From: Greg Kroah-Hartman Date: Fri, 29 Jan 2021 10:14:46 +0000 (+0100) Subject: 4.19-stable patches X-Git-Tag: v4.4.254~9 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4bf6b66c75a0beceb6c5f685285c925201ef9563;p=thirdparty%2Fkernel%2Fstable-queue.git 4.19-stable patches added patches: tracing-fix-race-in-trace_open-and-buffer-resize-call.patch --- diff --git a/queue-4.19/series b/queue-4.19/series index c99c08a4d66..a4218617fc0 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -19,3 +19,4 @@ futex_Use_pi_state_update_owner__in_put_pi_state_.patch futex_Simplify_fixup_pi_state_owner_.patch futex_Handle_faults_correctly_for_PI_futexes.patch hid-wacom-correct-null-dereference-on-aes-pen-proximity.patch +tracing-fix-race-in-trace_open-and-buffer-resize-call.patch diff --git a/queue-4.19/tracing-fix-race-in-trace_open-and-buffer-resize-call.patch b/queue-4.19/tracing-fix-race-in-trace_open-and-buffer-resize-call.patch new file mode 100644 index 00000000000..8e032c6e91f --- /dev/null +++ b/queue-4.19/tracing-fix-race-in-trace_open-and-buffer-resize-call.patch @@ -0,0 +1,61 @@ +From bbeb97464eefc65f506084fd9f18f21653e01137 Mon Sep 17 00:00:00 2001 +From: Gaurav Kohli +Date: Tue, 6 Oct 2020 15:03:53 +0530 +Subject: tracing: Fix race in trace_open and buffer resize call + +From: Gaurav Kohli + +commit bbeb97464eefc65f506084fd9f18f21653e01137 upstream. + +Below race can come, if trace_open and resize of +cpu buffer is running parallely on different cpus +CPUX CPUY + ring_buffer_resize + atomic_read(&buffer->resize_disabled) +tracing_open +tracing_reset_online_cpus +ring_buffer_reset_cpu +rb_reset_cpu + rb_update_pages + remove/insert pages +resetting pointer + +This race can cause data abort or some times infinte loop in +rb_remove_pages and rb_insert_pages while checking pages +for sanity. + +Take buffer lock to fix this. + +Link: https://lkml.kernel.org/r/1601976833-24377-1-git-send-email-gkohli@codeaurora.org + +Cc: stable@vger.kernel.org +Fixes: 83f40318dab00 ("ring-buffer: Make removal of ring buffer pages atomic") +Reported-by: Denis Efremov +Signed-off-by: Gaurav Kohli +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/trace/ring_buffer.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/kernel/trace/ring_buffer.c ++++ b/kernel/trace/ring_buffer.c +@@ -4393,6 +4393,8 @@ void ring_buffer_reset_cpu(struct ring_b + + if (!cpumask_test_cpu(cpu, buffer->cpumask)) + return; ++ /* prevent another thread from changing buffer sizes */ ++ mutex_lock(&buffer->mutex); + + atomic_inc(&buffer->resize_disabled); + atomic_inc(&cpu_buffer->record_disabled); +@@ -4416,6 +4418,8 @@ void ring_buffer_reset_cpu(struct ring_b + + atomic_dec(&cpu_buffer->record_disabled); + atomic_dec(&buffer->resize_disabled); ++ ++ mutex_unlock(&buffer->mutex); + } + EXPORT_SYMBOL_GPL(ring_buffer_reset_cpu); +