Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp686181rwb; Fri, 7 Oct 2022 02:51:16 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4WvRXktQcDB8NgqGE96C9yNDqtDKghAh9Ivb3uwMmZnwRtPUGuU4TA8/jL+ibQQUVyPHEF X-Received: by 2002:a05:6402:5209:b0:451:2b4e:6e30 with SMTP id s9-20020a056402520900b004512b4e6e30mr3870862edd.380.1665136276029; Fri, 07 Oct 2022 02:51:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1665136276; cv=none; d=google.com; s=arc-20160816; b=aupRSOfwcSGE7A91c+wXGzCMo1Ug+sRpGuYF27NU9t8Krc7Lct/A2N06R4iR+Bu676 p0IWCF0JXOtWwcSkHcwTUw/SEuKx9nMAJVDDuJvoe7tcU79j+phPDfpWT38WK/vCU1N9 LaSPrSEHQ+KTFIt9O29Y4vHgieKp5/hh2TWFLBw8XobD0aJuZzZ/kCzE1sF1CzZPLclv +CI1Z5AhTF6hFQEccWFbrzr+b6UeMdOwt1yYT64fo6ussjvlJeLqgauWOm6oZ4AHvP/d 39R5ZYzjBJYNtvGE0g6XcFySHgnE/RdeSsbdfZXpdKtENZ1WHCAAwGVsasuJcWtlwtB2 VGVQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=LH9uOMgE/N45WO2wenwuwG6vNOy7NLHsypVs9cw/6bM=; b=h78iRYLMkJDwJ0POnK4j6XapJ9ALUzC8Qy8cjfJKgC5MIcLkok+mGhodde1xX36EJu i5vpXDjeat51AUABxIR6ZTawZd9usHW2yuD2tELFPg8XKbIUBgLW2/3t/RTB4DVSuJ9l KWqObzGtqBZoLnCc1TFI9TDXaR2ma4mzB0CpV2G4oYB9ltCVBLtSBYeCqCgfht/lflgu PjUp2i1bHsKVoE5he+dlmIA69km1UxjzDBxA6mYb3KgT1ioS/ZfO7oPj3nJKk44reNBO JHtKbpbmPmbxeL6WmWbaSYbYs7N6OO9PwPlZgoekxBTeelBl6E5yAzcQSzRwu5W1NaZV NRSw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=lsFbyXl3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t2-20020a50ab42000000b00456f2b66376si1581506edc.448.2022.10.07.02.50.27; Fri, 07 Oct 2022 02:51:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=lsFbyXl3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229543AbiJGJhu (ORCPT + 99 others); Fri, 7 Oct 2022 05:37:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53774 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229501AbiJGJhr (ORCPT ); Fri, 7 Oct 2022 05:37:47 -0400 Received: from mail-ed1-x535.google.com (mail-ed1-x535.google.com [IPv6:2a00:1450:4864:20::535]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DB9192BE01 for ; Fri, 7 Oct 2022 02:37:44 -0700 (PDT) Received: by mail-ed1-x535.google.com with SMTP id u21so6225219edi.9 for ; Fri, 07 Oct 2022 02:37:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=user-agent:in-reply-to:content-disposition:mime-version:references :message-id:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=LH9uOMgE/N45WO2wenwuwG6vNOy7NLHsypVs9cw/6bM=; b=lsFbyXl33hkfxl40Mg0YTzeWJ5VYdqe4UOTCor+QWvEcgkHHWPhAotJnJhrz4fPfAJ f4qJs86NHVqMzL1K5oVyWxMKgxEx39cVqik6laTm+MhmTNPVhwQvdLIwOWrSbUBXBgkO cb4grWQwTrHt46XTJrZp7euH1UskYnC4zLAfYJyNROllolyrd6rQklNEAmXG07MXBAbS v1rdXvXXlon7DzRAcTOSV8US81L83h5cOtwDrbs3pzeyVKwa148+92MR8cHZ+icsqrdb 1wLo7/8jY1VCFVuBz1wrz7VrkoPy20r4rnR2DThv+weq/cKax8JUphjfhpt/mGh55+NO zz1Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=user-agent:in-reply-to:content-disposition:mime-version:references :message-id:subject:cc:to:from:date:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LH9uOMgE/N45WO2wenwuwG6vNOy7NLHsypVs9cw/6bM=; b=OKphDvfpCLm20LH60S+hxjY+fNshPI7KyKnfruA487MeVNCbEC8nOFiYUtoJjoaFEc QdhXWN7RbLBzWvue7y1NFo+JRJUBptZWc8XsveHznKW8xQZQWCUgjQeQMuwAqEMTOHfx nf6eiGVJJGqlYEAGfM4J2C/7B6O6NDf5ThPm7oxQK/RuFPkcW6I9Goq7yBXrYPNYFIBF B9DJ4xu5DFsUyGr3fTB0QB39GaezVe68ailwciPRD5+yzVxR9+iAbLzX3d3pZW7EO+LG FaHLAxvA8DT9d+JnTfQkKwqZoIObO42keiY2xz1teYV0SbCw3xKebg5YLOWOiylx5I10 Zehw== X-Gm-Message-State: ACrzQf2ngKETH9rJ+yqfl4x9INB9WC3ghc8XOz2QwK+tu7ywxpO+OvP2 qyQg6w+QrtrQrhN2sb1MSCPsWw== X-Received: by 2002:a05:6402:42c7:b0:45a:2d91:741f with SMTP id i7-20020a05640242c700b0045a2d91741fmr1000007edc.39.1665135462718; Fri, 07 Oct 2022 02:37:42 -0700 (PDT) Received: from elver.google.com ([2a00:79e0:9c:201:4e4:454c:b135:33f2]) by smtp.gmail.com with ESMTPSA id o29-20020a509b1d000000b00459c5c2138csm1123758edi.32.2022.10.07.02.37.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 07 Oct 2022 02:37:41 -0700 (PDT) Date: Fri, 7 Oct 2022 11:37:34 +0200 From: Marco Elver To: Peter Zijlstra Cc: Ingo Molnar , Arnaldo Carvalho de Melo , Mark Rutland , Alexander Shishkin , Jiri Olsa , Namhyung Kim , linux-perf-users@vger.kernel.org, linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, Dmitry Vyukov Subject: Re: [PATCH] perf: Fix missing SIGTRAPs Message-ID: References: <20220927121322.1236730-1-elver@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/2.2.7 (2022-08-07) X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Oct 06, 2022 at 06:02PM +0200, Peter Zijlstra wrote: > This can happen if we get two consecutive event_sched_out() and both > instances will have pending_sigtrap set. This can happen when the event > that has sigtrap set also triggers in kernel space. > > You then get task_work list corruption and *boom*. > > I'm thinking the below might be the simplest solution; we can only send > a single signal after all. That worked. In addition I had to disable the ctx->task != current check if we're in task_work, because presumably the event might have already been disabled/moved?? At least with all the below fixups, things seem to work (tests + light fuzzing). Thanks, -- Marco ------ >8 ------ diff --git a/kernel/events/core.c b/kernel/events/core.c index 9319af6013f1..29ed6e58906b 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -2285,9 +2285,10 @@ event_sched_out(struct perf_event *event, */ local_dec(&event->ctx->nr_pending); } else { - WARN_ON_ONCE(event->pending_work); - event->pending_work = 1; - task_work_add(current, &event->pending_task, TWA_RESUME); + if (!event->pending_work) { + event->pending_work = 1; + task_work_add(current, &event->pending_task, TWA_RESUME); + } } } @@ -6455,18 +6456,19 @@ void perf_event_wakeup(struct perf_event *event) } } -static void perf_sigtrap(struct perf_event *event) +static void perf_sigtrap(struct perf_event *event, bool in_task_work) { /* * We'd expect this to only occur if the irq_work is delayed and either * ctx->task or current has changed in the meantime. This can be the * case on architectures that do not implement arch_irq_work_raise(). */ - if (WARN_ON_ONCE(event->ctx->task != current)) + if (WARN_ON_ONCE(!in_task_work && event->ctx->task != current)) return; /* - * perf_pending_irq() can race with the task exiting. + * Both perf_pending_task() and perf_pending_irq() can race with the + * task exiting. */ if (current->flags & PF_EXITING) return; @@ -6496,7 +6498,7 @@ static void __perf_pending_irq(struct perf_event *event) if (event->pending_sigtrap) { event->pending_sigtrap = 0; local_dec(&event->ctx->nr_pending); - perf_sigtrap(event); + perf_sigtrap(event, false); } if (event->pending_disable) { event->pending_disable = 0; @@ -6563,16 +6565,18 @@ static void perf_pending_task(struct callback_head *head) * If we 'fail' here, that's OK, it means recursion is already disabled * and we won't recurse 'further'. */ + preempt_disable_notrace(); rctx = perf_swevent_get_recursion_context(); if (event->pending_work) { event->pending_work = 0; local_dec(&event->ctx->nr_pending); - perf_sigtrap(event); + perf_sigtrap(event, true); } if (rctx >= 0) perf_swevent_put_recursion_context(rctx); + preempt_enable_notrace(); } #ifdef CONFIG_GUEST_PERF_EVENTS