwise we need to serialize on
> + * owner->perf_event_mutex.
> + */
> + smp_read_barrier_depends();
> + if (owner) {
> + /*
> + * Since delayed_put_task_struct() also drops the last
> + * task reference we can safely take a new reference
> + * while holding the rcu_read_lock().
> + */
> + get_task_struct(owner);
> + }
> + rcu_read_unlock();
> +
> + if (owner) {
> + mutex_lock(&owner->perf_event_mutex);
> + /*
> + * We have to re-check the event->owner field, if it is cleared
> + * we raced with perf_event_exit_task(), acquiring the mutex
> + * ensured they're done, and we can proceed with freeing the
> + * event.
> + */
> + if (event->owner)
> + list_del_init(&event->owner_entry);
> + mutex_unlock(&owner->perf_event_mutex);
> + put_task_struct(owner);
> + }
> +
> return perf_event_release_kernel(event);
> }
>
> @@ -5677,7 +5706,7 @@ SYSCALL_DEFINE5(perf_event_open,
> mutex_unlock(&ctx->mutex);
>
> event->owner = current;
> - get_task_struct(current);
> +
> mutex_lock(¤t->perf_event_mutex);
> list_add_tail(&event->owner_entry, ¤t->perf_event_list);
> mutex_unlock(¤t->perf_event_mutex);
> @@ -5745,12 +5774,6 @@ perf_event_create_kernel_counter(struct
> ++ctx->generation;
> mutex_unlock(&ctx->mutex);
>
> - event->owner = current;
> - get_task_struct(current);
> - mutex_lock(¤t->perf_event_mutex);
> - list_add_tail(&event->owner_entry, ¤t->perf_event_list);
> - mutex_unlock(¤t->perf_event_mutex);
> -
> return event;
>
> err_free:
> @@ -5901,8 +5924,24 @@ static void perf_event_exit_task_context
> */
> void perf_event_exit_task(struct task_struct *child)
> {
> + struct perf_event *event, *tmp;
> int ctxn;
>
> + mutex_lock(&child->perf_event_mutex);
> + list_for_each_entry_safe(event, tmp, &child->perf_event_list,
> + owner_entry) {
> + list_del_init(&event->owner_entry);
> +
> + /*
> + * Ensure the list deletion is visible before we clear
> + * the owner, closes a race against perf_release() where
> + * we need to serialize on the owner->perf_event_mutex.
> + */
> + smp_wmb();
> + event->owner = NULL;
> + }
> + mutex_unlock(&child->perf_event_mutex);
> +
> for_each_task_context_nr(ctxn)
> perf_event_exit_task_context(child, ctxn);
> }
>
next prev parent reply other threads:[~2010-11-12 18:56 UTC|newest]
Thread overview: 91+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-11-08 14:56 Q: perf_event && task->ptrace_bps[] Oleg Nesterov
2010-11-08 14:57 ` Q: sys_perf_event_open() && PF_EXITING Oleg Nesterov
2011-01-19 18:21 ` [PATCH 0/2] Was: " Oleg Nesterov
2011-01-19 18:22 ` [PATCH 1/2] perf: fix find_get_context() vs perf_event_exit_task() race Oleg Nesterov
2011-01-19 18:49 ` Peter Zijlstra
2011-01-19 19:18 ` [tip:perf/urgent] perf: Fix " tip-bot for Oleg Nesterov
2011-01-21 15:29 ` Ingo Molnar
2011-01-21 15:53 ` Oleg Nesterov
2011-01-21 17:45 ` [PATCH] perf: perf_event_exit_task_context: s/rcu_dereference/rcu_dereference_raw/ Oleg Nesterov
2011-01-21 17:53 ` Oleg Nesterov
2011-01-21 21:50 ` Paul E. McKenney
2011-01-24 11:51 ` Oleg Nesterov
2011-01-21 22:12 ` [tip:perf/urgent] " tip-bot for Oleg Nesterov
2011-01-19 18:22 ` [PATCH 2/2] perf: fix perf_event_init_task()/perf_event_free_task() interaction Oleg Nesterov
2011-01-19 18:51 ` Peter Zijlstra
2011-01-19 19:19 ` [tip:perf/urgent] perf: Fix " tip-bot for Oleg Nesterov
2011-01-20 19:30 ` Q: perf_install_in_context/perf_event_enable are racy? Oleg Nesterov
2011-01-21 12:11 ` Peter Zijlstra
2011-01-21 13:03 ` Ingo Molnar
2011-01-21 13:39 ` Peter Zijlstra
2011-01-21 14:26 ` Oleg Nesterov
2011-01-21 15:05 ` Peter Zijlstra
2011-01-21 20:40 ` Frederic Weisbecker
2011-01-24 11:42 ` Oleg Nesterov
2011-01-26 17:53 ` Oleg Nesterov
2011-01-26 18:49 ` Oleg Nesterov
2011-01-26 18:51 ` [PATCH] fix the theoretical task_cpu/task_curr problem in kick_process/task_oncpu_function_call Oleg Nesterov
2011-01-26 19:05 ` Q: perf_install_in_context/perf_event_enable are racy? Peter Zijlstra
2011-01-26 19:33 ` Peter Zijlstra
2011-01-26 19:38 ` Peter Zijlstra
2011-01-26 21:19 ` Oleg Nesterov
2011-01-26 21:33 ` Oleg Nesterov
2011-01-27 10:32 ` Peter Zijlstra
2011-01-27 12:29 ` Peter Zijlstra
2011-01-27 16:10 ` Oleg Nesterov
2011-01-27 16:27 ` Peter Zijlstra
2011-01-27 16:59 ` Oleg Nesterov
2011-01-27 15:52 ` Oleg Nesterov
2011-01-27 13:14 ` Peter Zijlstra
2011-01-27 14:28 ` Peter Zijlstra
2011-01-27 14:58 ` Peter Zijlstra
2011-01-27 16:57 ` Oleg Nesterov
2011-01-27 17:11 ` Peter Zijlstra
2011-01-27 22:18 ` Oleg Nesterov
2011-01-28 11:52 ` Peter Zijlstra
2011-01-28 14:57 ` Peter Zijlstra
2011-01-28 16:28 ` Oleg Nesterov
2011-01-28 18:11 ` Peter Zijlstra
2011-01-31 17:26 ` Oleg Nesterov
2011-01-31 18:23 ` Peter Zijlstra
2011-01-31 19:11 ` Oleg Nesterov
2011-01-31 19:29 ` Peter Zijlstra
2011-02-01 14:03 ` [PATCH] perf: Cure task_oncpu_function_call() races Peter Zijlstra
2011-02-01 17:27 ` Oleg Nesterov
2011-02-01 18:08 ` Peter Zijlstra
2011-02-01 18:18 ` Peter Zijlstra
2011-02-01 21:00 ` Peter Zijlstra
2010-11-08 14:57 ` Q: perf_event && event->owner Oleg Nesterov
2010-11-08 20:11 ` Frederic Weisbecker
2010-11-08 20:41 ` Peter Zijlstra
2010-11-09 16:18 ` Oleg Nesterov
2010-11-09 15:57 ` Oleg Nesterov
2010-11-09 16:56 ` Peter Zijlstra
2010-11-09 16:58 ` Oleg Nesterov
2010-11-09 17:07 ` Peter Zijlstra
2010-11-09 17:42 ` Oleg Nesterov
2010-11-09 18:01 ` Peter Zijlstra
2010-11-09 18:57 ` Oleg Nesterov
2010-11-09 19:16 ` Peter Zijlstra
2010-11-10 15:17 ` Peter Zijlstra
2010-11-10 15:44 ` Oleg Nesterov
2010-11-12 15:48 ` Peter Zijlstra
2010-11-12 18:49 ` Oleg Nesterov [this message]
2010-11-18 14:09 ` [tip:perf/urgent] perf: Fix owner-list vs exit tip-bot for Peter Zijlstra
2010-11-08 18:41 ` Q: perf_event && task->ptrace_bps[] Frederic Weisbecker
2010-11-08 19:18 ` Oleg Nesterov
2011-01-17 23:58 ` Frederic Weisbecker
2011-01-18 1:16 ` Roland McGrath
2011-01-17 20:34 ` Oleg Nesterov
2011-01-17 20:52 ` Peter Zijlstra
2011-01-17 21:01 ` Frederic Weisbecker
2011-01-18 16:09 ` [PATCH 0/2] perf: event->cpu checking fixes Oleg Nesterov
2011-01-18 16:10 ` [PATCH 1/2] perf: find_get_context: fix the per-cpu-counter check Oleg Nesterov
2011-01-18 19:06 ` [tip:perf/urgent] perf: Find_get_context: " tip-bot for Oleg Nesterov
2011-01-18 16:10 ` [PATCH 2/2] perf: validate cpu early in perf_event_alloc() Oleg Nesterov
2011-01-18 19:07 ` [tip:perf/urgent] perf: Validate " tip-bot for Oleg Nesterov
2011-01-18 18:42 ` Q: perf_event && task->ptrace_bps[] Frederic Weisbecker
2011-01-19 15:37 ` Oleg Nesterov
2011-01-19 20:05 ` Frederic Weisbecker
2011-01-20 17:28 ` Oleg Nesterov
2011-01-28 17:41 ` Frederic Weisbecker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20101112184937.GA12014@redhat.com \
--to=oleg@redhat.com \
--cc=a.p.zijlstra@chello.nl \
--cc=acme@redhat.com \
--cc=fweisbec@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=paulus@samba.org \
--cc=prasad@linux.vnet.ibm.com \
--cc=roland@redhat.com \
--cc=stern@rowland.harvard.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).