diff options
author | Steven Rostedt <srostedt@redhat.com> | 2009-03-26 10:25:24 -0400 |
---|---|---|
committer | Steven Rostedt <rostedt@goodmis.org> | 2009-04-23 23:01:36 -0400 |
commit | 9be24414aad047dcf9d8d2a9a929321536c7ebec (patch) | |
tree | c4299c263acf1859ff59a3cb03a26826e7d57660 /kernel | |
parent | 6a74aa40907757ec98d8710ff66cd4cfe064e7d8 (diff) |
tracing/wakeup: move access to wakeup_cpu into spinlock
The code had the following outside the lock:
if (next != wakeup_task)
return;
pc = preempt_count();
/* The task we are waiting for is waking up */
data = wakeup_trace->data[wakeup_cpu];
On initialization, wakeup_task is NULL and wakeup_cpu -1. This code
is not under a lock. If wakeup_task is set on another CPU as that
task is waking up, we can see the wakeup_task before wakeup_cpu is
set. If we read wakeup_cpu while it is still -1 then we will have
a bad data pointer.
This patch moves the reading of wakeup_cpu within the protection of
the spinlock used to protect the writing of wakeup_cpu and wakeup_task.
[ Impact: remove possible race causing invalid pointer dereference ]
Reported-by: Maneesh Soni <maneesh@in.ibm.com>
Signed-off-by: Steven Rostedt <srostedt@redhat.com>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/trace/trace_sched_wakeup.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/kernel/trace/trace_sched_wakeup.c b/kernel/trace/trace_sched_wakeup.c index b8b13c5540fd..eacb27225173 100644 --- a/kernel/trace/trace_sched_wakeup.c +++ b/kernel/trace/trace_sched_wakeup.c | |||
@@ -138,9 +138,6 @@ probe_wakeup_sched_switch(struct rq *rq, struct task_struct *prev, | |||
138 | 138 | ||
139 | pc = preempt_count(); | 139 | pc = preempt_count(); |
140 | 140 | ||
141 | /* The task we are waiting for is waking up */ | ||
142 | data = wakeup_trace->data[wakeup_cpu]; | ||
143 | |||
144 | /* disable local data, not wakeup_cpu data */ | 141 | /* disable local data, not wakeup_cpu data */ |
145 | cpu = raw_smp_processor_id(); | 142 | cpu = raw_smp_processor_id(); |
146 | disabled = atomic_inc_return(&wakeup_trace->data[cpu]->disabled); | 143 | disabled = atomic_inc_return(&wakeup_trace->data[cpu]->disabled); |
@@ -154,6 +151,9 @@ probe_wakeup_sched_switch(struct rq *rq, struct task_struct *prev, | |||
154 | if (unlikely(!tracer_enabled || next != wakeup_task)) | 151 | if (unlikely(!tracer_enabled || next != wakeup_task)) |
155 | goto out_unlock; | 152 | goto out_unlock; |
156 | 153 | ||
154 | /* The task we are waiting for is waking up */ | ||
155 | data = wakeup_trace->data[wakeup_cpu]; | ||
156 | |||
157 | trace_function(wakeup_trace, CALLER_ADDR0, CALLER_ADDR1, flags, pc); | 157 | trace_function(wakeup_trace, CALLER_ADDR0, CALLER_ADDR1, flags, pc); |
158 | tracing_sched_switch_trace(wakeup_trace, prev, next, flags, pc); | 158 | tracing_sched_switch_trace(wakeup_trace, prev, next, flags, pc); |
159 | 159 | ||