On Mon, Jul 14, 2014 at 10:18:54PM +0200, Jiri Olsa wrote: > On Mon, Jul 14, 2014 at 01:18:33PM +0200, Peter Zijlstra wrote: > > On Fri, Jul 11, 2014 at 01:56:19PM +0200, Jiri Olsa wrote: > > > From: Jiri Olsa <jo...@redhat.com>
> > > +static void perf_event_exit_children(struct perf_event *parent)
> > > +{
> > > + struct perf_event *child, *tmp;
> > > +
> > > + mutex_lock(&parent->child_mutex);
> > > + list_for_each_entry_safe(child, tmp, &parent->child_list,
> > > + child_list) {
> > > + struct perf_event_context *child_ctx = child->ctx;
> > > +
> > > + /*
> > > + * Child events got removed from child_list under
> > > + * child_mutex and then freed. So it's safe to access
> > > + * childs context in here, because the child holds
> > > + * context ref.
> > > + */
> > > + mutex_lock(&child_ctx->mutex);
> > > + perf_remove_from_context(child, true);
> > > + mutex_unlock(&child_ctx->mutex);
> > > +
> > > + list_del_init(&child->child_list);
> > > + put_event(parent);
> > > + free_event(child);
> > > + }
> > > + mutex_unlock(&parent->child_mutex);
> > > +}
> > I don't think this is correct, perf_event_init_context() can come in
> > concurrently and the first place it runs into ->child_mutex is after its
> > already allocated and created the (first) child event.
>
> just noticed this.. I'm working on the other version we decide, but FWIW
> there's also mutex_lock(&child_ctx->mutex); before removing the context,
> that should protect it against perf_event_init_context call
Oh, more fail :-)
You have:
perf_event::child_mutex
perf_event_context::mutex
The existing code has:
perf_event_context::mutex
perf_event::child_context
See for example:
perf_event_init_context()
mutex_lock(&parent_ctx->mutex)
inherit_task_group()
inherit_group()
inherit_event()
mutex_lock(&parent_event->child_mutex)
and
perf_event_for_each()
mutex_lock(&ctx->mutex)
perf_event_for_each_child()
mutex_lock(&event->child_mutex)
So the patch creates an AB-BA deadlock.
pgpoKGVBQsN2j.pgp
Description: PGP signature
