From patchwork Tue Nov 8 09:49:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: tip-bot2 for Thomas Gleixner X-Patchwork-Id: 16969 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp2605352wru; Tue, 8 Nov 2022 02:06:04 -0800 (PST) X-Google-Smtp-Source: AMsMyM5d2TQgM7dOfUhuOFpFRWt/JHN23tX7KrXj/gDNs8QsLx+AlzYziXXBjVbfWykORhFs6ds8 X-Received: by 2002:a17:907:3e85:b0:73d:60cc:5d06 with SMTP id hs5-20020a1709073e8500b0073d60cc5d06mr53677502ejc.722.1667901964456; Tue, 08 Nov 2022 02:06:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1667901964; cv=none; d=google.com; s=arc-20160816; b=dwdXb6mDA4IeHeKVVVBWp9MmxDX1LJwe8i/ZRStRLCQ5jBb2QEGr9ZzdUJtxCV8CIo X0jANPkGdTjC2+0pjQ6YdAElyiGhzF1I1iOv0Z00Qxn2NSiM3QlOIKDAlSH8d94FFBTk 8m3xpS9yXvdworK37xQcKqFSkI14EtpdyeVAQBfw/NIKzm/3G8NaDrXXrpKsOMhlX9YN o6zQ/7elOS9LvBwkyr1nqPNHIWOY2eEJz0PgfFWJ0sHugYDvjnqwBemvfB2nSZm0aCXU LMrvXPBCmPUUkZpK1gPonleSLkP0JCrN2Rlt13+KaBEVxDxZlw9gemifgZqlk0FMzP0t nRhQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:robot-unsubscribe :robot-id:message-id:mime-version:references:in-reply-to:cc:subject :to:reply-to:sender:from:dkim-signature:dkim-signature:date; bh=A//2PWqUGsNd6j8mjXzQwwnRUW0Rd27u4pkRwL2p71k=; b=N009xsrApVbNm3LVVo0HN3M/8kY/Z/4hPTNBX+I+iXTEDhFYzfKXY8b8EBddeP76fk +VXZusICpH33trB/fALJ11Rgi1S0tw75hRLcwr3ANch4yYr4HWSgBEf7wOC4hPVDKZqB 0JuOz0Y8cBOPFEc2p4vQXswIwxRlOLEGmTSWd1QFzG5AxzoRHFlNlFdGPlLUlK1Odemv CZnudQ0r9tyoYKpcGY7+mfv2uncXjJ/rcS6kl2ZLK0sMCZ1hrpNg/JXHkZe4+Rrab0gC HMR7juwnwrM0f2Yhh5oMYK/2m4Spp2m25TNHOR0ZegOCsH4jvi3AlLV6JZ+juMcMKLAz 2eNA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=YLWW1tN9; dkim=neutral (no key) header.i=@linutronix.de; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r8-20020a05640251c800b004520e27e5b9si13666975edd.626.2022.11.08.02.05.40; Tue, 08 Nov 2022 02:06:04 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=YLWW1tN9; dkim=neutral (no key) header.i=@linutronix.de; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232911AbiKHJtd (ORCPT + 99 others); Tue, 8 Nov 2022 04:49:33 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60782 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233333AbiKHJt1 (ORCPT ); Tue, 8 Nov 2022 04:49:27 -0500 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1B0A55FD7; Tue, 8 Nov 2022 01:49:25 -0800 (PST) Date: Tue, 08 Nov 2022 09:49:22 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1667900963; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=A//2PWqUGsNd6j8mjXzQwwnRUW0Rd27u4pkRwL2p71k=; b=YLWW1tN9QxfIGOJoZySYCXc/hPhDyYdc6mkJbwDMPQ+R73/bpCQLx44oQwkqZSEpPSR4zL 3waSWRdTcQXbCzPxCL8WNGu1LtXRa+OVWuUgZK8FFFguAUpMmy+Iida4wSxrzc5S78wAqI at2pTZESYjkGj+qmJlIvYnrQ9Uy1rX0pY/yJitVFuBpuRNDHmde5ZJ9qV83YW6aj4XatpH YM3OGG3KFCFiBbU+gEeITEAezQVLAPFzEu4G/S4A4MlTONol7fztPQxHM15xFLcetnwvZi XmujPQiHdllXVFayhfxGUQlVng98xYnps1xWv+GlGSZ+UzDLgTEC1RLPakFQaQ== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1667900963; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=A//2PWqUGsNd6j8mjXzQwwnRUW0Rd27u4pkRwL2p71k=; b=7dZNpikRQ/kFUci4/KJypsRAIQbIXEAko6A7yNM3d4T5KbZsfSE2VJrBqPbOjthya4e2Da DW/IE88zJaCa/vDA== From: "tip-bot2 for Marco Elver" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: perf/urgent] perf: Improve missing SIGTRAP checking Cc: syzbot+b8ded3e2e2c6adde4990@syzkaller.appspotmail.com, Marco Elver , "Peter Zijlstra (Intel)" , x86@kernel.org, linux-kernel@vger.kernel.org In-Reply-To: <20221031093513.3032814-1-elver@google.com> References: <20221031093513.3032814-1-elver@google.com> MIME-Version: 1.0 Message-ID: <166790096229.4906.6734521018281431632.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1748195814579831371?= X-GMAIL-MSGID: =?utf-8?q?1748921970375429414?= The following commit has been merged into the perf/urgent branch of tip: Commit-ID: bb88f9695460bec25aa30ba9072595025cf6c8af Gitweb: https://git.kernel.org/tip/bb88f9695460bec25aa30ba9072595025cf6c8af Author: Marco Elver AuthorDate: Mon, 31 Oct 2022 10:35:13 +01:00 Committer: Peter Zijlstra CommitterDate: Tue, 08 Nov 2022 10:39:27 +01:00 perf: Improve missing SIGTRAP checking To catch missing SIGTRAP we employ a WARN in __perf_event_overflow(), which fires if pending_sigtrap was already set: returning to user space without consuming pending_sigtrap, and then having the event fire again would re-enter the kernel and trigger the WARN. This, however, seemed to miss the case where some events not associated with progress in the user space task can fire and the interrupt handler runs before the IRQ work meant to consume pending_sigtrap (and generate the SIGTRAP). syzbot gifted us this stack trace: | WARNING: CPU: 0 PID: 3607 at kernel/events/core.c:9313 __perf_event_overflow | Modules linked in: | CPU: 0 PID: 3607 Comm: syz-executor100 Not tainted 6.1.0-rc2-syzkaller-00073-g88619e77b33d #0 | Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022 | RIP: 0010:__perf_event_overflow+0x498/0x540 kernel/events/core.c:9313 | <...> | Call Trace: | | perf_swevent_hrtimer+0x34f/0x3c0 kernel/events/core.c:10729 | __run_hrtimer kernel/time/hrtimer.c:1685 [inline] | __hrtimer_run_queues+0x1c6/0xfb0 kernel/time/hrtimer.c:1749 | hrtimer_interrupt+0x31c/0x790 kernel/time/hrtimer.c:1811 | local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1096 [inline] | __sysvec_apic_timer_interrupt+0x17c/0x640 arch/x86/kernel/apic/apic.c:1113 | sysvec_apic_timer_interrupt+0x40/0xc0 arch/x86/kernel/apic/apic.c:1107 | asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:649 | <...> | In this case, syzbot produced a program with event type PERF_TYPE_SOFTWARE and config PERF_COUNT_SW_CPU_CLOCK. The hrtimer manages to fire again before the IRQ work got a chance to run, all while never having returned to user space. Improve the WARN to check for real progress in user space: approximate this by storing a 32-bit hash of the current IP into pending_sigtrap, and if an event fires while pending_sigtrap still matches the previous IP, we assume no progress (false negatives are possible given we could return to user space and trigger again on the same IP). Fixes: ca6c21327c6a ("perf: Fix missing SIGTRAPs") Reported-by: syzbot+b8ded3e2e2c6adde4990@syzkaller.appspotmail.com Signed-off-by: Marco Elver Signed-off-by: Peter Zijlstra (Intel) Link: https://lkml.kernel.org/r/20221031093513.3032814-1-elver@google.com --- kernel/events/core.c | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/kernel/events/core.c b/kernel/events/core.c index 4ec3717..8848714 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -9306,14 +9306,27 @@ static int __perf_event_overflow(struct perf_event *event, } if (event->attr.sigtrap) { - /* - * Should not be able to return to user space without processing - * pending_sigtrap (kernel events can overflow multiple times). - */ - WARN_ON_ONCE(event->pending_sigtrap && event->attr.exclude_kernel); + unsigned int pending_id = 1; + + if (regs) + pending_id = hash32_ptr((void *)instruction_pointer(regs)) ?: 1; if (!event->pending_sigtrap) { - event->pending_sigtrap = 1; + event->pending_sigtrap = pending_id; local_inc(&event->ctx->nr_pending); + } else if (event->attr.exclude_kernel) { + /* + * Should not be able to return to user space without + * consuming pending_sigtrap; with exceptions: + * + * 1. Where !exclude_kernel, events can overflow again + * in the kernel without returning to user space. + * + * 2. Events that can overflow again before the IRQ- + * work without user space progress (e.g. hrtimer). + * To approximate progress (with false negatives), + * check 32-bit hash of the current IP. + */ + WARN_ON_ONCE(event->pending_sigtrap != pending_id); } event->pending_addr = data->addr; irq_work_queue(&event->pending_irq);