4.19-stable patches

added patches:
	tracing-fix-race-in-trace_open-and-buffer-resize-call.patch

diff --git a/queue-4.19/series b/queue-4.19/series
index c99c08a4d66c935c2c2f77b8ec2cf6bd487daece..a4218617fc0eeb516a50d465f5ab1a19ea49d446 100644 (file)
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -19,3 +19,4 @@ futex_Use_pi_state_update_owner__in_put_pi_state_.patch
 futex_Simplify_fixup_pi_state_owner_.patch
 futex_Handle_faults_correctly_for_PI_futexes.patch
 hid-wacom-correct-null-dereference-on-aes-pen-proximity.patch
+tracing-fix-race-in-trace_open-and-buffer-resize-call.patch

diff --git a/queue-4.19/tracing-fix-race-in-trace_open-and-buffer-resize-call.patch b/queue-4.19/tracing-fix-race-in-trace_open-and-buffer-resize-call.patch
new file mode 100644 (file)
index 0000000..8e032c6
--- /dev/null
+++ b/queue-4.19/tracing-fix-race-in-trace_open-and-buffer-resize-call.patch
@@ -0,0 +1,61 @@
+From bbeb97464eefc65f506084fd9f18f21653e01137 Mon Sep 17 00:00:00 2001
+From: Gaurav Kohli <gkohli@codeaurora.org>
+Date: Tue, 6 Oct 2020 15:03:53 +0530
+Subject: tracing: Fix race in trace_open and buffer resize call
+
+From: Gaurav Kohli <gkohli@codeaurora.org>
+
+commit bbeb97464eefc65f506084fd9f18f21653e01137 upstream.
+
+Below race can come, if trace_open and resize of
+cpu buffer is running parallely on different cpus
+CPUX                                CPUY
+                                   ring_buffer_resize
+                                   atomic_read(&buffer->resize_disabled)
+tracing_open
+tracing_reset_online_cpus
+ring_buffer_reset_cpu
+rb_reset_cpu
+                                   rb_update_pages
+                                   remove/insert pages
+resetting pointer
+
+This race can cause data abort or some times infinte loop in
+rb_remove_pages and rb_insert_pages while checking pages
+for sanity.
+
+Take buffer lock to fix this.
+
+Link: https://lkml.kernel.org/r/1601976833-24377-1-git-send-email-gkohli@codeaurora.org
+
+Cc: stable@vger.kernel.org
+Fixes: 83f40318dab00 ("ring-buffer: Make removal of ring buffer pages atomic")
+Reported-by: Denis Efremov <efremov@linux.com>
+Signed-off-by: Gaurav Kohli <gkohli@codeaurora.org>
+Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/trace/ring_buffer.c |    4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/kernel/trace/ring_buffer.c
++++ b/kernel/trace/ring_buffer.c
+@@ -4393,6 +4393,8 @@ void ring_buffer_reset_cpu(struct ring_b
+ 
+       if (!cpumask_test_cpu(cpu, buffer->cpumask))
+               return;
++      /* prevent another thread from changing buffer sizes */
++      mutex_lock(&buffer->mutex);
+ 
+       atomic_inc(&buffer->resize_disabled);
+       atomic_inc(&cpu_buffer->record_disabled);
+@@ -4416,6 +4418,8 @@ void ring_buffer_reset_cpu(struct ring_b
+ 
+       atomic_dec(&cpu_buffer->record_disabled);
+       atomic_dec(&buffer->resize_disabled);
++
++      mutex_unlock(&buffer->mutex);
+ }
+ EXPORT_SYMBOL_GPL(ring_buffer_reset_cpu);
+