lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20140715091104.GU9918@twins.programming.kicks-ass.net>
Date:	Tue, 15 Jul 2014 11:11:04 +0200
From:	Peter Zijlstra <peterz@...radead.org>
To:	Jiri Olsa <jolsa@...hat.com>
Cc:	Jiri Olsa <jolsa@...nel.org>, linux-kernel@...r.kernel.org,
	Alexander Yarygin <yarygin@...ux.vnet.ibm.com>,
	Arnaldo Carvalho de Melo <acme@...nel.org>,
	Corey Ashford <cjashfor@...ux.vnet.ibm.com>,
	Frederic Weisbecker <fweisbec@...il.com>,
	Ingo Molnar <mingo@...nel.org>,
	Paul Mackerras <paulus@...ba.org>
Subject: Re: [PATCH 2/5] perf: Destroy event's children on task exit

On Mon, Jul 14, 2014 at 10:18:54PM +0200, Jiri Olsa wrote:
> On Mon, Jul 14, 2014 at 01:18:33PM +0200, Peter Zijlstra wrote:
> > On Fri, Jul 11, 2014 at 01:56:19PM +0200, Jiri Olsa wrote:
> > > From: Jiri Olsa <jolsa@...hat.com>

> > > +static void perf_event_exit_children(struct perf_event *parent)
> > > +{
> > > +	struct perf_event *child, *tmp;
> > > +
> > > +	mutex_lock(&parent->child_mutex);
> > > +	list_for_each_entry_safe(child, tmp, &parent->child_list,
> > > +				 child_list) {
> > > +		struct perf_event_context *child_ctx = child->ctx;
> > > +
> > > +		/*
> > > +		 * Child events got removed from child_list under
> > > +		 * child_mutex and then freed. So it's safe to access
> > > +		 * childs context in here, because the child holds
> > > +		 * context ref.
> > > +		 */
> > > +		mutex_lock(&child_ctx->mutex);
> > > +		perf_remove_from_context(child, true);
> > > +		mutex_unlock(&child_ctx->mutex);
> > > +
> > > +		list_del_init(&child->child_list);
> > > +		put_event(parent);
> > > +		free_event(child);
> > > +	}
> > > +	mutex_unlock(&parent->child_mutex);
> > > +}

> > I don't think this is correct, perf_event_init_context() can come in
> > concurrently and the first place it runs into ->child_mutex is after its
> > already allocated and created the (first) child event.
> 
> just noticed this.. I'm working on the other version we decide, but FWIW
> there's also mutex_lock(&child_ctx->mutex); before removing the context,
> that should protect it against perf_event_init_context call

Oh, more fail :-)

You have:

  perf_event::child_mutex
    perf_event_context::mutex

The existing code has:

  perf_event_context::mutex
    perf_event::child_context

See for example:

  perf_event_init_context()
    mutex_lock(&parent_ctx->mutex)
    inherit_task_group()
      inherit_group()
        inherit_event()
	  mutex_lock(&parent_event->child_mutex)

and

  perf_event_for_each()
    mutex_lock(&ctx->mutex)
    perf_event_for_each_child()
      mutex_lock(&event->child_mutex)

So the patch creates an AB-BA deadlock.

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ