From c65b443241f9b40d07575c384755ca512e1f4aee Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Sat, 5 Feb 2022 11:26:22 +0100 Subject: [PATCH] drop some perf patches from 5.10 --- ...ore-fix-cgroup-event-list-management.patch | 72 ----- .../perf-rework-perf_event_exit_event.patch | 265 ------------------ queue-5.10/series | 2 - 3 files changed, 339 deletions(-) delete mode 100644 queue-5.10/perf-core-fix-cgroup-event-list-management.patch delete mode 100644 queue-5.10/perf-rework-perf_event_exit_event.patch diff --git a/queue-5.10/perf-core-fix-cgroup-event-list-management.patch b/queue-5.10/perf-core-fix-cgroup-event-list-management.patch deleted file mode 100644 index 5c4c893a987..00000000000 --- a/queue-5.10/perf-core-fix-cgroup-event-list-management.patch +++ /dev/null @@ -1,72 +0,0 @@ -From c5de60cd622a2607c043ba65e25a6e9998a369f9 Mon Sep 17 00:00:00 2001 -From: Namhyung Kim -Date: Mon, 24 Jan 2022 11:58:08 -0800 -Subject: perf/core: Fix cgroup event list management - -From: Namhyung Kim - -commit c5de60cd622a2607c043ba65e25a6e9998a369f9 upstream. - -The active cgroup events are managed in the per-cpu cgrp_cpuctx_list. -This list is only accessed from current cpu and not protected by any -locks. But from the commit ef54c1a476ae ("perf: Rework -perf_event_exit_event()"), it's possible to access (actually modify) -the list from another cpu. - -In the perf_remove_from_context(), it can remove an event from the -context without an IPI when the context is not active. This is not -safe with cgroup events which can have some active events in the -context even if ctx->is_active is 0 at the moment. The target cpu -might be in the middle of list iteration at the same time. - -If the event is enabled when it's about to be closed, it might call -perf_cgroup_event_disable() and list_del() with the cgrp_cpuctx_list -on a different cpu. - -This resulted in a crash due to an invalid list pointer access during -the cgroup list traversal on the cpu which the event belongs to. - -Let's fallback to IPI to access the cgrp_cpuctx_list from that cpu. -Similarly, perf_install_in_context() should use IPI for the cgroup -events too. - -Fixes: ef54c1a476ae ("perf: Rework perf_event_exit_event()") -Signed-off-by: Namhyung Kim -Signed-off-by: Peter Zijlstra (Intel) -Link: https://lkml.kernel.org/r/20220124195808.2252071-1-namhyung@kernel.org -Signed-off-by: Greg Kroah-Hartman ---- - kernel/events/core.c | 11 +++++++++-- - 1 file changed, 9 insertions(+), 2 deletions(-) - ---- a/kernel/events/core.c -+++ b/kernel/events/core.c -@@ -2466,7 +2466,11 @@ static void perf_remove_from_context(str - * event_function_call() user. - */ - raw_spin_lock_irq(&ctx->lock); -- if (!ctx->is_active) { -+ /* -+ * Cgroup events are per-cpu events, and must IPI because of -+ * cgrp_cpuctx_list. -+ */ -+ if (!ctx->is_active && !is_cgroup_event(event)) { - __perf_remove_from_context(event, __get_cpu_context(ctx), - ctx, (void *)flags); - raw_spin_unlock_irq(&ctx->lock); -@@ -2899,11 +2903,14 @@ perf_install_in_context(struct perf_even - * perf_event_attr::disabled events will not run and can be initialized - * without IPI. Except when this is the first event for the context, in - * that case we need the magic of the IPI to set ctx->is_active. -+ * Similarly, cgroup events for the context also needs the IPI to -+ * manipulate the cgrp_cpuctx_list. - * - * The IOC_ENABLE that is sure to follow the creation of a disabled - * event will issue the IPI and reprogram the hardware. - */ -- if (__perf_effective_state(event) == PERF_EVENT_STATE_OFF && ctx->nr_events) { -+ if (__perf_effective_state(event) == PERF_EVENT_STATE_OFF && -+ ctx->nr_events && !is_cgroup_event(event)) { - raw_spin_lock_irq(&ctx->lock); - if (ctx->task == TASK_TOMBSTONE) { - raw_spin_unlock_irq(&ctx->lock); diff --git a/queue-5.10/perf-rework-perf_event_exit_event.patch b/queue-5.10/perf-rework-perf_event_exit_event.patch deleted file mode 100644 index b5c467ccaf1..00000000000 --- a/queue-5.10/perf-rework-perf_event_exit_event.patch +++ /dev/null @@ -1,265 +0,0 @@ -From ef54c1a476aef7eef26fe13ea10dc090952c00f8 Mon Sep 17 00:00:00 2001 -From: Peter Zijlstra -Date: Thu, 8 Apr 2021 12:35:56 +0200 -Subject: perf: Rework perf_event_exit_event() - -From: Peter Zijlstra - -commit ef54c1a476aef7eef26fe13ea10dc090952c00f8 upstream. - -Make perf_event_exit_event() more robust, such that we can use it from -other contexts. Specifically the up and coming remove_on_exec. - -For this to work we need to address a few issues. Remove_on_exec will -not destroy the entire context, so we cannot rely on TASK_TOMBSTONE to -disable event_function_call() and we thus have to use -perf_remove_from_context(). - -When using perf_remove_from_context(), there's two races to consider. -The first is against close(), where we can have concurrent tear-down -of the event. The second is against child_list iteration, which should -not find a half baked event. - -To address this, teach perf_remove_from_context() to special case -!ctx->is_active and about DETACH_CHILD. - -[ elver@google.com: fix racing parent/child exit in sync_child_event(). ] -Signed-off-by: Marco Elver -Signed-off-by: Peter Zijlstra (Intel) -Link: https://lkml.kernel.org/r/20210408103605.1676875-2-elver@google.com -Signed-off-by: Greg Kroah-Hartman ---- - include/linux/perf_event.h | 1 - kernel/events/core.c | 144 +++++++++++++++++++++++++-------------------- - 2 files changed, 81 insertions(+), 64 deletions(-) - ---- a/include/linux/perf_event.h -+++ b/include/linux/perf_event.h -@@ -607,6 +607,7 @@ struct swevent_hlist { - #define PERF_ATTACH_TASK_DATA 0x08 - #define PERF_ATTACH_ITRACE 0x10 - #define PERF_ATTACH_SCHED_CB 0x20 -+#define PERF_ATTACH_CHILD 0x40 - - struct perf_cgroup; - struct perf_buffer; ---- a/kernel/events/core.c -+++ b/kernel/events/core.c -@@ -2276,6 +2276,26 @@ out: - perf_event__header_size(leader); - } - -+static void sync_child_event(struct perf_event *child_event); -+ -+static void perf_child_detach(struct perf_event *event) -+{ -+ struct perf_event *parent_event = event->parent; -+ -+ if (!(event->attach_state & PERF_ATTACH_CHILD)) -+ return; -+ -+ event->attach_state &= ~PERF_ATTACH_CHILD; -+ -+ if (WARN_ON_ONCE(!parent_event)) -+ return; -+ -+ lockdep_assert_held(&parent_event->child_mutex); -+ -+ sync_child_event(event); -+ list_del_init(&event->child_list); -+} -+ - static bool is_orphaned_event(struct perf_event *event) - { - return event->state == PERF_EVENT_STATE_DEAD; -@@ -2383,6 +2403,7 @@ group_sched_out(struct perf_event *group - } - - #define DETACH_GROUP 0x01UL -+#define DETACH_CHILD 0x02UL - - /* - * Cross CPU call to remove a performance event -@@ -2406,6 +2427,8 @@ __perf_remove_from_context(struct perf_e - event_sched_out(event, cpuctx, ctx); - if (flags & DETACH_GROUP) - perf_group_detach(event); -+ if (flags & DETACH_CHILD) -+ perf_child_detach(event); - list_del_event(event, ctx); - - if (!ctx->nr_events && ctx->is_active) { -@@ -2437,25 +2460,21 @@ static void perf_remove_from_context(str - - lockdep_assert_held(&ctx->mutex); - -- event_function_call(event, __perf_remove_from_context, (void *)flags); -- - /* -- * The above event_function_call() can NO-OP when it hits -- * TASK_TOMBSTONE. In that case we must already have been detached -- * from the context (by perf_event_exit_event()) but the grouping -- * might still be in-tact. -- */ -- WARN_ON_ONCE(event->attach_state & PERF_ATTACH_CONTEXT); -- if ((flags & DETACH_GROUP) && -- (event->attach_state & PERF_ATTACH_GROUP)) { -- /* -- * Since in that case we cannot possibly be scheduled, simply -- * detach now. -- */ -- raw_spin_lock_irq(&ctx->lock); -- perf_group_detach(event); -+ * Because of perf_event_exit_task(), perf_remove_from_context() ought -+ * to work in the face of TASK_TOMBSTONE, unlike every other -+ * event_function_call() user. -+ */ -+ raw_spin_lock_irq(&ctx->lock); -+ if (!ctx->is_active) { -+ __perf_remove_from_context(event, __get_cpu_context(ctx), -+ ctx, (void *)flags); - raw_spin_unlock_irq(&ctx->lock); -+ return; - } -+ raw_spin_unlock_irq(&ctx->lock); -+ -+ event_function_call(event, __perf_remove_from_context, (void *)flags); - } - - /* -@@ -12330,14 +12349,17 @@ void perf_pmu_migrate_context(struct pmu - } - EXPORT_SYMBOL_GPL(perf_pmu_migrate_context); - --static void sync_child_event(struct perf_event *child_event, -- struct task_struct *child) -+static void sync_child_event(struct perf_event *child_event) - { - struct perf_event *parent_event = child_event->parent; - u64 child_val; - -- if (child_event->attr.inherit_stat) -- perf_event_read_event(child_event, child); -+ if (child_event->attr.inherit_stat) { -+ struct task_struct *task = child_event->ctx->task; -+ -+ if (task && task != TASK_TOMBSTONE) -+ perf_event_read_event(child_event, task); -+ } - - child_val = perf_event_count(child_event); - -@@ -12352,60 +12374,53 @@ static void sync_child_event(struct perf - } - - static void --perf_event_exit_event(struct perf_event *child_event, -- struct perf_event_context *child_ctx, -- struct task_struct *child) -+perf_event_exit_event(struct perf_event *event, struct perf_event_context *ctx) - { -- struct perf_event *parent_event = child_event->parent; -+ struct perf_event *parent_event = event->parent; -+ unsigned long detach_flags = 0; - -- /* -- * Do not destroy the 'original' grouping; because of the context -- * switch optimization the original events could've ended up in a -- * random child task. -- * -- * If we were to destroy the original group, all group related -- * operations would cease to function properly after this random -- * child dies. -- * -- * Do destroy all inherited groups, we don't care about those -- * and being thorough is better. -- */ -- raw_spin_lock_irq(&child_ctx->lock); -- WARN_ON_ONCE(child_ctx->is_active); -+ if (parent_event) { -+ /* -+ * Do not destroy the 'original' grouping; because of the -+ * context switch optimization the original events could've -+ * ended up in a random child task. -+ * -+ * If we were to destroy the original group, all group related -+ * operations would cease to function properly after this -+ * random child dies. -+ * -+ * Do destroy all inherited groups, we don't care about those -+ * and being thorough is better. -+ */ -+ detach_flags = DETACH_GROUP | DETACH_CHILD; -+ mutex_lock(&parent_event->child_mutex); -+ } - -- if (parent_event) -- perf_group_detach(child_event); -- list_del_event(child_event, child_ctx); -- perf_event_set_state(child_event, PERF_EVENT_STATE_EXIT); /* is_event_hup() */ -- raw_spin_unlock_irq(&child_ctx->lock); -+ perf_remove_from_context(event, detach_flags); -+ -+ raw_spin_lock_irq(&ctx->lock); -+ if (event->state > PERF_EVENT_STATE_EXIT) -+ perf_event_set_state(event, PERF_EVENT_STATE_EXIT); -+ raw_spin_unlock_irq(&ctx->lock); - - /* -- * Parent events are governed by their filedesc, retain them. -+ * Child events can be freed. - */ -- if (!parent_event) { -- perf_event_wakeup(child_event); -+ if (parent_event) { -+ mutex_unlock(&parent_event->child_mutex); -+ /* -+ * Kick perf_poll() for is_event_hup(); -+ */ -+ perf_event_wakeup(parent_event); -+ free_event(event); -+ put_event(parent_event); - return; - } -- /* -- * Child events can be cleaned up. -- */ -- -- sync_child_event(child_event, child); - - /* -- * Remove this event from the parent's list -- */ -- WARN_ON_ONCE(parent_event->ctx->parent_ctx); -- mutex_lock(&parent_event->child_mutex); -- list_del_init(&child_event->child_list); -- mutex_unlock(&parent_event->child_mutex); -- -- /* -- * Kick perf_poll() for is_event_hup(). -+ * Parent events are governed by their filedesc, retain them. - */ -- perf_event_wakeup(parent_event); -- free_event(child_event); -- put_event(parent_event); -+ perf_event_wakeup(event); - } - - static void perf_event_exit_task_context(struct task_struct *child, int ctxn) -@@ -12462,7 +12477,7 @@ static void perf_event_exit_task_context - perf_event_task(child, child_ctx, 0); - - list_for_each_entry_safe(child_event, next, &child_ctx->event_list, event_entry) -- perf_event_exit_event(child_event, child_ctx, child); -+ perf_event_exit_event(child_event, child_ctx); - - mutex_unlock(&child_ctx->mutex); - -@@ -12722,6 +12737,7 @@ inherit_event(struct perf_event *parent_ - */ - raw_spin_lock_irqsave(&child_ctx->lock, flags); - add_event_to_ctx(child_event, child_ctx); -+ child_event->attach_state |= PERF_ATTACH_CHILD; - raw_spin_unlock_irqrestore(&child_ctx->lock, flags); - - /* diff --git a/queue-5.10/series b/queue-5.10/series index 5fff2d9853b..3f4e58b0b49 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -5,8 +5,6 @@ net-ipa-prevent-concurrent-replenish.patch revert-drivers-bus-simple-pm-bus-add-support-for-probing-simple-bus-only-devices.patch kvm-x86-forcibly-leave-nested-virt-when-smm-state-is-toggled.patch psi-fix-uaf-issue-when-psi-trigger-is-destroyed-while-being-polled.patch -perf-rework-perf_event_exit_event.patch -perf-core-fix-cgroup-event-list-management.patch x86-mce-add-xeon-sapphire-rapids-to-list-of-cpus-that-support-ppin.patch x86-cpu-add-xeon-icelake-d-to-list-of-cpus-that-support-ppin.patch drm-vc4-hdmi-make-sure-the-device-is-powered-with-cec.patch -- 2.47.3