[PATCH v2 0/2] tracing: Clean up how iter is freed

[PATCH v2 0/2] tracing: Clean up how iter is freed

[Steven Rostedt]

The trace iterator is used in various interfaces and needs to be consistent
in how it is cleaned up. Add a helper function to clean up its content. But
before doing so, I noticed that iter->trace is allocated then the content
of tr->current_trace is copied to it. There's no reason for this, so the
first patch removes that allocation and just points to the content of
tr->current_trace, as tr->current_trace can change, but the content should
not.

Changes since v1: https://lore.kernel.org/linux-trace-kernel/20230713114510.04c452ca@gandalf.local.home/

 - Updated the change log of patch 1, as I remembered why the copy was done.

 - Remove the allocation and copy of the second patch. I started with the
   second patch and noticed that there was an inconsistency with the
   iter->trace. Where in one place it was allocated and copied and the second
   place it was just pointing to the tr->current_trace. I first started to make it
   be a copy as well, but then realized that the copy wasn't needed. I created
   the first patch but forgot to remove the copy and it ended up in the second
   patch.

Steven Rostedt (Google) (2):
      tracing: Remove unnecessary copying of tr->current_trace
      tracing: Add free_trace_iter_content() helper function

----
 kernel/trace/trace.c | 55 ++++++++++++++++++++++++----------------------------
 1 file changed, 25 insertions(+), 30 deletions(-)

[PATCH v2 1/2] tracing: Remove unnecessary copying of tr->current_trace

[Steven Rostedt]

From: "Steven Rostedt (Google)" <rostedt@goodmis.org>

The iterator allocated a descriptor to copy the current_trace. This was done
with the assumption that the function pointers might change. But this was a
false assuption, as it does not change. There's no reason to make a copy of the
current_trace and just use the pointer it points to. This removes needing to
manage freeing the descriptor. Worse yet, there's locations that the iterator
is used but does make a copy and just uses the pointer. This could cause the
actual pointer to the trace descriptor to be freed and not the allocated copy.

This is more of a clean up than a fix.

Fixes: d7350c3f45694 ("tracing/core: make the read callbacks reentrants")
Reviewed-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
---
 kernel/trace/trace.c | 22 +++-------------------
 1 file changed, 3 insertions(+), 19 deletions(-)

diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index be847d45d81c..1c370ffbe062 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -4205,15 +4205,9 @@ static void *s_start(struct seq_file *m, loff_t *pos)
 	loff_t l = 0;
 	int cpu;
 
-	/*
-	 * copy the tracer to avoid using a global lock all around.
-	 * iter->trace is a copy of current_trace, the pointer to the
-	 * name may be used instead of a strcmp(), as iter->trace->name
-	 * will point to the same string as current_trace->name.
-	 */
 	mutex_lock(&trace_types_lock);
-	if (unlikely(tr->current_trace && iter->trace->name != tr->current_trace->name))
-		*iter->trace = *tr->current_trace;
+	if (unlikely(tr->current_trace != iter->trace))
+		iter->trace = tr->current_trace;
 	mutex_unlock(&trace_types_lock);
 
 #ifdef CONFIG_TRACER_MAX_TRACE
@@ -4862,16 +4856,8 @@ __tracing_open(struct inode *inode, struct file *file, bool snapshot)
 	iter->fmt = NULL;
 	iter->fmt_size = 0;
 
-	/*
-	 * We make a copy of the current tracer to avoid concurrent
-	 * changes on it while we are reading.
-	 */
 	mutex_lock(&trace_types_lock);
-	iter->trace = kzalloc(sizeof(*iter->trace), GFP_KERNEL);
-	if (!iter->trace)
-		goto fail;
-
-	*iter->trace = *tr->current_trace;
+	iter->trace = tr->current_trace;
 
 	if (!zalloc_cpumask_var(&iter->started, GFP_KERNEL))
 		goto fail;
@@ -4936,7 +4922,6 @@ __tracing_open(struct inode *inode, struct file *file, bool snapshot)
 
  fail:
 	mutex_unlock(&trace_types_lock);
-	kfree(iter->trace);
 	kfree(iter->temp);
 	kfree(iter->buffer_iter);
 release:
@@ -5021,7 +5006,6 @@ static int tracing_release(struct inode *inode, struct file *file)
 	free_cpumask_var(iter->started);
 	kfree(iter->fmt);
 	kfree(iter->temp);
-	kfree(iter->trace);
 	kfree(iter->buffer_iter);
 	seq_release_private(inode, file);
 
-- 
2.40.1

[PATCH v2 2/2] tracing: Add free_trace_iter_content() helper function

[Steven Rostedt]

From: "Steven Rostedt (Google)" <rostedt@goodmis.org>

As the trace iterator is created and used by various interfaces, the clean
up of it needs to be consistent. Create a free_trace_iter_content() helper
function that frees the content of the iterator and use that to clean it
up in all places that it is used.

Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
---
 kernel/trace/trace.c | 33 ++++++++++++++++++++++-----------
 1 file changed, 22 insertions(+), 11 deletions(-)

diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 1c370ffbe062..8775930aa545 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -4815,6 +4815,25 @@ static const struct seq_operations tracer_seq_ops = {
 	.show		= s_show,
 };
 
+/*
+ * Note, as iter itself can be allocated and freed in different
+ * ways, this function is only used to free its content, and not
+ * the iterator itself. The only requirement to all the allocations
+ * is that it must zero all fields (kzalloc), as freeing works with
+ * ethier allocated content or NULL.
+ */
+static void free_trace_iter_content(struct trace_iterator *iter)
+{
+	/* The fmt is either NULL, allocated or points to static_fmt_buf */
+	if (iter->fmt != static_fmt_buf)
+		kfree(iter->fmt);
+
+	kfree(iter->temp);
+	kfree(iter->buffer_iter);
+	mutex_destroy(&iter->mutex);
+	free_cpumask_var(iter->started);
+}
+
 static struct trace_iterator *
 __tracing_open(struct inode *inode, struct file *file, bool snapshot)
 {
@@ -4922,8 +4941,7 @@ __tracing_open(struct inode *inode, struct file *file, bool snapshot)
 
  fail:
 	mutex_unlock(&trace_types_lock);
-	kfree(iter->temp);
-	kfree(iter->buffer_iter);
+	free_trace_iter_content(iter);
 release:
 	seq_release_private(inode, file);
 	return ERR_PTR(-ENOMEM);
@@ -5002,11 +5020,7 @@ static int tracing_release(struct inode *inode, struct file *file)
 
 	mutex_unlock(&trace_types_lock);
 
-	mutex_destroy(&iter->mutex);
-	free_cpumask_var(iter->started);
-	kfree(iter->fmt);
-	kfree(iter->temp);
-	kfree(iter->buffer_iter);
+	free_trace_iter_content(iter);
 	seq_release_private(inode, file);
 
 	return 0;
@@ -6763,10 +6777,7 @@ static int tracing_release_pipe(struct inode *inode, struct file *file)
 
 	mutex_unlock(&trace_types_lock);
 
-	free_cpumask_var(iter->started);
-	kfree(iter->fmt);
-	kfree(iter->temp);
-	mutex_destroy(&iter->mutex);
+	free_trace_iter_content(iter);
 	kfree(iter);
 
 	trace_array_put(tr);
-- 
2.40.1

Re: [PATCH v2 2/2] tracing: Add free_trace_iter_content() helper function

[Masami Hiramatsu]

On Sat, 15 Jul 2023 10:12:15 -0400
Steven Rostedt <rostedt@goodmis.org> wrote:

> From: "Steven Rostedt (Google)" <rostedt@goodmis.org>
> 
> As the trace iterator is created and used by various interfaces, the clean
> up of it needs to be consistent. Create a free_trace_iter_content() helper
> function that frees the content of the iterator and use that to clean it
> up in all places that it is used.
> 
> Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>

Looks good to me.

Reviewed-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>

BTW, this adds iter->fmt != static_fmt_buf check. Is it a kind of fix?

Thank you,

> ---
>  kernel/trace/trace.c | 33 ++++++++++++++++++++++-----------
>  1 file changed, 22 insertions(+), 11 deletions(-)
> 
> diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
> index 1c370ffbe062..8775930aa545 100644
> --- a/kernel/trace/trace.c
> +++ b/kernel/trace/trace.c
> @@ -4815,6 +4815,25 @@ static const struct seq_operations tracer_seq_ops = {
>  	.show		= s_show,
>  };
>  
> +/*
> + * Note, as iter itself can be allocated and freed in different
> + * ways, this function is only used to free its content, and not
> + * the iterator itself. The only requirement to all the allocations
> + * is that it must zero all fields (kzalloc), as freeing works with
> + * ethier allocated content or NULL.
> + */
> +static void free_trace_iter_content(struct trace_iterator *iter)
> +{
> +	/* The fmt is either NULL, allocated or points to static_fmt_buf */
> +	if (iter->fmt != static_fmt_buf)
> +		kfree(iter->fmt);
> +
> +	kfree(iter->temp);
> +	kfree(iter->buffer_iter);
> +	mutex_destroy(&iter->mutex);
> +	free_cpumask_var(iter->started);
> +}
> +
>  static struct trace_iterator *
>  __tracing_open(struct inode *inode, struct file *file, bool snapshot)
>  {
> @@ -4922,8 +4941,7 @@ __tracing_open(struct inode *inode, struct file *file, bool snapshot)
>  
>   fail:
>  	mutex_unlock(&trace_types_lock);
> -	kfree(iter->temp);
> -	kfree(iter->buffer_iter);
> +	free_trace_iter_content(iter);
>  release:
>  	seq_release_private(inode, file);
>  	return ERR_PTR(-ENOMEM);
> @@ -5002,11 +5020,7 @@ static int tracing_release(struct inode *inode, struct file *file)
>  
>  	mutex_unlock(&trace_types_lock);
>  
> -	mutex_destroy(&iter->mutex);
> -	free_cpumask_var(iter->started);
> -	kfree(iter->fmt);
> -	kfree(iter->temp);
> -	kfree(iter->buffer_iter);
> +	free_trace_iter_content(iter);
>  	seq_release_private(inode, file);
>  
>  	return 0;
> @@ -6763,10 +6777,7 @@ static int tracing_release_pipe(struct inode *inode, struct file *file)
>  
>  	mutex_unlock(&trace_types_lock);
>  
> -	free_cpumask_var(iter->started);
> -	kfree(iter->fmt);
> -	kfree(iter->temp);
> -	mutex_destroy(&iter->mutex);
> +	free_trace_iter_content(iter);
>  	kfree(iter);
>  
>  	trace_array_put(tr);
> -- 
> 2.40.1


-- 
Masami Hiramatsu (Google) <mhiramat@kernel.org>

Re: [PATCH v2 2/2] tracing: Add free_trace_iter_content() helper function

[Steven Rostedt]

On Wed, 26 Jul 2023 22:42:13 +0900
Masami Hiramatsu (Google) <mhiramat@kernel.org> wrote:

> On Sat, 15 Jul 2023 10:12:15 -0400
> Steven Rostedt <rostedt@goodmis.org> wrote:
> 
> > From: "Steven Rostedt (Google)" <rostedt@goodmis.org>
> > 
> > As the trace iterator is created and used by various interfaces, the clean
> > up of it needs to be consistent. Create a free_trace_iter_content() helper
> > function that frees the content of the iterator and use that to clean it
> > up in all places that it is used.
> > 
> > Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>  
> 
> Looks good to me.
> 
> Reviewed-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
> 
> BTW, this adds iter->fmt != static_fmt_buf check. Is it a kind of fix?

No, because all of the callers shouldn't actually set it to that. I
added the if statement in case one of the places that do set it does
call this.

In other words, I added the if statement to make it more robust and
prevent a bug in the future ;-)

-- Steve


> 
> Thank you,
> 
> > ---
> >  kernel/trace/trace.c | 33 ++++++++++++++++++++++-----------
> >  1 file changed, 22 insertions(+), 11 deletions(-)
> > 
> > diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
> > index 1c370ffbe062..8775930aa545 100644
> > --- a/kernel/trace/trace.c
> > +++ b/kernel/trace/trace.c
> > @@ -4815,6 +4815,25 @@ static const struct seq_operations tracer_seq_ops = {
> >  	.show		= s_show,
> >  };
> >  
> > +/*
> > + * Note, as iter itself can be allocated and freed in different
> > + * ways, this function is only used to free its content, and not
> > + * the iterator itself. The only requirement to all the allocations
> > + * is that it must zero all fields (kzalloc), as freeing works with
> > + * ethier allocated content or NULL.
> > + */
> > +static void free_trace_iter_content(struct trace_iterator *iter)
> > +{
> > +	/* The fmt is either NULL, allocated or points to static_fmt_buf */
> > +	if (iter->fmt != static_fmt_buf)
> > +		kfree(iter->fmt);
> > +
> > +	kfree(iter->temp);
> > +	kfree(iter->buffer_iter);
> > +	mutex_destroy(&iter->mutex);
> > +	free_cpumask_var(iter->started);
> > +}
> > +
> >  static struct trace_iterator *
> >  __tracing_open(struct inode *inode, struct file *file, bool snapshot)
> >  {
> > @@ -4922,8 +4941,7 @@ __tracing_open(struct inode *inode, struct file *file, bool snapshot)
> >  
> >   fail:
> >  	mutex_unlock(&trace_types_lock);
> > -	kfree(iter->temp);
> > -	kfree(iter->buffer_iter);
> > +	free_trace_iter_content(iter);
> >  release:
> >  	seq_release_private(inode, file);
> >  	return ERR_PTR(-ENOMEM);
> > @@ -5002,11 +5020,7 @@ static int tracing_release(struct inode *inode, struct file *file)
> >  
> >  	mutex_unlock(&trace_types_lock);
> >  
> > -	mutex_destroy(&iter->mutex);
> > -	free_cpumask_var(iter->started);
> > -	kfree(iter->fmt);
> > -	kfree(iter->temp);
> > -	kfree(iter->buffer_iter);
> > +	free_trace_iter_content(iter);
> >  	seq_release_private(inode, file);
> >  
> >  	return 0;
> > @@ -6763,10 +6777,7 @@ static int tracing_release_pipe(struct inode *inode, struct file *file)
> >  
> >  	mutex_unlock(&trace_types_lock);
> >  
> > -	free_cpumask_var(iter->started);
> > -	kfree(iter->fmt);
> > -	kfree(iter->temp);
> > -	mutex_destroy(&iter->mutex);
> > +	free_trace_iter_content(iter);
> >  	kfree(iter);
> >  
> >  	trace_array_put(tr);
> > -- 
> > 2.40.1  
> 
>