* [PATCH 1/2] tracing: Move mutex to protect against resetting of seq data
[not found] <20160925232324.747135083@goodmis.org>
@ 2016-09-25 23:23 ` Steven Rostedt
2016-09-25 23:23 ` [PATCH 2/2] fix memory leaks in tracing_buffers_splice_read() Steven Rostedt
1 sibling, 0 replies; 2+ messages in thread
From: Steven Rostedt @ 2016-09-25 23:23 UTC (permalink / raw)
To: linux-kernel; +Cc: Linus Torvalds, Ingo Molnar, Andrew Morton, Al Viro, stable
[-- Attachment #1: 0001-tracing-Move-mutex-to-protect-against-resetting-of-s.patch --]
[-- Type: text/plain, Size: 1422 bytes --]
From: "Steven Rostedt (Red Hat)" <rostedt@goodmis.org>
The iter->seq can be reset outside the protection of the mutex. So can
reading of user data. Move the mutex up to the beginning of the function.
Fixes: d7350c3f45694 ("tracing/core: make the read callbacks reentrants")
Cc: stable@vger.kernel.org # 2.6.30+
Reported-by: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
---
kernel/trace/trace.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 8a4bd6b68a0b..8fb4847b0450 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -4890,19 +4890,20 @@ tracing_read_pipe(struct file *filp, char __user *ubuf,
struct trace_iterator *iter = filp->private_data;
ssize_t sret;
- /* return any leftover data */
- sret = trace_seq_to_user(&iter->seq, ubuf, cnt);
- if (sret != -EBUSY)
- return sret;
-
- trace_seq_init(&iter->seq);
-
/*
* Avoid more than one consumer on a single file descriptor
* This is just a matter of traces coherency, the ring buffer itself
* is protected.
*/
mutex_lock(&iter->mutex);
+
+ /* return any leftover data */
+ sret = trace_seq_to_user(&iter->seq, ubuf, cnt);
+ if (sret != -EBUSY)
+ goto out;
+
+ trace_seq_init(&iter->seq);
+
if (iter->trace->read) {
sret = iter->trace->read(iter, filp, ubuf, cnt, ppos);
if (sret)
--
2.8.1
^ permalink raw reply related [flat|nested] 2+ messages in thread* [PATCH 2/2] fix memory leaks in tracing_buffers_splice_read()
[not found] <20160925232324.747135083@goodmis.org>
2016-09-25 23:23 ` [PATCH 1/2] tracing: Move mutex to protect against resetting of seq data Steven Rostedt
@ 2016-09-25 23:23 ` Steven Rostedt
1 sibling, 0 replies; 2+ messages in thread
From: Steven Rostedt @ 2016-09-25 23:23 UTC (permalink / raw)
To: linux-kernel
Cc: Linus Torvalds, Ingo Molnar, Andrew Morton, Al Viro, stable,
Al Viro
[-- Attachment #1: 0002-fix-memory-leaks-in-tracing_buffers_splice_read.patch --]
[-- Type: text/plain, Size: 1377 bytes --]
From: Al Viro <viro@zeniv.linux.org.uk>
Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
kernel/trace/trace.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 8fb4847b0450..77eeab2776ef 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -5930,9 +5930,6 @@ tracing_buffers_splice_read(struct file *file, loff_t *ppos,
return -EBUSY;
#endif
- if (splice_grow_spd(pipe, &spd))
- return -ENOMEM;
-
if (*ppos & (PAGE_SIZE - 1))
return -EINVAL;
@@ -5942,6 +5939,9 @@ tracing_buffers_splice_read(struct file *file, loff_t *ppos,
len &= PAGE_MASK;
}
+ if (splice_grow_spd(pipe, &spd))
+ return -ENOMEM;
+
again:
trace_access_lock(iter->cpu_file);
entries = ring_buffer_entries_cpu(iter->trace_buffer->buffer, iter->cpu_file);
@@ -5999,19 +5999,21 @@ tracing_buffers_splice_read(struct file *file, loff_t *ppos,
/* did we read anything? */
if (!spd.nr_pages) {
if (ret)
- return ret;
+ goto out;
+ ret = -EAGAIN;
if ((file->f_flags & O_NONBLOCK) || (flags & SPLICE_F_NONBLOCK))
- return -EAGAIN;
+ goto out;
ret = wait_on_pipe(iter, true);
if (ret)
- return ret;
+ goto out;
goto again;
}
ret = splice_to_pipe(pipe, &spd);
+out:
splice_shrink_spd(&spd);
return ret;
--
2.8.1
^ permalink raw reply related [flat|nested] 2+ messages in thread