This is a note to let you know that I've just added the patch titled
tracing: Have option files inc the trace array ref count
to the 6.1-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
tracing-have-option-files-inc-the-trace-array-ref-count.patch
and it can be found in the queue-6.1 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 7e2cfbd2d3c86afcd5c26b5c4b1dd251f63c5838 Mon Sep 17 00:00:00 2001
From: "Steven Rostedt (Google)" <rostedt@xxxxxxxxxxx>
Date: Wed, 6 Sep 2023 22:47:15 -0400
Subject: tracing: Have option files inc the trace array ref count
From: Steven Rostedt (Google) <rostedt@xxxxxxxxxxx>
commit 7e2cfbd2d3c86afcd5c26b5c4b1dd251f63c5838 upstream.
The option files update the options for a given trace array. For an
instance, if the file is opened and the instance is deleted, reading or
writing to the file will cause a use after free.
Up the ref count of the trace_array when an option file is opened.
Link: https://lkml.kernel.org/r/20230907024804.086679464@xxxxxxxxxxx
Link: https://lore.kernel.org/all/1cb3aee2-19af-c472-e265-05176fe9bd84@xxxxxxxxxx/
Cc: stable@xxxxxxxxxxxxxxx
Cc: Masami Hiramatsu <mhiramat@xxxxxxxxxx>
Cc: Mark Rutland <mark.rutland@xxxxxxx>
Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Cc: Zheng Yejian <zhengyejian1@xxxxxxxxxx>
Fixes: 8530dec63e7b4 ("tracing: Add tracing_check_open_get_tr()")
Tested-by: Linux Kernel Functional Testing <lkft@xxxxxxxxxx>
Tested-by: Naresh Kamboju <naresh.kamboju@xxxxxxxxxx>
Signed-off-by: Steven Rostedt (Google) <rostedt@xxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
kernel/trace/trace.c | 23 ++++++++++++++++++++++-
1 file changed, 22 insertions(+), 1 deletion(-)
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -8905,12 +8905,33 @@ trace_options_write(struct file *filp, c
return cnt;
}
+static int tracing_open_options(struct inode *inode, struct file *filp)
+{
+ struct trace_option_dentry *topt = inode->i_private;
+ int ret;
+
+ ret = tracing_check_open_get_tr(topt->tr);
+ if (ret)
+ return ret;
+
+ filp->private_data = inode->i_private;
+ return 0;
+}
+
+static int tracing_release_options(struct inode *inode, struct file *file)
+{
+ struct trace_option_dentry *topt = file->private_data;
+
+ trace_array_put(topt->tr);
+ return 0;
+}
static const struct file_operations trace_options_fops = {
- .open = tracing_open_generic,
+ .open = tracing_open_options,
.read = trace_options_read,
.write = trace_options_write,
.llseek = generic_file_llseek,
+ .release = tracing_release_options,
};
/*
Patches currently in stable-queue which might be from rostedt@xxxxxxxxxxx are
queue-6.1/tracing-increase-trace-array-ref-count-on-enable-and-filter-files.patch
queue-6.1/tracefs-add-missing-lockdown-check-to-tracefs_create_dir.patch
queue-6.1/selftests-tracing-fix-to-unmount-tracefs-for-recover.patch
queue-6.1/tracing-have-event-inject-files-inc-the-trace-array-ref-count.patch
queue-6.1/tracing-have-current_trace-inc-the-trace-array-ref-count.patch
queue-6.1/tracing-have-option-files-inc-the-trace-array-ref-count.patch
queue-6.1/tracing-have-tracing_max_latency-inc-the-trace-array-ref-count.patch
