diff options
author | Oleg Nesterov <oleg@redhat.com> | 2013-07-26 13:25:36 -0400 |
---|---|---|
committer | Steven Rostedt <rostedt@goodmis.org> | 2013-07-29 22:05:40 -0400 |
commit | bc6f6b08dee5645770efb4b76186ded313f23752 (patch) | |
tree | 4f2a94646a39b8454e21bed38f093f73c8752345 /kernel | |
parent | 1a11126bcb7c93c289bf3218fa546fd3b0c0df8b (diff) |
tracing: Change event_enable/disable_read() to verify i_private != NULL
tracing_open_generic_file() is racy, ftrace_event_file can be
already freed by rmdir or trace_remove_event_call().
Change event_enable_read() and event_disable_read() to read and
verify "file = i_private" under event_mutex.
This fixes nothing, but now we can change debugfs_remove("enable")
callers to nullify ->i_private and fix the the problem.
Link: http://lkml.kernel.org/r/20130726172536.GA3612@redhat.com
Reviewed-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/trace/trace_events.c | 30 |
1 files changed, 20 insertions, 10 deletions
diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c index c2d13c528c3c..3dfa8419d0dc 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c | |||
@@ -684,15 +684,25 @@ static ssize_t | |||
684 | event_enable_read(struct file *filp, char __user *ubuf, size_t cnt, | 684 | event_enable_read(struct file *filp, char __user *ubuf, size_t cnt, |
685 | loff_t *ppos) | 685 | loff_t *ppos) |
686 | { | 686 | { |
687 | struct ftrace_event_file *file = filp->private_data; | 687 | struct ftrace_event_file *file; |
688 | unsigned long flags; | ||
688 | char buf[4] = "0"; | 689 | char buf[4] = "0"; |
689 | 690 | ||
690 | if (file->flags & FTRACE_EVENT_FL_ENABLED && | 691 | mutex_lock(&event_mutex); |
691 | !(file->flags & FTRACE_EVENT_FL_SOFT_DISABLED)) | 692 | file = event_file_data(filp); |
693 | if (likely(file)) | ||
694 | flags = file->flags; | ||
695 | mutex_unlock(&event_mutex); | ||
696 | |||
697 | if (!file) | ||
698 | return -ENODEV; | ||
699 | |||
700 | if (flags & FTRACE_EVENT_FL_ENABLED && | ||
701 | !(flags & FTRACE_EVENT_FL_SOFT_DISABLED)) | ||
692 | strcpy(buf, "1"); | 702 | strcpy(buf, "1"); |
693 | 703 | ||
694 | if (file->flags & FTRACE_EVENT_FL_SOFT_DISABLED || | 704 | if (flags & FTRACE_EVENT_FL_SOFT_DISABLED || |
695 | file->flags & FTRACE_EVENT_FL_SOFT_MODE) | 705 | flags & FTRACE_EVENT_FL_SOFT_MODE) |
696 | strcat(buf, "*"); | 706 | strcat(buf, "*"); |
697 | 707 | ||
698 | strcat(buf, "\n"); | 708 | strcat(buf, "\n"); |
@@ -704,13 +714,10 @@ static ssize_t | |||
704 | event_enable_write(struct file *filp, const char __user *ubuf, size_t cnt, | 714 | event_enable_write(struct file *filp, const char __user *ubuf, size_t cnt, |
705 | loff_t *ppos) | 715 | loff_t *ppos) |
706 | { | 716 | { |
707 | struct ftrace_event_file *file = filp->private_data; | 717 | struct ftrace_event_file *file; |
708 | unsigned long val; | 718 | unsigned long val; |
709 | int ret; | 719 | int ret; |
710 | 720 | ||
711 | if (!file) | ||
712 | return -EINVAL; | ||
713 | |||
714 | ret = kstrtoul_from_user(ubuf, cnt, 10, &val); | 721 | ret = kstrtoul_from_user(ubuf, cnt, 10, &val); |
715 | if (ret) | 722 | if (ret) |
716 | return ret; | 723 | return ret; |
@@ -722,8 +729,11 @@ event_enable_write(struct file *filp, const char __user *ubuf, size_t cnt, | |||
722 | switch (val) { | 729 | switch (val) { |
723 | case 0: | 730 | case 0: |
724 | case 1: | 731 | case 1: |
732 | ret = -ENODEV; | ||
725 | mutex_lock(&event_mutex); | 733 | mutex_lock(&event_mutex); |
726 | ret = ftrace_event_enable_disable(file, val); | 734 | file = event_file_data(filp); |
735 | if (likely(file)) | ||
736 | ret = ftrace_event_enable_disable(file, val); | ||
727 | mutex_unlock(&event_mutex); | 737 | mutex_unlock(&event_mutex); |
728 | break; | 738 | break; |
729 | 739 | ||