| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250603091352.GJ21197@noisy.programming.kicks-ass.net>
Date: Tue, 3 Jun 2025 11:13:52 +0200
From: Peter Zijlstra <peterz@...radead.org>
To: David Wang <00107082@....com>
Cc: mingo@...hat.com, acme@...nel.org, namhyung@...nel.org,
mingo@...nel.org, yeoreum.yun@....com, leo.yan@....com,
linux-perf-users@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] perf/core: restore __perf_remove_from_context when
DETACH_EXIT not set
On Tue, Jun 03, 2025 at 04:33:04PM +0800, David Wang wrote:
> commit a3c3c66670ce ("perf/core: Fix child_total_time_enabled accounting
> bug at task exit") made changes to __perf_remove_from_context() to
> coordinate its changes with perf_event_exit_event(), but the change are
> unconditional, it impacts callpaths to __perf_remove_from_context()
> other than from perf_event_exit_event(). One of the impact is to cgroup,
> which is not properly handled and would cause kernel panic with high
> probalibity during reboot on some system[1].
Sorry, but no. This does not describe the problem adequately. I would
have to go read your [1] to figure out what is actually broken.
That is, having read the above, I'm still clueless as to what the actual
problem is.
> To confine the side effects, make the changes to
> __perf_remove_from_context() conditional, restore to its previous state
> except when DETACH_EXIT is set.
>
> Closes: https://lore.kernel.org/lkml/20250601173603.3920-1-00107082@163.com/ [1]
> Fixes: a3c3c66670ce ("perf/core: Fix child_total_time_enabled accounting bug at task exit")
> Signed-off-by: David Wang <00107082@....com>
> ---
> Changes:
> Address yeoreum.yun@....com's concern about missing cgroup event.
> ---
> kernel/events/core.c | 11 ++++++-----
> 1 file changed, 6 insertions(+), 5 deletions(-)
>
> diff --git a/kernel/events/core.c b/kernel/events/core.c
> index 95e703891b24..e2c0f34b0789 100644
> --- a/kernel/events/core.c
> +++ b/kernel/events/core.c
> @@ -2466,7 +2466,7 @@ __perf_remove_from_context(struct perf_event *event,
> void *info)
> {
> struct perf_event_pmu_context *pmu_ctx = event->pmu_ctx;
> - enum perf_event_state state = PERF_EVENT_STATE_OFF;
> + enum perf_event_state exit_state = PERF_EVENT_STATE_EXIT;
> unsigned long flags = (unsigned long)info;
>
> ctx_time_update(cpuctx, ctx);
> @@ -2475,19 +2475,20 @@ __perf_remove_from_context(struct perf_event *event,
> * Ensure event_sched_out() switches to OFF, at the very least
> * this avoids raising perf_pending_task() at this time.
> */
> - if (flags & DETACH_EXIT)
> - state = PERF_EVENT_STATE_EXIT;
> if (flags & DETACH_DEAD) {
> event->pending_disable = 1;
> - state = PERF_EVENT_STATE_DEAD;
> + exit_state = PERF_EVENT_STATE_DEAD;
> }
> event_sched_out(event, ctx);
> - perf_event_set_state(event, min(event->state, state));
> if (flags & DETACH_GROUP)
> perf_group_detach(event);
> if (flags & DETACH_CHILD)
> perf_child_detach(event);
> list_del_event(event, ctx);
> + if (flags & DETACH_EXIT)
> + perf_event_set_state(event, min(event->state, exit_state));
> + if (flags & DETACH_DEAD)
> + event->state = PERF_EVENT_STATE_DEAD;
Urgh, no. Trying to reverse engineer the above, the intent appears to be
to not set OFF.
This can be achieved by doing:
- enum perf_event_state state = PERF_EVENT_STATE_OFF;
+ enum perf_event_state state = event->state;
No other changes required. You also move the location of
perf_event_set_state(), but it is entirely unclear to me if that is
actually needed.
Worse, you split the means of setting state -- that is entirely uncalled
for.
Powered by blists - more mailing lists