tracing, perf_events: Protect the buffer from recursion in perf

While tracing using events with perf, if one enables the
lockdep:lock_acquire event, it will infect every other perf
trace events.

Basically, you can enable whatever set of trace events through
perf but if this event is part of the set, the only result we
can get is a long list of lock_acquire events of rcu read lock,
and only that.

This is because of a recursion inside perf.

1) When a trace event is triggered, it will fill a per cpu
   buffer and submit it to perf.

2) Perf will commit this event but will also protect some data
   using rcu_read_lock

3) A recursion appears: rcu_read_lock triggers a lock_acquire
   event that will fill the per cpu event and then submit the
   buffer to perf.

4) Perf detects a recursion and ignores it

5) Perf continues its work on the previous event, but its buffer
   has been overwritten by the lock_acquire event, it has then
   been turned into a lock_acquire event of rcu read lock

Such scenario also happens with lock_release with
rcu_read_unlock().

We could turn the rcu_read_lock() into __rcu_read_lock() to drop
the lock debugging from perf fast path, but that would make us
lose the rcu debugging and that doesn't prevent from other
possible kind of recursion from perf in the future.

This patch adds a recursion protection based on a counter on the
perf trace per cpu buffers to solve the problem.

-v2: Fixed lost whitespace, added reviewed-by tag

Signed-off-by: Frederic Weisbecker <fweisbec@gmail.com>
Reviewed-by: Masami Hiramatsu <mhiramat@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Li Zefan <lizf@cn.fujitsu.com>
Cc: Jason Baron <jbaron@redhat.com>
LKML-Reference: <1257477185-7838-1-git-send-email-fweisbec@gmail.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>

1 files changed, 42 insertions, 8 deletions

diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c
index cf17a6694f32..3696476f307d 100644
--- a/kernel/trace/trace_kprobe.c
+++ b/kernel/trace/trace_kprobe.c
@@ -1208,6 +1208,7 @@ static __kprobes int kprobe_profile_func(struct kprobe *kp,
         struct trace_probe *tp = container_of(kp, struct trace_probe, rp.kp);
         struct ftrace_event_call *call = &tp->call;
         struct kprobe_trace_entry *entry;
+        struct perf_trace_buf *trace_buf;
         struct trace_entry *ent;
         int size, __size, i, pc, __cpu;
         unsigned long irq_flags;
@@ -1229,14 +1230,26 @@ static __kprobes int kprobe_profile_func(struct kprobe *kp,
         __cpu = smp_processor_id();
 
         if (in_nmi())
-                raw_data = rcu_dereference(trace_profile_buf_nmi);
+                trace_buf = rcu_dereference(perf_trace_buf_nmi);
         else
-                raw_data = rcu_dereference(trace_profile_buf);
+                trace_buf = rcu_dereference(perf_trace_buf);
 
-        if (!raw_data)
+        if (!trace_buf)
                 goto end;
 
-        raw_data = per_cpu_ptr(raw_data, __cpu);
+        trace_buf = per_cpu_ptr(trace_buf, __cpu);
+
+        if (trace_buf->recursion++)
+                goto end_recursion;
+
+        /*
+         * Make recursion update visible before entering perf_tp_event
+         * so that we protect from perf recursions.
+         */
+        barrier();
+
+        raw_data = trace_buf->buf;
+
         /* Zero dead bytes from alignment to avoid buffer leak to userspace */
         *(u64 *)(&raw_data[size - sizeof(u64)]) = 0ULL;
         entry = (struct kprobe_trace_entry *)raw_data;
@@ -1249,8 +1262,12 @@ static __kprobes int kprobe_profile_func(struct kprobe *kp,
         for (i = 0; i < tp->nr_args; i++)
                 entry->args[i] = call_fetch(&tp->args[i].fetch, regs);
         perf_tp_event(call->id, entry->ip, 1, entry, size);
+
+end_recursion:
+        trace_buf->recursion--;
 end:
         local_irq_restore(irq_flags);
+
         return 0;
 }
 
@@ -1261,6 +1278,7 @@ static __kprobes int kretprobe_profile_func(struct kretprobe_instance *ri,
         struct trace_probe *tp = container_of(ri->rp, struct trace_probe, rp);
         struct ftrace_event_call *call = &tp->call;
         struct kretprobe_trace_entry *entry;
+        struct perf_trace_buf *trace_buf;
         struct trace_entry *ent;
         int size, __size, i, pc, __cpu;
         unsigned long irq_flags;
@@ -1282,14 +1300,26 @@ static __kprobes int kretprobe_profile_func(struct kretprobe_instance *ri,
         __cpu = smp_processor_id();
 
         if (in_nmi())
-                raw_data = rcu_dereference(trace_profile_buf_nmi);
+                trace_buf = rcu_dereference(perf_trace_buf_nmi);
         else
-                raw_data = rcu_dereference(trace_profile_buf);
+                trace_buf = rcu_dereference(perf_trace_buf);
 
-        if (!raw_data)
+        if (!trace_buf)
                 goto end;
 
-        raw_data = per_cpu_ptr(raw_data, __cpu);
+        trace_buf = per_cpu_ptr(trace_buf, __cpu);
+
+        if (trace_buf->recursion++)
+                goto end_recursion;
+
+        /*
+         * Make recursion update visible before entering perf_tp_event
+         * so that we protect from perf recursions.
+         */
+        barrier();
+
+        raw_data = trace_buf->buf;
+
         /* Zero dead bytes from alignment to avoid buffer leak to userspace */
         *(u64 *)(&raw_data[size - sizeof(u64)]) = 0ULL;
         entry = (struct kretprobe_trace_entry *)raw_data;
@@ -1303,8 +1333,12 @@ static __kprobes int kretprobe_profile_func(struct kretprobe_instance *ri,
         for (i = 0; i < tp->nr_args; i++)
                 entry->args[i] = call_fetch(&tp->args[i].fetch, regs);
         perf_tp_event(call->id, entry->ret_ip, 1, entry, size);
+
+end_recursion:
+        trace_buf->recursion--;
 end:
         local_irq_restore(irq_flags);
+
         return 0;
 }