From: Andi Kleen <andi@firstfloor.org>
To: srostedt@redhat.com, rostedt@goodmis.org, ak@linux.intel.com,
linux-kernel@vger.kernel.org, stable@kernel.org,
tim.bird@am.sony.com
Subject: [PATCH] [40/50] tracing: Have "enable" file use refcounts like the "filter"
Date: Thu, 28 Jul 2011 16:44:45 -0700 (PDT) [thread overview]
Message-ID: <20110728234445.06FC52403FF@tassilo.jf.intel.com> (raw)
In-Reply-To: <20110728444.299940435@firstfloor.org>
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Steven Rostedt <srostedt@redhat.com>
[ upstream commit 40ee4dffff061399eb9358e0c8fcfbaf8de4c8fe ]
file
The "enable" file for the event system can be removed when a module
is unloaded and the event system only has events from that module.
As the event system nr_events count goes to zero, it may be freed
if its ref_count is also set to zero.
Like the "filter" file, the "enable" file may be opened by a task and
referenced later, after a module has been unloaded and the events for
that event system have been removed.
Although the "filter" file referenced the event system structure,
the "enable" file only references a pointer to the event system
name. Since the name is freed when the event system is removed,
it is possible that an access to the "enable" file may reference
a freed pointer.
Update the "enable" file to use the subsystem_open() routine that
the "filter" file uses, to keep a reference to the event system
structure while the "enable" file is opened.
Cc: <stable@kernel.org>
Reported-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Index: linux-2.6.35.y/kernel/trace/trace_events.c
===================================================================
--- linux-2.6.35.y.orig/kernel/trace/trace_events.c
+++ linux-2.6.35.y/kernel/trace/trace_events.c
@@ -495,7 +495,7 @@ system_enable_read(struct file *filp, ch
loff_t *ppos)
{
const char set_to_char[4] = { '?', '0', '1', 'X' };
- const char *system = filp->private_data;
+ struct event_subsystem *system = filp->private_data;
struct ftrace_event_call *call;
char buf[2];
int set = 0;
@@ -507,7 +507,7 @@ system_enable_read(struct file *filp, ch
(!call->class->probe && !call->class->reg))
continue;
- if (system && strcmp(call->class->system, system) != 0)
+ if (system && strcmp(call->class->system, system->name) != 0)
continue;
/*
@@ -537,7 +537,8 @@ static ssize_t
system_enable_write(struct file *filp, const char __user *ubuf, size_t cnt,
loff_t *ppos)
{
- const char *system = filp->private_data;
+ struct event_subsystem *system = filp->private_data;
+ const char *name = NULL;
unsigned long val;
char buf[64];
ssize_t ret;
@@ -561,7 +562,14 @@ system_enable_write(struct file *filp, c
if (val != 0 && val != 1)
return -EINVAL;
- ret = __ftrace_set_clr_event(NULL, system, NULL, val);
+ /*
+ * Opening of "enable" adds a ref count to system,
+ * so the name is safe to use.
+ */
+ if (system)
+ name = system->name;
+
+ ret = __ftrace_set_clr_event(NULL, name, NULL, val);
if (ret)
goto out;
@@ -740,6 +748,9 @@ static int subsystem_open(struct inode *
struct event_subsystem *system = NULL;
int ret;
+ if (!inode->i_private)
+ goto skip_search;
+
/* Make sure the system still exists */
mutex_lock(&event_mutex);
list_for_each_entry(system, &event_subsystems, list) {
@@ -758,8 +769,9 @@ static int subsystem_open(struct inode *
if (system != inode->i_private)
return -ENODEV;
+ skip_search:
ret = tracing_open_generic(inode, filp);
- if (ret < 0)
+ if (ret < 0 && system)
put_system(system);
return ret;
@@ -769,7 +781,8 @@ static int subsystem_release(struct inod
{
struct event_subsystem *system = inode->i_private;
- put_system(system);
+ if (system)
+ put_system(system);
return 0;
}
@@ -913,9 +926,10 @@ static const struct file_operations ftra
};
static const struct file_operations ftrace_system_enable_fops = {
- .open = tracing_open_generic,
+ .open = subsystem_open,
.read = system_enable_read,
.write = system_enable_write,
+ .release = subsystem_release,
};
static const struct file_operations ftrace_show_header_fops = {
@@ -1003,8 +1017,7 @@ event_subsystem_dir(const char *name, st
"'%s/filter' entry\n", name);
}
- trace_create_file("enable", 0644, system->entry,
- (void *)system->name,
+ trace_create_file("enable", 0644, system->entry, system,
&ftrace_system_enable_fops);
return system->entry;
next prev parent reply other threads:[~2011-07-28 23:47 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-07-28 23:44 [PATCH] [0/50] 2.6.35.14 longterm review Andi Kleen
2011-07-28 23:44 ` [PATCH] [1/50] x86: Make Dell Latitude E6420 use reboot=pci Andi Kleen
2011-07-28 23:44 ` [PATCH] [2/50] mm/futex: fix futex writes on archs with SW tracking of Andi Kleen
2011-07-28 23:44 ` [PATCH] [3/50] mm/backing-dev.c: reset bdi min_ratio in bdi_unregister() Andi Kleen
2011-07-28 23:44 ` [PATCH] [4/50] xtensa: prevent arbitrary read in ptrace Andi Kleen
2011-07-28 23:44 ` [PATCH] [5/50] ipc/sem.c: fix race with concurrent semtimedop() timeouts Andi Kleen
2011-07-28 23:44 ` [PATCH] [6/50] jme: Fix unmap error (Causing system freeze) Andi Kleen
2011-07-28 23:44 ` [PATCH] [7/50] fix crash in scsi_dispatch_cmd() Andi Kleen
2011-07-28 23:44 ` [PATCH] [8/50] mmc: Add PCI fixup quirks for Ricoh 1180:e823 reader Andi Kleen
2011-07-28 23:44 ` [PATCH] [9/50] mmc: Added quirks for Ricoh 1180:e823 lower base clock Andi Kleen
2011-07-29 0:27 ` matsumur
2011-07-29 0:37 ` Andi Kleen
2011-07-29 0:46 ` matsumur
2011-07-29 0:47 ` Chris Ball
2011-07-29 2:10 ` matsumur
2011-07-29 2:49 ` Chris Ball
2011-07-28 23:44 ` [PATCH] [10/50] Drop -Werror in perf Andi Kleen
2011-07-28 23:44 ` [PATCH] [11/50] kexec, x86: Fix incorrect jump back address if not Andi Kleen
2011-07-28 23:44 ` [PATCH] [12/50] USB: serial: add IDs for WinChipHead USB->RS232 adapter Andi Kleen
2011-07-28 23:44 ` [PATCH] [13/50] davinci: DM365 EVM: fix video input mux bits Andi Kleen
2011-07-28 23:44 ` [PATCH] [14/50] powerpc/pseries/hvconsole: Fix dropped console output Andi Kleen
2011-07-28 23:44 ` [PATCH] [15/50] hvc_console: Improve tty/console put_chars handling Andi Kleen
2011-07-28 23:44 ` [PATCH] [16/50] powerpc/kdump: Fix timeout in crash_kexec_wait_realmode Andi Kleen
2011-07-28 23:44 ` [PATCH] [17/50] si4713-i2c: avoid potential buffer overflow on si4713 Andi Kleen
2011-07-28 23:44 ` [PATCH] [18/50] hwmon: (max1111) Fix race condition causing NULL pointer Andi Kleen
2011-07-28 23:44 ` [PATCH] [19/50] hwmon: (asus_atk0110) Fix memory leak Andi Kleen
2011-07-28 23:44 ` [PATCH] [20/50] USB: OHCI: fix another regression for NVIDIA controllers Andi Kleen
2011-07-28 23:44 ` [PATCH] [21/50] firewire: cdev: prevent race between first get_info ioctl Andi Kleen
2011-07-28 23:44 ` [PATCH] [22/50] firewire: cdev: return -ENOTTY for unimplemented ioctls, not Andi Kleen
2011-07-28 23:44 ` [PATCH] [23/50] svcrpc: fix list-corrupting race on nfsd shutdown Andi Kleen
2011-07-28 23:44 ` [PATCH] [24/50] x86: Look for IA32_ENERGY_PERF_BIAS support Andi Kleen
2011-07-28 23:44 ` [PATCH] [25/50] x86, intel, power: Initialize MSR_IA32_ENERGY_PERF_BIAS Andi Kleen
2011-07-28 23:44 ` [PATCH] [26/50] SUNRPC: Fix use of static variable in rpcb_getport_async Andi Kleen
2011-07-28 23:44 ` [PATCH] [27/50] ARM: pxa/cm-x300: fix V3020 RTC functionality Andi Kleen
2011-07-28 23:44 ` [PATCH] [28/50] firewire: ohci: do not bind to Pinnacle cards, avert panic Andi Kleen
2011-07-28 23:44 ` [PATCH] [29/50] mm/nommu.c: fix remap_pfn_range() Andi Kleen
2011-07-28 23:44 ` [PATCH] [30/50] EHCI: only power off port if over-current is active Andi Kleen
2011-07-28 23:44 ` [PATCH] [31/50] mac80211: Restart STA timers only on associated state Andi Kleen
2011-07-28 23:44 ` [PATCH] [32/50] usb: musb: restore INDEX register in resume path Andi Kleen
2011-07-28 23:44 ` [PATCH] [33/50] SUNRPC: Fix a race between work-queue and rpc_killall_tasks Andi Kleen
2011-07-28 23:44 ` [PATCH] [34/50] bttv: fix s_tuner for radio Andi Kleen
2011-07-28 23:44 ` [PATCH] [35/50] pvrusb2: fix g/s_tuner support Andi Kleen
2011-07-28 23:44 ` [PATCH] [36/50] v4l2-ioctl.c: prefill tuner type for g_frequency and Andi Kleen
2011-07-28 23:44 ` [PATCH] [37/50] mac80211: fix TKIP replay vulnerability Andi Kleen
2011-07-28 23:44 ` [PATCH] [38/50] ASoC: ak4642: fixup snd_soc_update_bits mask for PW_MGMT2 Andi Kleen
2011-07-28 23:44 ` [PATCH] [39/50] tracing: Fix bug when reading system filters on module Andi Kleen
2011-07-28 23:44 ` Andi Kleen [this message]
2011-07-28 23:44 ` [PATCH] [41/50] ARM: pxa: fix PGSR register address calculation Andi Kleen
2011-07-28 23:44 ` [PATCH] [42/50] iommu/amd: Don't use MSI address range for DMA addresses Andi Kleen
2011-07-28 23:44 ` [PATCH] [43/50] staging: r8192e_pci: Handle duplicate PCI ID 0x10ec:0x8192 Andi Kleen
2011-07-28 23:44 ` [PATCH] [44/50] staging: comedi: fix infoleak to userspace Andi Kleen
2011-07-28 23:44 ` [PATCH] [45/50] Staging: hv: netvsc: Fix a bug in accounting transmit slots Andi Kleen
2011-07-28 23:44 ` [PATCH] [46/50] ARM: 6989/1: perf: do not start the PMU when no events are Andi Kleen
2011-07-28 23:44 ` [PATCH] [47/50] ASoC: Ensure we delay long enough for WM8994 FLL to lock Andi Kleen
2011-07-28 23:44 ` [PATCH] [48/50] SERIAL: SC26xx: Fix link error Andi Kleen
2011-07-28 23:44 ` [PATCH] [49/50] x86, mtrr: lock stop machine during MTRR rendezvous sequence Andi Kleen
2011-07-28 23:44 ` [PATCH] [50/50] ipv6: add special mode forwarding=2 to send RS while Andi Kleen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110728234445.06FC52403FF@tassilo.jf.intel.com \
--to=andi@firstfloor.org \
--cc=ak@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=rostedt@goodmis.org \
--cc=srostedt@redhat.com \
--cc=stable@kernel.org \
--cc=tim.bird@am.sony.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox