tracing: Fix race between deleting buffer and setting events

commit 2a6c24afab70dbcfee49f4c76e1511eec1a3298b upstream. While analyzing the code, I discovered that there's a potential race between deleting a trace instance and setting events. There are a few races that can occur if events are being traced as the buffer is being deleted. Mostly the problem comes with freeing the descriptor used by the trace event callback. To prevent problems like this, the events are disabled before the buffer is deleted. The problem with the current solution is that the event_mutex is let go between disabling the events and freeing the files, which means that the events could be enabled again while the freeing takes place. Signed-off-by: Steven Rostedt <rostedt@goodmis.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Steven Rostedt (Red Hat) <rostedt@goodmis.org> 2013-07-02 14:48:23 -0400
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2013-07-25 17:07:43 -0400
commit: 68cebd265c91873277cf100e7ac1d047c6598ddf (patch)
tree: 40e9d76980fa3df077908b1401fec8e4d97e7cec /kernel
parent: 6492334c86dfb441af456337dc3217c2a430f141 (diff)
1 files changed, 17 insertions, 6 deletions
diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c
index f82d92dbd614..32b9895af239 100644
--- a/kernel/trace/trace_events.c
+++ b/kernel/trace/trace_events.c
@@ -415,14 +415,14 @@ static void put_system(struct ftrace_subsystem_dir *dir)
 /*
 * __ftrace_set_clr_event(NULL, NULL, NULL, set) will set/unset all events.
 */
-static int __ftrace_set_clr_event(struct trace_array *tr, const char *match,
+static int
-                                  const char *sub, const char *event, int set)
+__ftrace_set_clr_event_nolock(struct trace_array *tr, const char *match,
+                              const char *sub, const char *event, int set)
 {
        struct ftrace_event_file *file;
        struct ftrace_event_call *call;
        int ret = -EINVAL;
-        mutex_lock(&event_mutex);
        list_for_each_entry(file, &tr->events, list) {
                call = file->event_call;
@@ -448,6 +448,17 @@ static int __ftrace_set_clr_event(struct trace_array *tr, const char *match,
                ret = 0;
        }
+        return ret;
+}
+static int __ftrace_set_clr_event(struct trace_array *tr, const char *match,
+                                  const char *sub, const char *event, int set)
+{
+        int ret;
+        mutex_lock(&event_mutex);
+        ret = __ftrace_set_clr_event_nolock(tr, match, sub, event, set);
        mutex_unlock(&event_mutex);
        return ret;
@@ -2367,11 +2378,11 @@ early_event_add_tracer(struct dentry *parent, struct trace_array *tr)
 int event_trace_del_tracer(struct trace_array *tr)
 {
-        /* Disable any running events */
-        __ftrace_set_clr_event(tr, NULL, NULL, NULL, 0);
        mutex_lock(&event_mutex);
+        /* Disable any running events */
+        __ftrace_set_clr_event_nolock(tr, NULL, NULL, NULL, 0);
        down_write(&trace_event_sem);
        __trace_remove_event_dirs(tr);
        debugfs_remove_recursive(tr->event_dir);
author	Steven Rostedt (Red Hat) <rostedt@goodmis.org>	2013-07-02 14:48:23 -0400
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2013-07-25 17:07:43 -0400
commit	68cebd265c91873277cf100e7ac1d047c6598ddf (patch)
tree	40e9d76980fa3df077908b1401fec8e4d97e7cec /kernel
parent	6492334c86dfb441af456337dc3217c2a430f141 (diff)