[PATCH][GIT PULL][3.9] tracing: Fix free of probe entry by calling call_rcu_sched()

Steven Rostedt <rostedt@xxxxxxxxxxx> · Wed, 13 Mar 2013 19:53:31 -0400

Ingo,

While testing my new code I stumbled upon this bug. This is a real
bug and has been in the kernel forever. Luckily, it's in a feature
that is seldom used. But it can cause a crash if the race is hit.

I based this off of my last pull request of tip/perf/urgent.

Thanks,

-- Steve


Please pull the latest tip/perf/urgent-2 tree, which can be found at:

  git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace.git
tip/perf/urgent-2

Head SHA1: 740466bc89ad8bd5afcc8de220f715f62b21e365


Steven Rostedt (Red Hat) (1):
      tracing: Fix free of probe entry by calling call_rcu_sched()

----
 kernel/trace/ftrace.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
---------------------------
commit 740466bc89ad8bd5afcc8de220f715f62b21e365
Author: Steven Rostedt (Red Hat) <rostedt@xxxxxxxxxxx>
Date:   Wed Mar 13 11:15:19 2013 -0400

    tracing: Fix free of probe entry by calling call_rcu_sched()
    
    Because function tracing is very invasive, and can even trace
    calls to rcu_read_lock(), RCU access in function tracing is done
    with preempt_disable_notrace(). This requires a synchronize_sched()
    for updates and not a synchronize_rcu().
    
    Function probes (traceon, traceoff, etc) must be freed after
    a synchronize_sched() after its entry has been removed from the
    hash. But call_rcu() is used. Fix this by using call_rcu_sched().
    
    Also fix the usage to use hlist_del_rcu() instead of hlist_del().
    
    Cc: stable@xxxxxxxxxxxxxxx
    Cc: Paul McKenney <paulmck@xxxxxxxxxxxxxxxxxx>
    Signed-off-by: Steven Rostedt <rostedt@xxxxxxxxxxx>

diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
index 98ca94a..e6effd0 100644
--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
@@ -3108,8 +3108,8 @@ __unregister_ftrace_function_probe(char *glob, struct ftrace_probe_ops *ops,
 					continue;
 			}
 
-			hlist_del(&entry->node);
-			call_rcu(&entry->rcu, ftrace_free_entry_rcu);
+			hlist_del_rcu(&entry->node);
+			call_rcu_sched(&entry->rcu, ftrace_free_entry_rcu);
 		}
 	}
 	__disable_ftrace_function_probe();


--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html





