Merge tag 'trace-fixes-v3.18-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace

Pull tracing fix from Steven Rostedt: "Rabin Vincent found a way that tracing could cause an infinite loop in the kernel. The splice logic wants a full page from the ring buffer but the ring_buffer_wait() returns when there's any data in the ring buffer. The splice code would then continue the loop waiting for a full page. But if a full page never happens, the splice code will never sleep and just continue to loop. There's another case that Rabin fixed that could loop if there's no memory and kmalloc() constantly returns NULL" * tag 'trace-fixes-v3.18-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: tracing: Do not risk busy looping in buffer splice tracing: Do not busy wait in buffer splice
author: Linus Torvalds <torvalds@linux-foundation.org> 2014-11-12 17:02:29 -0500
committer: Linus Torvalds <torvalds@linux-foundation.org> 2014-11-12 17:02:29 -0500
commit: 15e5cda9e676c712e56de9fb63079da6530d10ad (patch)
tree: 6afa99cd4d4b6908b1f0efab97ad3665d9654785 /kernel/trace/trace.c
parent: 9d1f9c73dfcccca7de4a9fdaec40c60c4e5497a4 (diff)
parent: 07906da78810dce5fd35b9449358c9208c693dca (diff)
1 files changed, 15 insertions, 18 deletions
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 8a528392b1f4..92f4a6cee172 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -1076,13 +1076,14 @@ update_max_tr_single(struct trace_array *tr, struct task_struct *tsk, int cpu)
 }
 #endif /* CONFIG_TRACER_MAX_TRACE */
-static int wait_on_pipe(struct trace_iterator *iter)
+static int wait_on_pipe(struct trace_iterator *iter, bool full)
 {
        /* Iterators are static, they should be filled or empty */
        if (trace_buffer_iter(iter, iter->cpu_file))
                return 0;
-        return ring_buffer_wait(iter->trace_buffer->buffer, iter->cpu_file);
+        return ring_buffer_wait(iter->trace_buffer->buffer, iter->cpu_file,
+                                full);
 }
 #ifdef CONFIG_FTRACE_STARTUP_TEST
@@ -4434,15 +4435,12 @@ static int tracing_wait_pipe(struct file *filp)
                mutex_unlock(&iter->mutex);
-                ret = wait_on_pipe(iter);
+                ret = wait_on_pipe(iter, false);
                mutex_lock(&iter->mutex);
                if (ret)
                        return ret;
-                if (signal_pending(current))
-                        return -EINTR;
        }
        return 1;
@@ -5372,16 +5370,12 @@ tracing_buffers_read(struct file *filp, char __user *ubuf,
                                goto out_unlock;
                        }
                        mutex_unlock(&trace_types_lock);
-                        ret = wait_on_pipe(iter);
+                        ret = wait_on_pipe(iter, false);
                        mutex_lock(&trace_types_lock);
                        if (ret) {
                                size = ret;
                                goto out_unlock;
                        }
-                        if (signal_pending(current)) {
-                                size = -EINTR;
-                                goto out_unlock;
-                        }
                        goto again;
                }
                size = 0;
@@ -5500,7 +5494,7 @@ tracing_buffers_splice_read(struct file *file, loff_t *ppos,
        };
        struct buffer_ref *ref;
        int entries, size, i;
-        ssize_t ret;
+        ssize_t ret = 0;
        mutex_lock(&trace_types_lock);
@@ -5538,13 +5532,16 @@ tracing_buffers_splice_read(struct file *file, loff_t *ppos,
                int r;
                ref = kzalloc(sizeof(*ref), GFP_KERNEL);
-                if (!ref)
+                if (!ref) {
+                        ret = -ENOMEM;
                        break;
+                }
                ref->ref = 1;
                ref->buffer = iter->trace_buffer->buffer;
                ref->page = ring_buffer_alloc_read_page(ref->buffer, iter->cpu_file);
                if (!ref->page) {
+                        ret = -ENOMEM;
                        kfree(ref);
                        break;
                }
@@ -5582,19 +5579,19 @@ tracing_buffers_splice_read(struct file *file, loff_t *ppos,
        /* did we read anything? */
        if (!spd.nr_pages) {
+                if (ret)
+                        goto out;
                if ((file->f_flags & O_NONBLOCK) || (flags & SPLICE_F_NONBLOCK)) {
                        ret = -EAGAIN;
                        goto out;
                }
                mutex_unlock(&trace_types_lock);
-                ret = wait_on_pipe(iter);
+                ret = wait_on_pipe(iter, true);
                mutex_lock(&trace_types_lock);
                if (ret)
                        goto out;
-                if (signal_pending(current)) {
-                        ret = -EINTR;
-                        goto out;
-                }
                goto again;
        }
author	Linus Torvalds <torvalds@linux-foundation.org>	2014-11-12 17:02:29 -0500
committer	Linus Torvalds <torvalds@linux-foundation.org>	2014-11-12 17:02:29 -0500
commit	15e5cda9e676c712e56de9fb63079da6530d10ad (patch)
tree	6afa99cd4d4b6908b1f0efab97ad3665d9654785 /kernel/trace/trace.c
parent	9d1f9c73dfcccca7de4a9fdaec40c60c4e5497a4 (diff)
parent	07906da78810dce5fd35b9449358c9208c693dca (diff)

diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index 8a528392b1f4..92f4a6cee172 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c
@@ -1076,13 +1076,14 @@ update_max_tr_single(struct trace_array tr, struct task_struct tsk, int cpu)
1076	}	1076	}
1077	#endif /* CONFIG_TRACER_MAX_TRACE */	1077	#endif /* CONFIG_TRACER_MAX_TRACE */
1078		1078
1079	static int wait_on_pipe(struct trace_iterator *iter)	1079	static int wait_on_pipe(struct trace_iterator *iter, bool full)
1080	{	1080	{
1081	/* Iterators are static, they should be filled or empty */	1081	/* Iterators are static, they should be filled or empty */
1082	if (trace_buffer_iter(iter, iter->cpu_file))	1082	if (trace_buffer_iter(iter, iter->cpu_file))
1083	return 0;	1083	return 0;
1084		1084
1085	return ring_buffer_wait(iter->trace_buffer->buffer, iter->cpu_file);	1085	return ring_buffer_wait(iter->trace_buffer->buffer, iter->cpu_file,
		1086	full);
1086	}	1087	}
1087		1088
1088	#ifdef CONFIG_FTRACE_STARTUP_TEST	1089	#ifdef CONFIG_FTRACE_STARTUP_TEST
@@ -4434,15 +4435,12 @@ static int tracing_wait_pipe(struct file *filp)
4434		4435
4435	mutex_unlock(&iter->mutex);	4436	mutex_unlock(&iter->mutex);
4436		4437
4437	ret = wait_on_pipe(iter);	4438	ret = wait_on_pipe(iter, false);
4438		4439
4439	mutex_lock(&iter->mutex);	4440	mutex_lock(&iter->mutex);
4440		4441
4441	if (ret)	4442	if (ret)
4442	return ret;	4443	return ret;
4443
4444	if (signal_pending(current))
4445	return -EINTR;
4446	}	4444	}
4447		4445
4448	return 1;	4446	return 1;
@@ -5372,16 +5370,12 @@ tracing_buffers_read(struct file filp, char __user ubuf,
5372	goto out_unlock;	5370	goto out_unlock;
5373	}	5371	}
5374	mutex_unlock(&trace_types_lock);	5372	mutex_unlock(&trace_types_lock);
5375	ret = wait_on_pipe(iter);	5373	ret = wait_on_pipe(iter, false);
5376	mutex_lock(&trace_types_lock);	5374	mutex_lock(&trace_types_lock);
5377	if (ret) {	5375	if (ret) {
5378	size = ret;	5376	size = ret;
5379	goto out_unlock;	5377	goto out_unlock;
5380	}	5378	}
5381	if (signal_pending(current)) {
5382	size = -EINTR;
5383	goto out_unlock;
5384	}
5385	goto again;	5379	goto again;
5386	}	5380	}
5387	size = 0;	5381	size = 0;
@@ -5500,7 +5494,7 @@ tracing_buffers_splice_read(struct file file, loff_t ppos,
5500	};	5494	};
5501	struct buffer_ref *ref;	5495	struct buffer_ref *ref;
5502	int entries, size, i;	5496	int entries, size, i;
5503	ssize_t ret;	5497	ssize_t ret = 0;
5504		5498
5505	mutex_lock(&trace_types_lock);	5499	mutex_lock(&trace_types_lock);
5506		5500
@@ -5538,13 +5532,16 @@ tracing_buffers_splice_read(struct file file, loff_t ppos,
5538	int r;	5532	int r;
5539		5533
5540	ref = kzalloc(sizeof(*ref), GFP_KERNEL);	5534	ref = kzalloc(sizeof(*ref), GFP_KERNEL);
5541	if (!ref)	5535	if (!ref) {
		5536	ret = -ENOMEM;
5542	break;	5537	break;
		5538	}
5543		5539
5544	ref->ref = 1;	5540	ref->ref = 1;
5545	ref->buffer = iter->trace_buffer->buffer;	5541	ref->buffer = iter->trace_buffer->buffer;
5546	ref->page = ring_buffer_alloc_read_page(ref->buffer, iter->cpu_file);	5542	ref->page = ring_buffer_alloc_read_page(ref->buffer, iter->cpu_file);
5547	if (!ref->page) {	5543	if (!ref->page) {
		5544	ret = -ENOMEM;
5548	kfree(ref);	5545	kfree(ref);
5549	break;	5546	break;
5550	}	5547	}
@@ -5582,19 +5579,19 @@ tracing_buffers_splice_read(struct file file, loff_t ppos,
5582		5579
5583	/* did we read anything? */	5580	/* did we read anything? */
5584	if (!spd.nr_pages) {	5581	if (!spd.nr_pages) {
		5582	if (ret)
		5583	goto out;
		5584
5585	if ((file->f_flags & O_NONBLOCK) \|\| (flags & SPLICE_F_NONBLOCK)) {	5585	if ((file->f_flags & O_NONBLOCK) \|\| (flags & SPLICE_F_NONBLOCK)) {
5586	ret = -EAGAIN;	5586	ret = -EAGAIN;
5587	goto out;	5587	goto out;
5588	}	5588	}
5589	mutex_unlock(&trace_types_lock);	5589	mutex_unlock(&trace_types_lock);
5590	ret = wait_on_pipe(iter);	5590	ret = wait_on_pipe(iter, true);
5591	mutex_lock(&trace_types_lock);	5591	mutex_lock(&trace_types_lock);
5592	if (ret)	5592	if (ret)
5593	goto out;	5593	goto out;
5594	if (signal_pending(current)) {	5594
5595	ret = -EINTR;
5596	goto out;
5597	}
5598	goto again;	5595	goto again;
5599	}	5596	}
5600		5597