From: Steven Rostedt <rostedt@goodmis.org>
To: Ajay Kaher <ajay.kaher@broadcom.com>
Cc: LKML <linux-kernel@vger.kernel.org>,
"Linux Trace Kernel" <linux-trace-kernel@vger.kernel.org>,
"Masami Hiramatsu" <mhiramat@kernel.org>,
"Mathieu Desnoyers" <mathieu.desnoyers@efficios.com>,
"Mathias Krause" <minipli@grsecurity.net>,
"Ilkka Naulapää" <digirigawa@gmail.com>,
"Linus Torvalds" <torvalds@linux-foundation.org>,
"Al Viro" <viro@zeniv.linux.org.uk>,
regressions@leemhuis.info,
"Dan Carpenter" <dan.carpenter@linaro.org>,
"Beau Belgrave" <beaub@linux.microsoft.com>,
"Florian Fainelli" <florian.fainelli@broadcom.com>,
"Alexey Makhalov" <alexey.makhalov@broadcom.com>,
"Vasavi Sirnapalli" <vasavi.sirnapalli@broadcom.com>
Subject: Re: [PATCH] tracing: Have format file honor EVENT_FILE_FL_FREED
Date: Fri, 26 Jul 2024 12:03:37 -0400 [thread overview]
Message-ID: <20240726120337.40e77833@rorschach.local.home> (raw)
In-Reply-To: <CAD2QZ9b7=Y_x6o6R2UGwDRCky522A0fbiX_BxrY9w2LPyd=0sw@mail.gmail.com>
On Fri, 26 Jul 2024 18:00:18 +0530
Ajay Kaher <ajay.kaher@broadcom.com> wrote:
> Some doubt:
> Because of the same race condition, it may happen that kmem_cache_free(file)
> was executed while f_start() is waiting to get event_mutex. Once
> f_start() acquires
> event_mutex, it will access the *file which points to the freed cache.
> I am assuming in this case KASAN will not show anything as *file
> belongs to cache.
No, the file is freed by the callback from eventfs when the last reference
to the file is released. That is, there's no more references to the files
(nothing has it opened). As this code is only called when the file is
opened, it will not race with the freeing of the descriptor.
See event_create_dir(), it registers the dynamically created directory
and files. It will also do call event_file_get() that adds a reference
on this file/directory descriptor. It also registers the
"event_release" function to be called when the last reference of all
open files are closed in that directory.
That event_release() will call event_file_put() that does the final
release and frees the file. This prevents file from being freed while
anything has it opened.
While looking at this code I did realize that the "format" doesn't
register an "event_release" and there's no bug with its data pointing
to the call with respect to freeing something it shouldn't be. But it
still needs the file pointer anyway so that it can have access to its
flags.
-- Steve
next prev parent reply other threads:[~2024-07-26 16:03 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-26 0:15 [PATCH] tracing: Have format file honor EVENT_FILE_FL_FREED Steven Rostedt
2024-07-26 10:16 ` Mathias Krause
2024-07-26 14:52 ` Steven Rostedt
2024-07-26 19:58 ` Mathias Krause
2024-07-26 20:20 ` Steven Rostedt
2024-07-26 12:30 ` Ajay Kaher
2024-07-26 16:03 ` Steven Rostedt [this message]
2024-07-29 12:59 ` Ajay Kaher
2024-07-29 16:10 ` Steven Rostedt
2024-07-29 14:38 ` Masami Hiramatsu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240726120337.40e77833@rorschach.local.home \
--to=rostedt@goodmis.org \
--cc=ajay.kaher@broadcom.com \
--cc=alexey.makhalov@broadcom.com \
--cc=beaub@linux.microsoft.com \
--cc=dan.carpenter@linaro.org \
--cc=digirigawa@gmail.com \
--cc=florian.fainelli@broadcom.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=mathieu.desnoyers@efficios.com \
--cc=mhiramat@kernel.org \
--cc=minipli@grsecurity.net \
--cc=regressions@leemhuis.info \
--cc=torvalds@linux-foundation.org \
--cc=vasavi.sirnapalli@broadcom.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).