From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linuxfoundation.org ([140.211.169.12]:48177 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751539AbbFZFkM (ORCPT ); Fri, 26 Jun 2015 01:40:12 -0400 Subject: Patch "perf: Fix ring_buffer_attach() RCU sync, again" has been added to the 4.1-stable tree To: oleg@redhat.com, akpm@linux-foundation.org, alexander.shishkin@linux.intel.com, bp@alien8.de, brgerst@gmail.com, dvlasenk@redhat.com, gregkh@linuxfoundation.org, hpa@zytor.com, luto@amacapital.net, mingo@kernel.org, paulmck@linux.vnet.ibm.com, peterz@infradead.org, tglx@linutronix.de, torvalds@linux-foundation.org Cc: , From: Date: Thu, 25 Jun 2015 21:24:11 -0700 Message-ID: <143529265137222@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org List-ID: This is a note to let you know that I've just added the patch titled perf: Fix ring_buffer_attach() RCU sync, again to the 4.1-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: perf-fix-ring_buffer_attach-rcu-sync-again.patch and it can be found in the queue-4.1 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >>From 2f993cf093643b98477c421fa2b9a98dcc940323 Mon Sep 17 00:00:00 2001 From: Oleg Nesterov Date: Sat, 30 May 2015 22:04:25 +0200 Subject: perf: Fix ring_buffer_attach() RCU sync, again From: Oleg Nesterov commit 2f993cf093643b98477c421fa2b9a98dcc940323 upstream. While looking for other users of get_state/cond_sync. I Found ring_buffer_attach() and it looks obviously buggy? Don't we need to ensure that we have "synchronize" _between_ list_del() and list_add() ? IOW. Suppose that ring_buffer_attach() preempts right_after get_state_synchronize_rcu() and gp completes before spin_lock(). In this case cond_synchronize_rcu() does nothing and we reuse ->rb_entry without waiting for gp in between? It also moves the ->rcu_pending check under "if (rb)", to make it more readable imo. Signed-off-by: Oleg Nesterov Signed-off-by: Peter Zijlstra (Intel) Cc: Alexander Shishkin Cc: Andrew Morton Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Linus Torvalds Cc: Paul E. McKenney Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: dave@stgolabs.net Cc: der.herr@hofr.at Cc: josh@joshtriplett.org Cc: tj@kernel.org Fixes: b69cf53640da ("perf: Fix a race between ring_buffer_detach() and ring_buffer_attach()") Link: http://lkml.kernel.org/r/20150530200425.GA15748@redhat.com Signed-off-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman --- kernel/events/core.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -4331,20 +4331,20 @@ static void ring_buffer_attach(struct pe WARN_ON_ONCE(event->rcu_pending); old_rb = event->rb; - event->rcu_batches = get_state_synchronize_rcu(); - event->rcu_pending = 1; - spin_lock_irqsave(&old_rb->event_lock, flags); list_del_rcu(&event->rb_entry); spin_unlock_irqrestore(&old_rb->event_lock, flags); - } - if (event->rcu_pending && rb) { - cond_synchronize_rcu(event->rcu_batches); - event->rcu_pending = 0; + event->rcu_batches = get_state_synchronize_rcu(); + event->rcu_pending = 1; } if (rb) { + if (event->rcu_pending) { + cond_synchronize_rcu(event->rcu_batches); + event->rcu_pending = 0; + } + spin_lock_irqsave(&rb->event_lock, flags); list_add_rcu(&event->rb_entry, &rb->event_list); spin_unlock_irqrestore(&rb->event_lock, flags); Patches currently in stable-queue which might be from oleg@redhat.com are queue-4.1/perf-x86-add-more-broadwell-model-numbers.patch queue-4.1/perf-x86-intel-bts-fix-ds-area-sharing-with-x86_pmu-events.patch queue-4.1/perf-fix-ring_buffer_attach-rcu-sync-again.patch queue-4.1/perf-x86-honor-the-architectural-performance-monitoring-version.patch