[Deepin-Kernel-SIG] [linux 6.6-y] [Upstream] perf: Fix dangling cgroup pointer in cpuctx

[opsiff]

mainline inclusion
from mainline-v6.16-rc3
commit 12b6c62
category: bugfix

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=12b6c62c038e85354154aee4eb2cf7a2168b3ecc

---

Commit a3c3c66("perf/core: Fix child_total_time_enabled accounting bug at task exit") moves the event->state update to before list_del_event(). This makes the event->state test in list_del_event() always false; never calling perf_cgroup_event_disable().

As a result, cpuctx->cgrp won't be cleared properly; causing havoc.

Fixes: a3c3c66("perf/core: Fix child_total_time_enabled accounting bug at task exit")
Signed-off-by: Yeoreum Yun [email protected]
Signed-off-by: Peter Zijlstra (Intel) [email protected]
Tested-by: David Wang [email protected]
Link: https://lore.kernel.org/all/aD2TspKH%[email protected]/ (cherry picked from commit 3b7a34a)
Signed-off-by: Wentao Guan [email protected]

Conflicts:
kernel/events/core.c

Summary by Sourcery

Restore correct cgroup cleanup for perf events by moving perf_cgroup_event_disable to __perf_remove_from_context and removing outdated disable logic from list_del_event, fixing dangling cgroup pointers in CPU contexts

Bug Fixes:

• Re-enable cgroup event disable in __perf_remove_from_context for events with non-off state to clear dangling cgroup pointers
• Remove obsolete disable logic from list_del_event that blocked perf_cgroup_event_disable

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Fix dangling cgroup pointer in perf cpuctx by relocating perf_cgroup_event_disable from list_del_event to __perf_remove_from_context, ensuring proper cgroup cleanup for exit/dead events.

Sequence diagram for perf event removal and cgroup cleanup

sequenceDiagram
    participant "perf_event"
    participant "perf_event_context"
    participant "pmu_ctx"
    participant "cgroup"
    "perf_event"->>"perf_event_context": __perf_remove_from_context(event, ctx, flags)
    alt flags include DETACH_EXIT or DETACH_DEAD
        "perf_event"->>"perf_event_context": event_sched_out(event, ctx)
        alt event.state > PERF_EVENT_STATE_OFF
            "perf_event"->>"cgroup": perf_cgroup_event_disable(event, ctx)
        end
        "perf_event"->>"perf_event_context": perf_event_set_state(event, min(event.state, state))
    end

Loading

Class diagram for updated perf event removal logic

classDiagram
    class perf_event {
        state
        group_leader
        pending_disable
    }
    class perf_event_context {
        generation
    }
    class pmu_ctx {
        nr_events
    }
    perf_event --> perf_event_context : ctx
    perf_event --> pmu_ctx
    perf_event_context --> pmu_ctx
    perf_event : perf_cgroup_event_disable(event, ctx)
    perf_event : perf_event_set_state(event, state)
    perf_event : event_sched_out(event, ctx)
    perf_event_context : generation++
    pmu_ctx : nr_events--
    perf_event : pending_disable
    perf_event : group_leader
    perf_event : state
    perf_event : group_leader == event
    perf_event : del_event_from_groups(event, ctx)
    perf_event : perf_group_detach(event)
    perf_event : state > PERF_EVENT_STATE_OFF

Loading

File-Level Changes

Change	Details	Files
Move perf_cgroup_event_disable from list_del_event to __perf_remove_from_context to ensure cgroup pointers are cleared.	Removed outdated state-check and disable block in list_del_event Added state > OFF guard and perf_cgroup_event_disable call after event_sched_out in __perf_remove_from_context	kernel/events/core.c

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[deepin-ci-robot]

deepin pr auto review

我来对这个Git diff进行审查：

1. 代码逻辑变更分析：

• 主要改动是将事件状态处理逻辑从list_del_event()函数移到了__perf_remove_from_context()函数中
• 删除了list_del_event()中对错误状态事件的处理代码
• 在__perf_remove_from_context()中新增了对cgroup事件的禁用处理

2. 代码质量改进：

• 代码结构更合理：将事件状态相关的处理集中到了__perf_remove_from_context()中，提高了代码的内聚性
• 移除了冗余注释：删除了原来list_del_event()中的状态处理注释，因为这些注释已经不再适用
• 简化了条件判断：移除了不必要的花括号，使代码更简洁

3. 性能影响：

• 没有明显的性能影响，主要是代码重构
• 将cgroup事件禁用操作移到了更合适的位置，可能会略微提高效率

4. 安全性考虑：

• 保持了原有的状态检查逻辑（event->state > PERF_EVENT_STATE_OFF）
• 仍然确保了错误状态事件的处理
• 事件状态设置使用了min()函数来确保状态不会意外提升

改进建议：

1. 可以考虑在__perf_remove_from_context()中添加注释说明为什么cgroup事件禁用要在这里处理
2. 建议保持DETACH_DEAD分支的代码风格一致性，要么都使用花括号，要么都不使用
3. 可以考虑将state变量的设置和event_sched_out()调用的顺序调整，使逻辑更清晰

总体来说，这是一个良好的代码重构，提高了代码的组织性和可维护性，没有引入明显的性能或安全隐患。

[sourcery-ai]

Hey there - I've reviewed your changes and they look great!

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[Avenger-285714]

Note: Although this appears unrelated to the patches in this PR, deepin’s linux-perf (and other tools) seem not to have been updated for a very long time. As a rule, they must be updated alongside kernel changes.

[Copilot]

Pull Request Overview

This PR backports an upstream bug fix that addresses a dangling cgroup pointer issue in the perf events subsystem. The fix resolves a problem where cpuctx->cgrp wasn't being cleared properly due to a timing issue with state checks.

Key Changes:

• Moved perf_cgroup_event_disable() call from list_del_event() to __perf_remove_from_context()
• Ensured cgroup disable happens before state transition to fix the bug
• Removed obsolete pending_disable assignment that was part of the broken flow

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Avenger-285714]

NOTE:

Deepin’s perf and other Linux tools haven’t been updated in a very, very, very long time.

Normally, they should be updated together with each kernel release.

[Avenger-285714]

/approve

[deepin-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Avenger-285714

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• deepin/OWNERS [Avenger-285714]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment