lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20160114104449.GW6344@twins.programming.kicks-ass.net>
Date:	Thu, 14 Jan 2016 11:44:49 +0100
From:	Peter Zijlstra <peterz@...radead.org>
To:	Alexander Shishkin <alexander.shishkin@...ux.intel.com>
Cc:	mingo@...nel.org, eranian@...gle.com, linux-kernel@...r.kernel.org,
	vince@...ter.net, dvyukov@...gle.com, andi@...stfloor.org,
	jolsa@...hat.com
Subject: Re: [RFC][PATCH 12/12] perf: Collapse and fix event_function_call()
 users

On Wed, Jan 13, 2016 at 05:00:50PM +0200, Alexander Shishkin wrote:
> I think I caught one, below.
> 
> Peter Zijlstra <peterz@...radead.org> writes:
> 
> > +static int event_function(void *info)
> > +{
> > +	struct event_function_struct *efs = info;
> > +	struct perf_event *event = efs->event;
> > +	struct perf_event_context *ctx = event->ctx;
> > +	struct perf_cpu_context *cpuctx = __get_cpu_context(ctx);
> > +	struct perf_event_context *task_ctx = cpuctx->task_ctx;
> > +
> > +	WARN_ON_ONCE(!irqs_disabled());
> > +
> > +	/*
> > +	 * Since we do the IPI call without holding ctx->lock things can have
> > +	 * changed, double check we hit the task we set out to hit.
> > +	 *
> > +	 * If ctx->task == current, we know things must remain valid because
> > +	 * we have IRQs disabled so we cannot schedule.
> > +	 */
> > +	if (ctx->task) {
> > +		if (ctx->task != current)
> > +			return -EAGAIN;
> > +
> > +		WARN_ON_ONCE(task_ctx != ctx);
> 
> Looks like between dropping ctx::lock in event_function_call() and here,
> cpuctx::task_ctx may still become NULL.

You were indeed correct, and I've found out how and why.

Its a race with perf_event_exit_task(), which will schedule the context
out. I think there's a bunch of races around this area, but in general I
was planning on making event_function_call() a no-op if !(event->attach
& PERF_ATTACH_CONTEXT).

You cannot rely on ->is_active here, because while the context will be
inactive, you still do not want it to call ->func().

Let me prod at this a bit more.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ