diff options
author | Peter Zijlstra <[email protected]> | 2014-05-02 16:56:01 +0200 |
---|---|---|
committer | Ingo Molnar <[email protected]> | 2014-05-07 11:33:14 +0200 |
commit | 46ce0fe97a6be7532ce6126bb26ce89fed81528c (patch) | |
tree | b47c910ca19eba6be3e0b8c08e99b9ab8b4903c2 /scripts/gcc-plugins | |
parent | 38583f095c5a8138ae2a1c9173d0fd8a9f10e8aa (diff) |
perf: Fix race in removing an event
When removing a (sibling) event we do:
raw_spin_lock_irq(&ctx->lock);
perf_group_detach(event);
raw_spin_unlock_irq(&ctx->lock);
<hole>
perf_remove_from_context(event);
raw_spin_lock_irq(&ctx->lock);
...
raw_spin_unlock_irq(&ctx->lock);
Now, assuming the event is a sibling, it will be 'unreachable' for
things like ctx_sched_out() because that iterates the
groups->siblings, and we just unhooked the sibling.
So, if during <hole> we get ctx_sched_out(), it will miss the event
and not call event_sched_out() on it, leaving it programmed on the
PMU.
The subsequent perf_remove_from_context() call will find the ctx is
inactive and only call list_del_event() to remove the event from all
other lists.
Hereafter we can proceed to free the event; while still programmed!
Close this hole by moving perf_group_detach() inside the same
ctx->lock region(s) perf_remove_from_context() has.
The condition on inherited events only in __perf_event_exit_task() is
likely complete crap because non-inherited events are part of groups
too and we're tearing down just the same. But leave that for another
patch.
Most-likely-Fixes: e03a9a55b4e ("perf: Change close() semantics for group events")
Reported-by: Vince Weaver <[email protected]>
Tested-by: Vince Weaver <[email protected]>
Much-staring-at-traces-by: Vince Weaver <[email protected]>
Much-staring-at-traces-by: Thomas Gleixner <[email protected]>
Cc: Arnaldo Carvalho de Melo <[email protected]>
Cc: Linus Torvalds <[email protected]>
Signed-off-by: Peter Zijlstra <[email protected]>
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Ingo Molnar <[email protected]>
Diffstat (limited to 'scripts/gcc-plugins')
0 files changed, 0 insertions, 0 deletions