On Thu, Mar 28, 2013 at 12:26:03PM +0800, Lingzhu Xiang wrote:
> commit 69d34da2984c95b33ea21518227e1f9470f11d95 upstream.
>
> Backported for 3.4, 3.0-stable. Moved return to after unlock.
Thanks, I'm queuing this for 3.5 kernels as well.
Cheers,
--
Luis
>
> From: "Steven Rostedt (Red Hat)" <rostedt@xxxxxxxxxxx>
>
> Seems that the tracer flags have never been protected from
> synchronous writes. Luckily, admins don't usually modify the
> tracing flags via two different tasks. But if scripts were to
> be used to modify them, then they could get corrupted.
>
> Move the trace_types_lock that protects against tracers changing
> to also protect the flags being set.
>
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Steven Rostedt <rostedt@xxxxxxxxxxx>
> Signed-off-by: Lingzhu Xiang <lxiang@xxxxxxxxxx>
> Reviewed-by: CAI Qian <caiqian@xxxxxxxxxx>
>
> diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
> index 681a759..a786b6a 100644
> --- a/kernel/trace/trace.c
> +++ b/kernel/trace/trace.c
> @@ -2768,7 +2768,7 @@ tracing_trace_options_write(struct file *filp, const char __user *ubuf,
> char buf[64];
> char *cmp;
> int neg = 0;
> - int ret;
> + int ret = 0;
> int i;
>
> if (cnt >= sizeof(buf))
> @@ -2785,6 +2785,8 @@ tracing_trace_options_write(struct file *filp, const char __user *ubuf,
> cmp += 2;
> }
>
> + mutex_lock(&trace_types_lock);
> +
> for (i = 0; trace_options[i]; i++) {
> if (strcmp(cmp, trace_options[i]) == 0) {
> set_tracer_flags(1 << i, !neg);
> @@ -2793,13 +2795,13 @@ tracing_trace_options_write(struct file *filp, const char __user *ubuf,
> }
>
> /* If no option could be set, test the specific tracer options */
> - if (!trace_options[i]) {
> - mutex_lock(&trace_types_lock);
> + if (!trace_options[i])
> ret = set_tracer_option(current_trace, cmp, neg);
> - mutex_unlock(&trace_types_lock);
> - if (ret)
> - return ret;
> - }
> +
> + mutex_unlock(&trace_types_lock);
> +
> + if (ret)
> + return ret;
>
> *ppos += cnt;
>
> @@ -4486,7 +4488,10 @@ trace_options_core_write(struct file *filp, const char __user *ubuf, size_t cnt,
>
> if (val != 0 && val != 1)
> return -EINVAL;
> +
> + mutex_lock(&trace_types_lock);
> set_tracer_flags(1 << index, val);
> + mutex_unlock(&trace_types_lock);
>
> *ppos += cnt;
>
> --
> 1.7.11.7
>
> --
> To unsubscribe from this list: send the line "unsubscribe stable" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html