[PATCH 1/2] tracing: Move mutex to protect against resetting of seq data

stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH 1/2] tracing: Move mutex to protect against resetting of seq data
       [not found] <20160925232324.747135083@goodmis.org>
@ 2016-09-25 23:23 ` Steven Rostedt
  2016-09-25 23:23 ` [PATCH 2/2] fix memory leaks in tracing_buffers_splice_read() Steven Rostedt
  1 sibling, 0 replies; 2+ messages in thread
From: Steven Rostedt @ 2016-09-25 23:23 UTC (permalink / raw)
  To: linux-kernel; +Cc: Linus Torvalds, Ingo Molnar, Andrew Morton, Al Viro, stable

[-- Attachment #1: 0001-tracing-Move-mutex-to-protect-against-resetting-of-s.patch --]
[-- Type: text/plain, Size: 1422 bytes --]

From: "Steven Rostedt (Red Hat)" <rostedt@goodmis.org>

The iter->seq can be reset outside the protection of the mutex. So can
reading of user data. Move the mutex up to the beginning of the function.

Fixes: d7350c3f45694 ("tracing/core: make the read callbacks reentrants")
Cc: stable@vger.kernel.org # 2.6.30+
Reported-by: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
---
 kernel/trace/trace.c | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 8a4bd6b68a0b..8fb4847b0450 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -4890,19 +4890,20 @@ tracing_read_pipe(struct file *filp, char __user *ubuf,
 	struct trace_iterator *iter = filp->private_data;
 	ssize_t sret;
 
-	/* return any leftover data */
-	sret = trace_seq_to_user(&iter->seq, ubuf, cnt);
-	if (sret != -EBUSY)
-		return sret;
-
-	trace_seq_init(&iter->seq);
-
 	/*
 	 * Avoid more than one consumer on a single file descriptor
 	 * This is just a matter of traces coherency, the ring buffer itself
 	 * is protected.
 	 */
 	mutex_lock(&iter->mutex);
+
+	/* return any leftover data */
+	sret = trace_seq_to_user(&iter->seq, ubuf, cnt);
+	if (sret != -EBUSY)
+		goto out;
+
+	trace_seq_init(&iter->seq);
+
 	if (iter->trace->read) {
 		sret = iter->trace->read(iter, filp, ubuf, cnt, ppos);
 		if (sret)
-- 
2.8.1



^ permalink raw reply related	[flat|nested] 2+ messages in thread

* [PATCH 2/2] fix memory leaks in tracing_buffers_splice_read()
       [not found] <20160925232324.747135083@goodmis.org>
  2016-09-25 23:23 ` [PATCH 1/2] tracing: Move mutex to protect against resetting of seq data Steven Rostedt
@ 2016-09-25 23:23 ` Steven Rostedt
  1 sibling, 0 replies; 2+ messages in thread
From: Steven Rostedt @ 2016-09-25 23:23 UTC (permalink / raw)
  To: linux-kernel
  Cc: Linus Torvalds, Ingo Molnar, Andrew Morton, Al Viro, stable,
	Al Viro

[-- Attachment #1: 0002-fix-memory-leaks-in-tracing_buffers_splice_read.patch --]
[-- Type: text/plain, Size: 1377 bytes --]

From: Al Viro <viro@zeniv.linux.org.uk>

Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 kernel/trace/trace.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 8fb4847b0450..77eeab2776ef 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -5930,9 +5930,6 @@ tracing_buffers_splice_read(struct file *file, loff_t *ppos,
 		return -EBUSY;
 #endif
 
-	if (splice_grow_spd(pipe, &spd))
-		return -ENOMEM;
-
 	if (*ppos & (PAGE_SIZE - 1))
 		return -EINVAL;
 
@@ -5942,6 +5939,9 @@ tracing_buffers_splice_read(struct file *file, loff_t *ppos,
 		len &= PAGE_MASK;
 	}
 
+	if (splice_grow_spd(pipe, &spd))
+		return -ENOMEM;
+
  again:
 	trace_access_lock(iter->cpu_file);
 	entries = ring_buffer_entries_cpu(iter->trace_buffer->buffer, iter->cpu_file);
@@ -5999,19 +5999,21 @@ tracing_buffers_splice_read(struct file *file, loff_t *ppos,
 	/* did we read anything? */
 	if (!spd.nr_pages) {
 		if (ret)
-			return ret;
+			goto out;
 
+		ret = -EAGAIN;
 		if ((file->f_flags & O_NONBLOCK) || (flags & SPLICE_F_NONBLOCK))
-			return -EAGAIN;
+			goto out;
 
 		ret = wait_on_pipe(iter, true);
 		if (ret)
-			return ret;
+			goto out;
 
 		goto again;
 	}
 
 	ret = splice_to_pipe(pipe, &spd);
+out:
 	splice_shrink_spd(&spd);
 
 	return ret;
-- 
2.8.1



^ permalink raw reply related	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2016-09-25 23:25 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <20160925232324.747135083@goodmis.org>
2016-09-25 23:23 ` [PATCH 1/2] tracing: Move mutex to protect against resetting of seq data Steven Rostedt
2016-09-25 23:23 ` [PATCH 2/2] fix memory leaks in tracing_buffers_splice_read() Steven Rostedt

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).