lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20251015051828.12809-1-dapeng1.mi@linux.intel.com>
Date: Wed, 15 Oct 2025 13:18:28 +0800
From: Dapeng Mi <dapeng1.mi@...ux.intel.com>
To: Peter Zijlstra <peterz@...radead.org>,
	Ingo Molnar <mingo@...hat.com>,
	Arnaldo Carvalho de Melo <acme@...nel.org>,
	Namhyung Kim <namhyung@...nel.org>,
	Ian Rogers <irogers@...gle.com>,
	Adrian Hunter <adrian.hunter@...el.com>,
	Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
	Andi Kleen <ak@...ux.intel.com>,
	Eranian Stephane <eranian@...gle.com>
Cc: linux-kernel@...r.kernel.org,
	linux-perf-users@...r.kernel.org,
	Dapeng Mi <dapeng1.mi@...el.com>,
	Dapeng Mi <dapeng1.mi@...ux.intel.com>,
	Octavia Togami <octavia.togami@...il.com>
Subject: [PATCH] perf: Fix system hang caused by cpu-clock

A system hang issue caused by cpu-clock is reported and bisection
indicates the commit 18dbcbfabfff ("perf: Fix the POLL_HUP delivery
 breakage") causes this issue.

The root cause of the hang issue is that cpu-clock is a specific SW
event which relies on the hrtimer. The __perf_event_overflow()
is invoked from the hrtimer handler for cpu-clock event, and
__perf_event_overflow() tries to call event stop callback
(cpu_clock_event_stop()) to stop the event, and cpu_clock_event_stop()
calls htimer_cancel() to cancel the hrtimer. But unfortunately the
hrtimer callback is currently executing and then traps into deadlock.

To avoid this deadlock, use hrtimer_try_to_cancel() instead of
hrtimer_cancel() to cancel the hrtimer, and set PERF_HES_STOPPED flag
for the stopping events. perf_swevent_hrtimer() would stop the event
hrtimer once it detects the PERF_HES_STOPPED flag.

Reported-by: Octavia Togami <octavia.togami@...il.com>
Closes: https://lore.kernel.org/all/CAHPNGSQpXEopYreir+uDDEbtXTBvBvi8c6fYXJvceqtgTPao3Q@mail.gmail.com/
Suggested-by: Peter Zijlstra <peterz@...radead.org>
Fixes: 18dbcbfabfff ("perf: Fix the POLL_HUP delivery breakage")
Tested-by: Octavia Togami <octavia.togami@...il.com>
Signed-off-by: Dapeng Mi <dapeng1.mi@...ux.intel.com>
---
 kernel/events/core.c | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/kernel/events/core.c b/kernel/events/core.c
index 7541f6f85fcb..f90105d5f26a 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -11773,7 +11773,8 @@ static enum hrtimer_restart perf_swevent_hrtimer(struct hrtimer *hrtimer)
 
 	event = container_of(hrtimer, struct perf_event, hw.hrtimer);
 
-	if (event->state != PERF_EVENT_STATE_ACTIVE)
+	if (event->state != PERF_EVENT_STATE_ACTIVE ||
+	    event->hw.state & PERF_HES_STOPPED)
 		return HRTIMER_NORESTART;
 
 	event->pmu->read(event);
@@ -11819,15 +11820,18 @@ static void perf_swevent_cancel_hrtimer(struct perf_event *event)
 	struct hw_perf_event *hwc = &event->hw;
 
 	/*
-	 * The throttle can be triggered in the hrtimer handler.
-	 * The HRTIMER_NORESTART should be used to stop the timer,
-	 * rather than hrtimer_cancel(). See perf_swevent_hrtimer()
+	 * The event stop can be triggered in the hrtimer handler.
+	 * So use hrtimer_try_to_cancel() instead of hrtimer_cancel()
+	 * to stop the hrtimer() to avoid trapping into a dead loop.
+	 * Simultaneously the event would be set PERF_HES_STOPPED flag,
+	 * perf_swevent_hrtimer() would stop the event hrtimer once it
+	 * detects the PERF_HES_STOPPED flag.
 	 */
 	if (is_sampling_event(event) && (hwc->interrupts != MAX_INTERRUPTS)) {
 		ktime_t remaining = hrtimer_get_remaining(&hwc->hrtimer);
 		local64_set(&hwc->period_left, ktime_to_ns(remaining));
 
-		hrtimer_cancel(&hwc->hrtimer);
+		hrtimer_try_to_cancel(&hwc->hrtimer);
 	}
 }
 
@@ -11871,12 +11875,14 @@ static void cpu_clock_event_update(struct perf_event *event)
 
 static void cpu_clock_event_start(struct perf_event *event, int flags)
 {
+	event->hw.state = 0;
 	local64_set(&event->hw.prev_count, local_clock());
 	perf_swevent_start_hrtimer(event);
 }
 
 static void cpu_clock_event_stop(struct perf_event *event, int flags)
 {
+	event->hw.state = PERF_HES_STOPPED;
 	perf_swevent_cancel_hrtimer(event);
 	if (flags & PERF_EF_UPDATE)
 		cpu_clock_event_update(event);
@@ -11950,12 +11956,14 @@ static void task_clock_event_update(struct perf_event *event, u64 now)
 
 static void task_clock_event_start(struct perf_event *event, int flags)
 {
+	event->hw.state = 0;
 	local64_set(&event->hw.prev_count, event->ctx->time);
 	perf_swevent_start_hrtimer(event);
 }
 
 static void task_clock_event_stop(struct perf_event *event, int flags)
 {
+	event->hw.state = PERF_HES_STOPPED;
 	perf_swevent_cancel_hrtimer(event);
 	if (flags & PERF_EF_UPDATE)
 		task_clock_event_update(event, event->ctx->time);

base-commit: 3a8660878839faadb4f1a6dd72c3179c1df56787
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ