tracing: Change tracing_fops/snapshot_fops to rely on tracing_get_cpu()

tracing_open() and tracing_snapshot_open() are racy, the memory inode->i_private points to can be already freed. Convert these last users of "inode->i_private == trace_cpu" to use "i_private = trace_array" and rely on tracing_get_cpu(). v2: incorporate the fix from Steven, tracing_release() must not blindly dereference file->private_data unless we know that the file was opened for reading. Link: http://lkml.kernel.org/r/20130723152610.GA23737@redhat.com Signed-off-by: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
author: Oleg Nesterov <oleg@redhat.com> 2013-07-23 11:26:10 -0400
committer: Steven Rostedt <rostedt@rostedt.homelinux.com> 2013-07-24 11:22:53 -0400
commit: 6484c71cbc170634fa131b6d022d86d61686b88b (patch)
tree: 68f696f4985f368a2fa7f93a2d474fea2c7585db /kernel/trace
parent: 0bc392ee46d0fd8e6b678457ef71f074f19a03c5 (diff)
1 files changed, 22 insertions, 28 deletions
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 68b46851666f..dd7780ddde08 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -2862,9 +2862,9 @@ static const struct seq_operations tracer_seq_ops = {
 };
 static struct trace_iterator *
-__tracing_open(struct trace_array *tr, struct trace_cpu *tc,
+__tracing_open(struct inode *inode, struct file *file, bool snapshot)
-               struct inode *inode, struct file *file, bool snapshot)
 {
+        struct trace_array *tr = inode->i_private;
        struct trace_iterator *iter;
        int cpu;
@@ -2905,8 +2905,8 @@ __tracing_open(struct trace_array *tr, struct trace_cpu *tc,
                iter->trace_buffer = &tr->trace_buffer;
        iter->snapshot = snapshot;
        iter->pos = -1;
+        iter->cpu_file = tracing_get_cpu(inode);
        mutex_init(&iter->mutex);
-        iter->cpu_file = tc->cpu;
        /* Notify the tracer early; before we stop tracing. */
        if (iter->trace && iter->trace->open)
@@ -2986,22 +2986,18 @@ static int tracing_open_generic_tr(struct inode *inode, struct file *filp)
 static int tracing_release(struct inode *inode, struct file *file)
 {
+        struct trace_array *tr = inode->i_private;
        struct seq_file *m = file->private_data;
        struct trace_iterator *iter;
-        struct trace_array *tr;
        int cpu;
-        /* Writes do not use seq_file, need to grab tr from inode */
        if (!(file->f_mode & FMODE_READ)) {
-                struct trace_cpu *tc = inode->i_private;
+                trace_array_put(tr);
-                trace_array_put(tc->tr);
                return 0;
        }
+        /* Writes do not use seq_file */
        iter = m->private;
-        tr = iter->tr;
        mutex_lock(&trace_types_lock);
        for_each_tracing_cpu(cpu) {
@@ -3048,8 +3044,7 @@ static int tracing_single_release_tr(struct inode *inode, struct file *file)
 static int tracing_open(struct inode *inode, struct file *file)
 {
-        struct trace_cpu *tc = inode->i_private;
+        struct trace_array *tr = inode->i_private;
-        struct trace_array *tr = tc->tr;
        struct trace_iterator *iter;
        int ret = 0;
@@ -3057,16 +3052,17 @@ static int tracing_open(struct inode *inode, struct file *file)
                return -ENODEV;
        /* If this file was open for write, then erase contents */
-        if ((file->f_mode & FMODE_WRITE) &&
+        if ((file->f_mode & FMODE_WRITE) && (file->f_flags & O_TRUNC)) {
-            (file->f_flags & O_TRUNC)) {
+                int cpu = tracing_get_cpu(inode);
-                if (tc->cpu == RING_BUFFER_ALL_CPUS)
+                if (cpu == RING_BUFFER_ALL_CPUS)
                        tracing_reset_online_cpus(&tr->trace_buffer);
                else
-                        tracing_reset(&tr->trace_buffer, tc->cpu);
+                        tracing_reset(&tr->trace_buffer, cpu);
        }
        if (file->f_mode & FMODE_READ) {
-                iter = __tracing_open(tr, tc, inode, file, false);
+                iter = __tracing_open(inode, file, false);
                if (IS_ERR(iter))
                        ret = PTR_ERR(iter);
                else if (trace_flags & TRACE_ITER_LATENCY_FMT)
@@ -4680,8 +4676,7 @@ struct ftrace_buffer_info {
 #ifdef CONFIG_TRACER_SNAPSHOT
 static int tracing_snapshot_open(struct inode *inode, struct file *file)
 {
-        struct trace_cpu *tc = inode->i_private;
+        struct trace_array *tr = inode->i_private;
-        struct trace_array *tr = tc->tr;
        struct trace_iterator *iter;
        struct seq_file *m;
        int ret = 0;
@@ -4690,7 +4685,7 @@ static int tracing_snapshot_open(struct inode *inode, struct file *file)
                return -ENODEV;
        if (file->f_mode & FMODE_READ) {
-                iter = __tracing_open(tr, tc, inode, file, true);
+                iter = __tracing_open(inode, file, true);
                if (IS_ERR(iter))
                        ret = PTR_ERR(iter);
        } else {
@@ -4707,8 +4702,8 @@ static int tracing_snapshot_open(struct inode *inode, struct file *file)
                ret = 0;
                iter->tr = tr;
-                iter->trace_buffer = &tc->tr->max_buffer;
+                iter->trace_buffer = &tr->max_buffer;
-                iter->cpu_file = tc->cpu;
+                iter->cpu_file = tracing_get_cpu(inode);
                m->private = iter;
                file->private_data = m;
        }
@@ -5525,7 +5520,6 @@ trace_create_cpu_file(const char *name, umode_t mode, struct dentry *parent,
 static void
 tracing_init_debugfs_percpu(struct trace_array *tr, long cpu)
 {
-        struct trace_array_cpu *data = per_cpu_ptr(tr->trace_buffer.data, cpu);
        struct dentry *d_percpu = tracing_dentry_percpu(tr, cpu);
        struct dentry *d_cpu;
        char cpu_dir[30]; /* 30 characters should be more than enough */
@@ -5546,7 +5540,7 @@ tracing_init_debugfs_percpu(struct trace_array *tr, long cpu)
        /* per cpu trace */
        trace_create_cpu_file("trace", 0644, d_cpu,
-                                &data->trace_cpu, cpu, &tracing_fops);
+                                tr, cpu, &tracing_fops);
        trace_create_cpu_file("trace_pipe_raw", 0444, d_cpu,
                                tr, cpu, &tracing_buffers_fops);
@@ -5559,7 +5553,7 @@ tracing_init_debugfs_percpu(struct trace_array *tr, long cpu)
 #ifdef CONFIG_TRACER_SNAPSHOT
        trace_create_cpu_file("snapshot", 0644, d_cpu,
-                                &data->trace_cpu, cpu, &snapshot_fops);
+                                tr, cpu, &snapshot_fops);
        trace_create_cpu_file("snapshot_raw", 0444, d_cpu,
                                tr, cpu, &snapshot_raw_fops);
@@ -6125,7 +6119,7 @@ init_tracer_debugfs(struct trace_array *tr, struct dentry *d_tracer)
                          tr, &tracing_iter_fops);
        trace_create_file("trace", 0644, d_tracer,
-                        (void *)&tr->trace_cpu, &tracing_fops);
+                          tr, &tracing_fops);
        trace_create_file("trace_pipe", 0444, d_tracer,
                          tr, &tracing_pipe_fops);
@@ -6146,11 +6140,11 @@ init_tracer_debugfs(struct trace_array *tr, struct dentry *d_tracer)
                          &trace_clock_fops);
        trace_create_file("tracing_on", 0644, d_tracer,
-                            tr, &rb_simple_fops);
+                          tr, &rb_simple_fops);
 #ifdef CONFIG_TRACER_SNAPSHOT
        trace_create_file("snapshot", 0644, d_tracer,
-                          (void *)&tr->trace_cpu, &snapshot_fops);
+                          tr, &snapshot_fops);
 #endif
        for_each_tracing_cpu(cpu)
author	Oleg Nesterov <oleg@redhat.com>	2013-07-23 11:26:10 -0400
committer	Steven Rostedt <rostedt@rostedt.homelinux.com>	2013-07-24 11:22:53 -0400
commit	6484c71cbc170634fa131b6d022d86d61686b88b (patch)
tree	68f696f4985f368a2fa7f93a2d474fea2c7585db /kernel/trace
parent	0bc392ee46d0fd8e6b678457ef71f074f19a03c5 (diff)

diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index 68b46851666f..dd7780ddde08 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c
@@ -2862,9 +2862,9 @@ static const struct seq_operations tracer_seq_ops = {
2862	};	2862	};
2863		2863
2864	static struct trace_iterator *	2864	static struct trace_iterator *
2865	__tracing_open(struct trace_array tr, struct trace_cpu tc,	2865	__tracing_open(struct inode inode, struct file file, bool snapshot)
2866	struct inode inode, struct file file, bool snapshot)
2867	{	2866	{
		2867	struct trace_array *tr = inode->i_private;
2868	struct trace_iterator *iter;	2868	struct trace_iterator *iter;
2869	int cpu;	2869	int cpu;
2870		2870
@@ -2905,8 +2905,8 @@ __tracing_open(struct trace_array tr, struct trace_cpu tc,
2905	iter->trace_buffer = &tr->trace_buffer;	2905	iter->trace_buffer = &tr->trace_buffer;
2906	iter->snapshot = snapshot;	2906	iter->snapshot = snapshot;
2907	iter->pos = -1;	2907	iter->pos = -1;
		2908	iter->cpu_file = tracing_get_cpu(inode);
2908	mutex_init(&iter->mutex);	2909	mutex_init(&iter->mutex);
2909	iter->cpu_file = tc->cpu;
2910		2910
2911	/* Notify the tracer early; before we stop tracing. */	2911	/* Notify the tracer early; before we stop tracing. */
2912	if (iter->trace && iter->trace->open)	2912	if (iter->trace && iter->trace->open)
@@ -2986,22 +2986,18 @@ static int tracing_open_generic_tr(struct inode inode, struct file filp)
2986		2986
2987	static int tracing_release(struct inode inode, struct file file)	2987	static int tracing_release(struct inode inode, struct file file)
2988	{	2988	{
		2989	struct trace_array *tr = inode->i_private;
2989	struct seq_file *m = file->private_data;	2990	struct seq_file *m = file->private_data;
2990	struct trace_iterator *iter;	2991	struct trace_iterator *iter;
2991	struct trace_array *tr;
2992	int cpu;	2992	int cpu;
2993		2993
2994	/* Writes do not use seq_file, need to grab tr from inode */
2995	if (!(file->f_mode & FMODE_READ)) {	2994	if (!(file->f_mode & FMODE_READ)) {
2996	struct trace_cpu *tc = inode->i_private;	2995	trace_array_put(tr);
2997
2998	trace_array_put(tc->tr);
2999	return 0;	2996	return 0;
3000	}	2997	}
3001		2998
		2999	/* Writes do not use seq_file */
3002	iter = m->private;	3000	iter = m->private;
3003	tr = iter->tr;
3004
3005	mutex_lock(&trace_types_lock);	3001	mutex_lock(&trace_types_lock);
3006		3002
3007	for_each_tracing_cpu(cpu) {	3003	for_each_tracing_cpu(cpu) {
@@ -3048,8 +3044,7 @@ static int tracing_single_release_tr(struct inode inode, struct file file)
3048		3044
3049	static int tracing_open(struct inode inode, struct file file)	3045	static int tracing_open(struct inode inode, struct file file)
3050	{	3046	{
3051	struct trace_cpu *tc = inode->i_private;	3047	struct trace_array *tr = inode->i_private;
3052	struct trace_array *tr = tc->tr;
3053	struct trace_iterator *iter;	3048	struct trace_iterator *iter;
3054	int ret = 0;	3049	int ret = 0;
3055		3050
@@ -3057,16 +3052,17 @@ static int tracing_open(struct inode inode, struct file file)
3057	return -ENODEV;	3052	return -ENODEV;
3058		3053
3059	/* If this file was open for write, then erase contents */	3054	/* If this file was open for write, then erase contents */
3060	if ((file->f_mode & FMODE_WRITE) &&	3055	if ((file->f_mode & FMODE_WRITE) && (file->f_flags & O_TRUNC)) {
3061	(file->f_flags & O_TRUNC)) {	3056	int cpu = tracing_get_cpu(inode);
3062	if (tc->cpu == RING_BUFFER_ALL_CPUS)	3057
		3058	if (cpu == RING_BUFFER_ALL_CPUS)
3063	tracing_reset_online_cpus(&tr->trace_buffer);	3059	tracing_reset_online_cpus(&tr->trace_buffer);
3064	else	3060	else
3065	tracing_reset(&tr->trace_buffer, tc->cpu);	3061	tracing_reset(&tr->trace_buffer, cpu);
3066	}	3062	}
3067		3063
3068	if (file->f_mode & FMODE_READ) {	3064	if (file->f_mode & FMODE_READ) {
3069	iter = __tracing_open(tr, tc, inode, file, false);	3065	iter = __tracing_open(inode, file, false);
3070	if (IS_ERR(iter))	3066	if (IS_ERR(iter))
3071	ret = PTR_ERR(iter);	3067	ret = PTR_ERR(iter);
3072	else if (trace_flags & TRACE_ITER_LATENCY_FMT)	3068	else if (trace_flags & TRACE_ITER_LATENCY_FMT)
@@ -4680,8 +4676,7 @@ struct ftrace_buffer_info {
4680	#ifdef CONFIG_TRACER_SNAPSHOT	4676	#ifdef CONFIG_TRACER_SNAPSHOT
4681	static int tracing_snapshot_open(struct inode inode, struct file file)	4677	static int tracing_snapshot_open(struct inode inode, struct file file)
4682	{	4678	{
4683	struct trace_cpu *tc = inode->i_private;	4679	struct trace_array *tr = inode->i_private;
4684	struct trace_array *tr = tc->tr;
4685	struct trace_iterator *iter;	4680	struct trace_iterator *iter;
4686	struct seq_file *m;	4681	struct seq_file *m;
4687	int ret = 0;	4682	int ret = 0;
@@ -4690,7 +4685,7 @@ static int tracing_snapshot_open(struct inode inode, struct file file)
4690	return -ENODEV;	4685	return -ENODEV;
4691		4686
4692	if (file->f_mode & FMODE_READ) {	4687	if (file->f_mode & FMODE_READ) {
4693	iter = __tracing_open(tr, tc, inode, file, true);	4688	iter = __tracing_open(inode, file, true);
4694	if (IS_ERR(iter))	4689	if (IS_ERR(iter))
4695	ret = PTR_ERR(iter);	4690	ret = PTR_ERR(iter);
4696	} else {	4691	} else {
@@ -4707,8 +4702,8 @@ static int tracing_snapshot_open(struct inode inode, struct file file)
4707	ret = 0;	4702	ret = 0;
4708		4703
4709	iter->tr = tr;	4704	iter->tr = tr;
4710	iter->trace_buffer = &tc->tr->max_buffer;	4705	iter->trace_buffer = &tr->max_buffer;
4711	iter->cpu_file = tc->cpu;	4706	iter->cpu_file = tracing_get_cpu(inode);
4712	m->private = iter;	4707	m->private = iter;
4713	file->private_data = m;	4708	file->private_data = m;
4714	}	4709	}
@@ -5525,7 +5520,6 @@ trace_create_cpu_file(const char name, umode_t mode, struct dentry parent,
5525	static void	5520	static void
5526	tracing_init_debugfs_percpu(struct trace_array *tr, long cpu)	5521	tracing_init_debugfs_percpu(struct trace_array *tr, long cpu)
5527	{	5522	{
5528	struct trace_array_cpu *data = per_cpu_ptr(tr->trace_buffer.data, cpu);
5529	struct dentry *d_percpu = tracing_dentry_percpu(tr, cpu);	5523	struct dentry *d_percpu = tracing_dentry_percpu(tr, cpu);
5530	struct dentry *d_cpu;	5524	struct dentry *d_cpu;
5531	char cpu_dir[30]; /* 30 characters should be more than enough */	5525	char cpu_dir[30]; /* 30 characters should be more than enough */
@@ -5546,7 +5540,7 @@ tracing_init_debugfs_percpu(struct trace_array *tr, long cpu)
5546		5540
5547	/* per cpu trace */	5541	/* per cpu trace */
5548	trace_create_cpu_file("trace", 0644, d_cpu,	5542	trace_create_cpu_file("trace", 0644, d_cpu,
5549	&data->trace_cpu, cpu, &tracing_fops);	5543	tr, cpu, &tracing_fops);
5550		5544
5551	trace_create_cpu_file("trace_pipe_raw", 0444, d_cpu,	5545	trace_create_cpu_file("trace_pipe_raw", 0444, d_cpu,
5552	tr, cpu, &tracing_buffers_fops);	5546	tr, cpu, &tracing_buffers_fops);
@@ -5559,7 +5553,7 @@ tracing_init_debugfs_percpu(struct trace_array *tr, long cpu)
5559		5553
5560	#ifdef CONFIG_TRACER_SNAPSHOT	5554	#ifdef CONFIG_TRACER_SNAPSHOT
5561	trace_create_cpu_file("snapshot", 0644, d_cpu,	5555	trace_create_cpu_file("snapshot", 0644, d_cpu,
5562	&data->trace_cpu, cpu, &snapshot_fops);	5556	tr, cpu, &snapshot_fops);
5563		5557
5564	trace_create_cpu_file("snapshot_raw", 0444, d_cpu,	5558	trace_create_cpu_file("snapshot_raw", 0444, d_cpu,
5565	tr, cpu, &snapshot_raw_fops);	5559	tr, cpu, &snapshot_raw_fops);
@@ -6125,7 +6119,7 @@ init_tracer_debugfs(struct trace_array tr, struct dentry d_tracer)
6125	tr, &tracing_iter_fops);	6119	tr, &tracing_iter_fops);
6126		6120
6127	trace_create_file("trace", 0644, d_tracer,	6121	trace_create_file("trace", 0644, d_tracer,
6128	(void *)&tr->trace_cpu, &tracing_fops);	6122	tr, &tracing_fops);
6129		6123
6130	trace_create_file("trace_pipe", 0444, d_tracer,	6124	trace_create_file("trace_pipe", 0444, d_tracer,
6131	tr, &tracing_pipe_fops);	6125	tr, &tracing_pipe_fops);
@@ -6146,11 +6140,11 @@ init_tracer_debugfs(struct trace_array tr, struct dentry d_tracer)
6146	&trace_clock_fops);	6140	&trace_clock_fops);
6147		6141
6148	trace_create_file("tracing_on", 0644, d_tracer,	6142	trace_create_file("tracing_on", 0644, d_tracer,
6149	tr, &rb_simple_fops);	6143	tr, &rb_simple_fops);
6150		6144
6151	#ifdef CONFIG_TRACER_SNAPSHOT	6145	#ifdef CONFIG_TRACER_SNAPSHOT
6152	trace_create_file("snapshot", 0644, d_tracer,	6146	trace_create_file("snapshot", 0644, d_tracer,
6153	(void *)&tr->trace_cpu, &snapshot_fops);	6147	tr, &snapshot_fops);
6154	#endif	6148	#endif
6155		6149
6156	for_each_tracing_cpu(cpu)	6150	for_each_tracing_cpu(cpu)