diff options
author | Ingo Molnar <mingo@elte.hu> | 2009-05-17 05:08:41 -0400 |
---|---|---|
committer | Ingo Molnar <mingo@elte.hu> | 2009-05-19 18:22:24 -0400 |
commit | 33b2fb303fe7f6b08bbb32f708e67b96eaa94a7a (patch) | |
tree | 32ab4cb3cca6c61a2d6cf351bb8f732045464e28 /kernel | |
parent | b68f1d2e7aa21029d73c7d453a8046e95d351740 (diff) |
perf_counter: fix counter freeing logic
Fix counter lifetime bugs which explain the crashes reported by
Marcelo Tosatti and Arnaldo Carvalho de Melo.
The new rule is: flushing + freeing is only done for a task's
own counters, never for other tasks.
[ Impact: fix crashes/lockups with inherited counters ]
Reported-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Reported-by: Marcelo Tosatti <mtosatti@redhat.com>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Corey Ashford <cjashfor@linux.vnet.ibm.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/exit.c | 19 | ||||
-rw-r--r-- | kernel/perf_counter.c | 2 |
2 files changed, 9 insertions, 12 deletions
diff --git a/kernel/exit.c b/kernel/exit.c index 73affd35e76d..f9dfedd94af0 100644 --- a/kernel/exit.c +++ b/kernel/exit.c | |||
@@ -178,12 +178,6 @@ repeat: | |||
178 | 178 | ||
179 | proc_flush_task(p); | 179 | proc_flush_task(p); |
180 | 180 | ||
181 | /* | ||
182 | * Flush inherited counters to the parent - before the parent | ||
183 | * gets woken up by child-exit notifications. | ||
184 | */ | ||
185 | perf_counter_exit_task(p); | ||
186 | |||
187 | write_lock_irq(&tasklist_lock); | 181 | write_lock_irq(&tasklist_lock); |
188 | tracehook_finish_release_task(p); | 182 | tracehook_finish_release_task(p); |
189 | __exit_signal(p); | 183 | __exit_signal(p); |
@@ -985,6 +979,13 @@ NORET_TYPE void do_exit(long code) | |||
985 | module_put(tsk->binfmt->module); | 979 | module_put(tsk->binfmt->module); |
986 | 980 | ||
987 | proc_exit_connector(tsk); | 981 | proc_exit_connector(tsk); |
982 | |||
983 | /* | ||
984 | * Flush inherited counters to the parent - before the parent | ||
985 | * gets woken up by child-exit notifications. | ||
986 | */ | ||
987 | perf_counter_exit_task(tsk); | ||
988 | |||
988 | exit_notify(tsk, group_dead); | 989 | exit_notify(tsk, group_dead); |
989 | #ifdef CONFIG_NUMA | 990 | #ifdef CONFIG_NUMA |
990 | mpol_put(tsk->mempolicy); | 991 | mpol_put(tsk->mempolicy); |
@@ -1257,12 +1258,6 @@ static int wait_task_zombie(struct task_struct *p, int options, | |||
1257 | */ | 1258 | */ |
1258 | read_unlock(&tasklist_lock); | 1259 | read_unlock(&tasklist_lock); |
1259 | 1260 | ||
1260 | /* | ||
1261 | * Flush inherited counters to the parent - before the parent | ||
1262 | * gets woken up by child-exit notifications. | ||
1263 | */ | ||
1264 | perf_counter_exit_task(p); | ||
1265 | |||
1266 | retval = ru ? getrusage(p, RUSAGE_BOTH, ru) : 0; | 1261 | retval = ru ? getrusage(p, RUSAGE_BOTH, ru) : 0; |
1267 | status = (p->signal->flags & SIGNAL_GROUP_EXIT) | 1262 | status = (p->signal->flags & SIGNAL_GROUP_EXIT) |
1268 | ? p->signal->group_exit_code : p->exit_code; | 1263 | ? p->signal->group_exit_code : p->exit_code; |
diff --git a/kernel/perf_counter.c b/kernel/perf_counter.c index 59a926d04baf..7af16d1c480f 100644 --- a/kernel/perf_counter.c +++ b/kernel/perf_counter.c | |||
@@ -3299,6 +3299,8 @@ void perf_counter_exit_task(struct task_struct *child) | |||
3299 | struct perf_counter *child_counter, *tmp; | 3299 | struct perf_counter *child_counter, *tmp; |
3300 | struct perf_counter_context *child_ctx; | 3300 | struct perf_counter_context *child_ctx; |
3301 | 3301 | ||
3302 | WARN_ON_ONCE(child != current); | ||
3303 | |||
3302 | child_ctx = &child->perf_counter_ctx; | 3304 | child_ctx = &child->perf_counter_ctx; |
3303 | 3305 | ||
3304 | if (likely(!child_ctx->nr_counters)) | 3306 | if (likely(!child_ctx->nr_counters)) |