[tip:perf/urgent] perf: Cure event->pending_disable race

Thu, 25 Feb 2016 00:08:06 -0800 

Commit-ID:  28a967c3a2f99fa3b5f762f25cb2a319d933571b
Gitweb:     http://git.kernel.org/tip/28a967c3a2f99fa3b5f762f25cb2a319d933571b
Author:     Peter Zijlstra <pet...@infradead.org>
AuthorDate: Wed, 24 Feb 2016 18:45:46 +0100
Committer:  Ingo Molnar <mi...@kernel.org>
CommitDate: Thu, 25 Feb 2016 08:42:34 +0100

perf: Cure event->pending_disable race

Because event_sched_out() checks event->pending_disable _before_
actually disabling the event, it can happen that the event fires after
it checks but before it gets disabled.

This would leave event->pending_disable set and the queued irq_work
will try and process it.

However, if the event trigger was during schedule(), the event might
have been de-scheduled by the time the irq_work runs, and
perf_event_disable_local() will fail.

Fix this by checking event->pending_disable _after_ we call
event->pmu->del(). This depends on the latter being a compiler
barrier, such that the compiler does not lift the load and re-creates
the problem.

Tested-by: Alexander Shishkin <alexander.shish...@linux.intel.com>
Signed-off-by: Peter Zijlstra (Intel) <pet...@infradead.org>
Reviewed-by: Alexander Shishkin <alexander.shish...@linux.intel.com>
Cc: Arnaldo Carvalho de Melo <a...@redhat.com>
Cc: Jiri Olsa <jo...@redhat.com>
Cc: Linus Torvalds <torva...@linux-foundation.org>
Cc: Peter Zijlstra <pet...@infradead.org>
Cc: Thomas Gleixner <t...@linutronix.de>
Cc: dvyu...@google.com
Cc: eran...@google.com
Cc: o...@redhat.com
Cc: pan...@redhat.com
Cc: sasha.le...@oracle.com
Cc: vi...@deater.net
Link: http://lkml.kernel.org/r/20160224174948.040469...@infradead.org
Signed-off-by: Ingo Molnar <mi...@kernel.org>
---
 kernel/events/core.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/kernel/events/core.c b/kernel/events/core.c
index ea064ca..de14b67 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -1696,14 +1696,14 @@ event_sched_out(struct perf_event *event,
 
        perf_pmu_disable(event->pmu);
 
+       event->tstamp_stopped = tstamp;
+       event->pmu->del(event, 0);
+       event->oncpu = -1;
        event->state = PERF_EVENT_STATE_INACTIVE;
        if (event->pending_disable) {
                event->pending_disable = 0;
                event->state = PERF_EVENT_STATE_OFF;
        }
-       event->tstamp_stopped = tstamp;
-       event->pmu->del(event, 0);
-       event->oncpu = -1;
 
        if (!is_software_event(event))
                cpuctx->active_oncpu--;

Reply via email to