* [for-next][PATCH 1/2] tracing: Have trace buffer point back to trace_array
2014-01-20 15:00 [for-next][PATCH 0/2] tracing: Minor fixes Steven Rostedt
@ 2014-01-20 15:00 ` Steven Rostedt
2014-01-20 15:00 ` [for-next][PATCH 2/2] tracing: Fix buggered tee(2) on tracing_pipe Steven Rostedt
1 sibling, 0 replies; 3+ messages in thread
From: Steven Rostedt @ 2014-01-20 15:00 UTC (permalink / raw)
To: linux-kernel; +Cc: Ingo Molnar, Frederic Weisbecker, Andrew Morton
[-- Attachment #1: 0001-tracing-Have-trace-buffer-point-back-to-trace_array.patch --]
[-- Type: text/plain, Size: 1070 bytes --]
From: "Steven Rostedt (Red Hat)" <rostedt@goodmis.org>
The trace buffer has a descriptor pointer that goes back to the trace
array. But it was never assigned. Luckily, nothing uses it (yet), but
it will in the future.
Although nothing currently uses this, if any of the new features get
backported to older kernels, and because this is such a simple change,
I'm marking it for stable too.
Cc: stable@vger.kernel.org # v3.10+
Fixes: 12883efb670c "tracing: Consolidate max_tr into main trace_array structure"
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
---
kernel/trace/trace.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index e32a2f4..cee9c1a 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -5914,6 +5914,8 @@ allocate_trace_buffer(struct trace_array *tr, struct trace_buffer *buf, int size
rb_flags = trace_flags & TRACE_ITER_OVERWRITE ? RB_FL_OVERWRITE : 0;
+ buf->tr = tr;
+
buf->buffer = ring_buffer_alloc(size, rb_flags);
if (!buf->buffer)
return -ENOMEM;
--
1.8.4.3
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [for-next][PATCH 2/2] tracing: Fix buggered tee(2) on tracing_pipe
2014-01-20 15:00 [for-next][PATCH 0/2] tracing: Minor fixes Steven Rostedt
2014-01-20 15:00 ` [for-next][PATCH 1/2] tracing: Have trace buffer point back to trace_array Steven Rostedt
@ 2014-01-20 15:00 ` Steven Rostedt
1 sibling, 0 replies; 3+ messages in thread
From: Steven Rostedt @ 2014-01-20 15:00 UTC (permalink / raw)
To: linux-kernel; +Cc: Ingo Molnar, Frederic Weisbecker, Andrew Morton, Al Viro
[-- Attachment #1: 0002-tracing-Fix-buggered-tee-2-on-tracing_pipe.patch --]
[-- Type: text/plain, Size: 2757 bytes --]
From: Al Viro <viro@ZenIV.linux.org.uk>
In kernel/trace/trace.c we have this:
static void tracing_pipe_buf_release(struct pipe_inode_info *pipe,
struct pipe_buffer *buf)
{
__free_page(buf->page);
}
static const struct pipe_buf_operations tracing_pipe_buf_ops = {
.can_merge = 0,
.map = generic_pipe_buf_map,
.unmap = generic_pipe_buf_unmap,
.confirm = generic_pipe_buf_confirm,
.release = tracing_pipe_buf_release,
.steal = generic_pipe_buf_steal,
.get = generic_pipe_buf_get,
};
with
void generic_pipe_buf_get(struct pipe_inode_info *pipe, struct pipe_buffer *buf)
{
page_cache_get(buf->page);
}
and I don't see anything that would've prevented tee(2) called on the pipe
that got stuff spliced into it from that sucker. ->ops->get() will be
called, then buf gets copied into target pipe's ->bufs[] and eventually
readers get to both copies of the buffer. With
get_page(page)
look at that page
__free_page(page)
look at that page
__free_page(page)
which is not a good thing, to put it mildly. AFAICS, that ought to use
the normal generic_pipe_buf_release() (aka page_cache_release(buf->page)),
shouldn't it?
[
SDR - As trace_pipe just allocates the page with alloc_page(GFP_KERNEL),
and doesn't do anything special with it (no LRU logic). The __free_page()
should be fine, as it wont actually free a page with reference count.
Maybe there's a chance to leak memory? Anyway, This change is at a minimum
good for being symmetric with generic_pipe_buf_get, it is fine to add.
]
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
[ SDR - Removed no longer used tracing_pipe_buf_release ]
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
---
kernel/trace/trace.c | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index cee9c1a..20c755e 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -4243,12 +4243,6 @@ out:
return sret;
}
-static void tracing_pipe_buf_release(struct pipe_inode_info *pipe,
- struct pipe_buffer *buf)
-{
- __free_page(buf->page);
-}
-
static void tracing_spd_release_pipe(struct splice_pipe_desc *spd,
unsigned int idx)
{
@@ -4260,7 +4254,7 @@ static const struct pipe_buf_operations tracing_pipe_buf_ops = {
.map = generic_pipe_buf_map,
.unmap = generic_pipe_buf_unmap,
.confirm = generic_pipe_buf_confirm,
- .release = tracing_pipe_buf_release,
+ .release = generic_pipe_buf_release,
.steal = generic_pipe_buf_steal,
.get = generic_pipe_buf_get,
};
--
1.8.4.3
^ permalink raw reply related [flat|nested] 3+ messages in thread