From patchwork Wed Nov 5 16:11:44 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 40203 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-la0-f71.google.com (mail-la0-f71.google.com [209.85.215.71]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 51C692404A for ; Wed, 5 Nov 2014 16:13:00 +0000 (UTC) Received: by mail-la0-f71.google.com with SMTP id gq15sf687493lab.10 for ; Wed, 05 Nov 2014 08:12:59 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:delivered-to:from:to:cc:subject :date:message-id:in-reply-to:references:sender:precedence:list-id :x-original-sender:x-original-authentication-results:mailing-list :list-post:list-help:list-archive:list-unsubscribe; bh=Ht61XerlJF4yTjRnLVwLk4WiC0/cw2IVIkK2fI9GoGM=; b=aRrlFwQoW039qZNujrHlXyeKjno5G9uzrmzeaTqJh+9CrFCaxRFVGGDKo1vUvhm4JR 5/qMuwZUro7JF6nT4FKhbnDkTpQ6ind08VpZn15YhySruBPtNjndmXdt4BcNf4mtdSet Ej/sghulNOxRtD3m2kZbB/nVf/hsGit7iV9gfTQiCX1UGgqvU3rfuj2iQ6h1XJJ2SUMb n70k6mEJc+FrTlCQzDG4pm7Fn6xuFuvykF2EFO8O4p5F67D/118Eolt9PUsY7KKV/kPu ptb6kde+J1jjeQAz0+EOg5/MAU0OISuZn1iJZZJVn65xiah1dxOs/1AHyBfRoA9YhjCa wDsw== X-Gm-Message-State: ALoCoQlsaqzCuqQo1ozV1mTfhejB1lIATR264Dc/Cpkmf7YsnxSS5w4EY1kcPIWR3YhDr9f++6Na X-Received: by 10.194.176.106 with SMTP id ch10mr207810wjc.6.1415203979062; Wed, 05 Nov 2014 08:12:59 -0800 (PST) MIME-Version: 1.0 X-BeenThere: patchwork-forward@linaro.org Received: by 10.152.5.166 with SMTP id t6ls1128715lat.20.gmail; Wed, 05 Nov 2014 08:12:58 -0800 (PST) X-Received: by 10.112.254.162 with SMTP id aj2mr69873619lbd.70.1415203978840; Wed, 05 Nov 2014 08:12:58 -0800 (PST) Received: from mail-la0-f48.google.com (mail-la0-f48.google.com. [209.85.215.48]) by mx.google.com with ESMTPS id k3si7022564lbd.26.2014.11.05.08.12.57 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 05 Nov 2014 08:12:57 -0800 (PST) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.48 as permitted sender) client-ip=209.85.215.48; Received: by mail-la0-f48.google.com with SMTP id gq15so989410lab.35 for ; Wed, 05 Nov 2014 08:12:57 -0800 (PST) X-Received: by 10.112.202.104 with SMTP id kh8mr7096298lbc.46.1415203977856; Wed, 05 Nov 2014 08:12:57 -0800 (PST) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.112.184.201 with SMTP id ew9csp308005lbc; Wed, 5 Nov 2014 08:12:56 -0800 (PST) X-Received: by 10.68.206.98 with SMTP id ln2mr57620531pbc.83.1415203976119; Wed, 05 Nov 2014 08:12:56 -0800 (PST) Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id us9si3336270pac.193.2014.11.05.08.12.55 for ; Wed, 05 Nov 2014 08:12:56 -0800 (PST) Received-SPF: none (google.com: linux-kernel-owner@vger.kernel.org does not designate permitted sender hosts) client-ip=209.132.180.67; Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755356AbaKEQMx (ORCPT + 25 others); Wed, 5 Nov 2014 11:12:53 -0500 Received: from cam-admin0.cambridge.arm.com ([217.140.96.50]:34535 "EHLO cam-admin0.cambridge.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754004AbaKEQMw (ORCPT ); Wed, 5 Nov 2014 11:12:52 -0500 Received: from leverpostej.cambridge.arm.com (leverpostej.cambridge.arm.com [10.1.205.151]) by cam-admin0.cambridge.arm.com (8.12.6/8.12.6) with ESMTP id sA5GC2wp003720; Wed, 5 Nov 2014 16:12:23 GMT From: Mark Rutland To: linux-kernel@vger.kernel.org Cc: acme@kernel.org, drew.richardson@arm.com, mingo@redhat.com, a.p.zijlstra@chello.nl, vincent.weaver@maine.edu, will.deacon@arm.com, Mark Rutland Subject: [PATCH 1/1] perf: fix corruption of sibling list with hotplug Date: Wed, 5 Nov 2014 16:11:44 +0000 Message-Id: <1415203904-25308-2-git-send-email-mark.rutland@arm.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1415203904-25308-1-git-send-email-mark.rutland@arm.com> References: <1415203904-25308-1-git-send-email-mark.rutland@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: list List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: mark.rutland@arm.com X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.48 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 List-Post: , List-Help: , List-Archive: List-Unsubscribe: , When a CPU hotplugged out, we call perf_remove_from_context (via perf_event_exit_cpu) to rip each CPU-bound event out of its PMU's cpu context, but leave siblings grouped together. Freeing of these events is left to the mercy of the usual refcounting. When a CPU-bound event's refcount drops to zero we cross-call to __perf_remove_from_context to clean it up, detaching grouped siblings. This works when the relevant CPU is online, but will fail if the CPU is currently offline, and we won't detach the event from its siblings before freeing the event, leaving the sibling list corrupt. If the sibling list is later walked (e.g. because the CPU cam online again before a remaining sibling's refcount drops to zero), we will walk the now corrupted siblings list, potentially dereferencing garbage values. Given that the events should never be scheduled again (as we removed them from their context), we can simply detatch siblings when the CPU goes down in the first place. If the CPU comes back online, the redundant call to __perf_remove_from_context is safe. Signed-off-by: Mark Rutland Reported-by: Drew Richardson Cc: Arnaldo Carvalho de Melo Cc: Ingo Molnar Cc: Peter Zijlstra Cc: Vince Weaver Cc: Will Deacon --- kernel/events/core.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/kernel/events/core.c b/kernel/events/core.c index 2b02c9f..1cd5eef 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -1562,8 +1562,10 @@ static void perf_remove_from_context(struct perf_event *event, bool detach_group if (!task) { /* - * Per cpu events are removed via an smp call and - * the removal is always successful. + * Per cpu events are removed via an smp call. The removal can + * fail if the CPU is currently offline, but in that case we + * already called __perf_remove_from_context from + * perf_event_exit_cpu. */ cpu_function_call(event->cpu, __perf_remove_from_context, &re); return; @@ -8117,7 +8119,7 @@ static void perf_pmu_rotate_stop(struct pmu *pmu) static void __perf_event_exit_context(void *__info) { - struct remove_event re = { .detach_group = false }; + struct remove_event re = { .detach_group = true }; struct perf_event_context *ctx = __info; perf_pmu_rotate_stop(ctx->pmu);