From: Jiri Olsa <jolsa@redhat.com>
To: Cong Wang <xiyou.wangcong@gmail.com>
Cc: linux-kernel@vger.kernel.org,
Peter Zijlstra <peterz@infradead.org>,
Ingo Molnar <mingo@redhat.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Namhyung Kim <namhyung@kernel.org>,
stable@vger.kernel.org
Subject: Re: [PATCH] perf/core: fix a possible deadlock scenario
Date: Wed, 18 Jul 2018 10:19:05 +0200 [thread overview]
Message-ID: <20180718081905.GA13520@krava> (raw)
In-Reply-To: <20180716215101.4713-1-xiyou.wangcong@gmail.com>
On Mon, Jul 16, 2018 at 02:51:01PM -0700, Cong Wang wrote:
> hrtimer_cancel() busy-waits for the hrtimer callback to stop,
> pretty much like del_timer_sync(). This creates a possible deadlock
> scenario where we hold a spinlock before calling hrtimer_cancel()
> while in trying to acquire the same spinlock in the callback.
>
> This kind of deadlock is already known and is catchable by lockdep,
> like for del_timer_sync(), we can add lockdep annotations. However,
> it is still missing for hrtimer_cancel(). (I have a WIP patch to make
> it complete for hrtimer_cancel() but it breaks booting.)
>
> And there is such a deadlock scenario in kernel/events/core.c too,
> well actually, it is a simpler version: the hrtimer callback waits
> for itself to finish on the same CPU! It sounds stupid but it is
> not obvious at all, it hides very deeply in the perf event code:
>
> cpu_clock_event_init():
> perf_swevent_init_hrtimer():
> hwc->hrtimer.function = perf_swevent_hrtimer;
>
> perf_swevent_hrtimer():
> __perf_event_overflow():
> __perf_event_account_interrupt():
> perf_adjust_period():
> pmu->stop():
> cpu_clock_event_stop():
> perf_swevent_cancel():
> hrtimer_cancel()
>
> Getting stuck in a timer doesn't sound very scary, however, in this
sound scary enough for me ;-) were you able to hit it?
> case, its consequences are a disaster:
>
> perf_event_overflow() which calls __perf_event_overflow() is called
> in NMI handler too, so it is racy with hrtimer callback as disabling
> IRQ can't possibly disable NMI. This means this hrtimer callback
> once interrupted by an NMI handler could deadlock within NMI!
hum, the swevent pmu does not triger NMI, so that timer
will never be touched in NMI context
jirka
next prev parent reply other threads:[~2018-07-18 8:19 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-16 21:51 [PATCH] perf/core: fix a possible deadlock scenario Cong Wang
2018-07-18 8:19 ` Jiri Olsa [this message]
2018-07-18 20:21 ` Cong Wang
2018-07-19 13:28 ` Jiri Olsa
2018-07-19 19:12 ` [PATCH v2] " Cong Wang
2018-07-20 11:52 ` Peter Zijlstra
2018-07-23 23:16 ` Cong Wang
2018-07-24 1:35 ` Cong Wang
2018-07-24 1:44 ` Cong Wang
2018-07-24 9:18 ` Peter Zijlstra
2018-07-25 18:44 ` Cong Wang
2018-07-24 9:12 ` Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180718081905.GA13520@krava \
--to=jolsa@redhat.com \
--cc=acme@kernel.org \
--cc=alexander.shishkin@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=namhyung@kernel.org \
--cc=peterz@infradead.org \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox