Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1758978AbcJYOnD (ORCPT <rfc822;w@1wt.eu>);
        Tue, 25 Oct 2016 10:43:03 -0400
Received: from mx1.redhat.com ([209.132.183.28]:35810 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1752104AbcJYOnA (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 25 Oct 2016 10:43:00 -0400
Date: Tue, 25 Oct 2016 16:41:26 +0200
From: Oleg Nesterov <oleg@redhat.com>
To: Peter Zijlstra <peterz@infradead.org>
Cc: "Ni, BaoleX" <baolex.ni@intel.com>,
        "mingo@redhat.com" <mingo@redhat.com>,
        "acme@kernel.org" <acme@kernel.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "alexander.shishkin@linux.intel.com" 
        <alexander.shishkin@linux.intel.com>,
        "Liu, Chuansheng" <chuansheng.liu@intel.com>
Subject: Re: hit a KASan bug related to Perf during stress test
Message-ID: <20161025144126.GD4326@redhat.com>
References: <20161024112402.GI3102@twins.programming.kicks-ass.net> <20161024120231.GA16554@redhat.com> <20161024121030.GA17007@redhat.com> <20161024122210.GM3102@twins.programming.kicks-ass.net> <20161024122942.GC17007@redhat.com> <20161024123814.GP3102@twins.programming.kicks-ass.net> <20161024132555.GA18410@redhat.com> <20161024143646.GR3102@twins.programming.kicks-ass.net> <20161024153908.GA26135@redhat.com> <20161025092831.GW3102@twins.programming.kicks-ass.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20161025092831.GW3102@twins.programming.kicks-ass.net>
User-Agent: Mutt/1.5.18 (2008-05-17)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Tue, 25 Oct 2016 14:42:59 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1520
Lines: 49

On 10/25, Peter Zijlstra wrote:
>
> On Mon, Oct 24, 2016 at 05:39:08PM +0200, Oleg Nesterov wrote:
> > On 10/24, Peter Zijlstra wrote:
> > >
> > > --- a/kernel/events/core.c
> > > +++ b/kernel/events/core.c
> > > @@ -1257,7 +1257,14 @@ static u32 perf_event_pid(struct perf_event *event, struct task_struct *p)
> > >  	if (event->parent)
> > >  		event = event->parent;
> > >
> > > -	return task_tgid_nr_ns(p, event->ns);
> > > +	/*
> > > +	 * It is possible the task already got unhashed, in which case we
> > > +	 * cannot determine the current->group_leader/real_parent.
> > > +	 *
> > > +	 * Also, report -1 to indicate unhashed, so as not to confused with
> > > +	 * 0 for the idle task.
> > > +	 */
> > > +	return pid_alive(p) ? task_tgid_nr_ns(p, event->ns) : ~0;
> > >  }
> >
> > Yes, but this _looks_ racy unless p == current. I mean, pid_alive() makes
> > task_tgid_nr_ns() safe, but task_tgid_nr_ns() still can return zero _if_
> > it can race with the exiting task.
>
> So what serialization would close that race? __task_pid_nr_ns() only
> seems to use RCU nothing more.

I do not see how can we close this race, we obviously do not want to use
any locking.

That is why I tried to suggest

	nr = __task_pid_nr_ns(p, type, event->ns);
	if (!nr && !is_idle_task(p))
		nr = -1;
	return nr;

but this will report -1 if p runs in another namespace, so perhaps we
can do

	nr = __task_pid_nr_ns(p, type, event->ns);
	if (!nr && p->exit_state)
		// it has already called exit_notify
		nr = -1;
	return nr;

Oleg.