Re: perf: fuzzer triggered warning in intel_pmu_drain_pebs_nhm()

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Peter Zijlstra <peterz@infradead.org>
To: Vince Weaver <vincent.weaver@maine.edu>
Cc: linux-kernel@vger.kernel.org, Ingo Molnar <mingo@redhat.com>,
	Arnaldo Carvalho de Melo <acme@kernel.org>,
	Stephane Eranian <eranian@gmail.com>,
	kan.liang@intel.com
Subject: Re: perf: fuzzer triggered warning in intel_pmu_drain_pebs_nhm()
Date: Fri, 3 Jul 2015 15:13:36 +0200	[thread overview]
Message-ID: <20150703131336.GI19282@twins.programming.kicks-ass.net> (raw)
In-Reply-To: <alpine.DEB.2.20.1507021111380.14637@vincent-weaver-1.umelst.maine.edu>

On Thu, Jul 02, 2015 at 11:18:10AM -0400, Vince Weaver wrote:
> 
> So sad to say the lack of fuzzer reports was because I was out of town for 
> a bit, not due to the kernel suddenly getting amazingly better.
> 
> In any case I am running against current git and getting a lot of 
> warnings, but most of them seem to be old ones.  This following one looks 
> new though.
> 
> This is current linus-git on a Haswell machine with peterz's patch to fix 
> the aux buffer spinlock recursion (I can still crash the kernel if that 
> patch is not applied).
> 
> It corresponds to:
> 
> 	WARN_ON_ONCE(!event->attr.precise_ip);
> 
> [  584.352324] WARNING: CPU: 2 PID: 18924 at arch/x86/kernel/cpu/perf_event_intel_ds.c:1198 intel_pmu_drain_pebs_nhm+0x283/0x2e0()

I've not yet tried to reproduce, but the below could explain things.

On disabling an event we first clear our cpuc->pebs_enabled bits, only
to then check them to see if there are any set, and if so, drain the
buffer.

If we just cleared the last bit, we'll fail to drain the buffer.

If we then program another event on that counter and another PEBS event,
we can hit the above WARN with the 'stale' entries left over from the
previous event.

---
 arch/x86/kernel/cpu/perf_event_intel_ds.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/arch/x86/kernel/cpu/perf_event_intel_ds.c b/arch/x86/kernel/cpu/perf_event_intel_ds.c
index 71fc40238843..041a30ba5654 100644
--- a/arch/x86/kernel/cpu/perf_event_intel_ds.c
+++ b/arch/x86/kernel/cpu/perf_event_intel_ds.c
@@ -548,7 +548,7 @@ int intel_pmu_drain_bts_buffer(void)
 
 static inline void intel_pmu_drain_pebs_buffer(void)
 {
-	struct pt_regs regs;
+	struct pt_regs regs; /* SAMPLE_REGS_INTR must not be set for FREERUNNING */
 
 	x86_pmu.drain_pebs(&regs);
 }
@@ -755,13 +755,6 @@ void intel_pmu_pebs_disable(struct perf_event *event)
 	struct hw_perf_event *hwc = &event->hw;
 	struct debug_store *ds = cpuc->ds;
 
-	cpuc->pebs_enabled &= ~(1ULL << hwc->idx);
-
-	if (event->hw.flags & PERF_X86_EVENT_PEBS_LDLAT)
-		cpuc->pebs_enabled &= ~(1ULL << (hwc->idx + 32));
-	else if (event->hw.flags & PERF_X86_EVENT_PEBS_ST)
-		cpuc->pebs_enabled &= ~(1ULL << 63);
-
 	if (ds->pebs_interrupt_threshold >
 	    ds->pebs_buffer_base + x86_pmu.pebs_record_size) {
 		intel_pmu_drain_pebs_buffer();
@@ -769,6 +762,13 @@ void intel_pmu_pebs_disable(struct perf_event *event)
 			perf_sched_cb_dec(event->ctx->pmu);
 	}
 
+	cpuc->pebs_enabled &= ~(1ULL << hwc->idx);
+
+	if (event->hw.flags & PERF_X86_EVENT_PEBS_LDLAT)
+		cpuc->pebs_enabled &= ~(1ULL << (hwc->idx + 32));
+	else if (event->hw.flags & PERF_X86_EVENT_PEBS_ST)
+		cpuc->pebs_enabled &= ~(1ULL << 63);
+
 	if (cpuc->enabled)
 		wrmsrl(MSR_IA32_PEBS_ENABLE, cpuc->pebs_enabled);

next prev parent reply	other threads:[~2015-07-03 13:13 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-07-02 15:18 perf: fuzzer triggered warning in intel_pmu_drain_pebs_nhm() Vince Weaver
2015-07-02 19:43 ` Peter Zijlstra
2015-07-03 13:13 ` Peter Zijlstra [this message]
2015-07-03 18:56   ` Stephane Eranian
2015-07-03 19:04     ` Peter Zijlstra
2015-07-03 19:49       ` Vince Weaver
2015-07-15  6:42         ` Stephane Eranian
2015-07-15 12:35           ` Peter Zijlstra
2015-07-16  6:02             ` Stephane Eranian
2015-07-16  7:15               ` Peter Zijlstra
2015-07-16  7:30                 ` Stephane Eranian
2015-07-16 21:12                   ` Stephane Eranian
2015-07-03 19:03   ` Vince Weaver
2015-07-03 20:08   ` Liang, Kan
2015-07-06 10:55     ` Peter Zijlstra
2015-07-06 13:47       ` Liang, Kan
2015-07-06 16:22         ` Vince Weaver
2015-07-06 16:23           ` Liang, Kan
2015-07-06 16:51             ` Vince Weaver
2015-08-04  9:01     ` [tip:perf/core] perf/x86/intel/pebs: Fix event disable PEBS buffer drain tip-bot for Liang, Kan

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:71fc4023884 dfblob:041a30ba565 )
 OR (
bs:"Re: perf: fuzzer triggered warning in intel_pmu_drain_pebs_nhm()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150703131336.GI19282@twins.programming.kicks-ass.net \
    --to=peterz@infradead.org \
    --cc=acme@kernel.org \
    --cc=eranian@gmail.com \
    --cc=kan.liang@intel.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=vincent.weaver@maine.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox