Hi Greg, The attached patch can be applied to 3.0 and 3.4. Thanks, Andrey 2013/8/12 <gregkh@xxxxxxxxxxxxxxxxxxx>: > > The patch below does not apply to the 3.0-stable tree. > If someone wants it applied there, or to any other stable or longterm > tree, then please email the backport, including the original git commit > id to <stable@xxxxxxxxxxxxxxx>. > > thanks, > > greg k-h > > ------------------ original commit in Linus's tree ------------------ > > From ed5467da0e369e65b247b99eb6403cb79172bcda Mon Sep 17 00:00:00 2001 > From: Andrew Vagin <avagin@xxxxxxxxxx> > Date: Fri, 2 Aug 2013 21:16:43 +0400 > Subject: [PATCH] tracing: Fix fields of struct trace_iterator that are zeroed > by mistake > > tracing_read_pipe zeros all fields bellow "seq". The declaration contains > a comment about that, but it doesn't help. > > The first field is "snapshot", it's true when current open file is > snapshot. Looks obvious, that it should not be zeroed. > > The second field is "started". It was converted from cpumask_t to > cpumask_var_t (v2.6.28-4983-g4462344), in other words it was > converted from cpumask to pointer on cpumask. > > Currently the reference on "started" memory is lost after the first read > from tracing_read_pipe and a proper object will never be freed. > > The "started" is never dereferenced for trace_pipe, because trace_pipe > can't have the TRACE_FILE_ANNOTATE options. > > Link: http://lkml.kernel.org/r/1375463803-3085183-1-git-send-email-avagin@xxxxxxxxxx > > Cc: stable@xxxxxxxxxxxxxxx # 2.6.30 > Signed-off-by: Andrew Vagin <avagin@xxxxxxxxxx> > Signed-off-by: Steven Rostedt <rostedt@xxxxxxxxxxx> > > diff --git a/include/linux/ftrace_event.h b/include/linux/ftrace_event.h > index f98ab06..120d57a 100644 > --- a/include/linux/ftrace_event.h > +++ b/include/linux/ftrace_event.h > @@ -78,6 +78,11 @@ struct trace_iterator { > /* trace_seq for __print_flags() and __print_symbolic() etc. */ > struct trace_seq tmp_seq; > > + cpumask_var_t started; > + > + /* it's true when current open file is snapshot */ > + bool snapshot; > + > /* The below is zeroed out in pipe_read */ > struct trace_seq seq; > struct trace_entry *ent; > @@ -90,10 +95,7 @@ struct trace_iterator { > loff_t pos; > long idx; > > - cpumask_var_t started; > - > - /* it's true when current open file is snapshot */ > - bool snapshot; > + /* All new field here will be zeroed out in pipe_read */ > }; > > enum trace_iter_flags { > diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c > index 882ec1d..f5b35a5 100644 > --- a/kernel/trace/trace.c > +++ b/kernel/trace/trace.c > @@ -4151,6 +4151,7 @@ waitagain: > memset(&iter->seq, 0, > sizeof(struct trace_iterator) - > offsetof(struct trace_iterator, seq)); > + cpumask_clear(iter->started); > iter->pos = -1; > > trace_event_read_lock(); >
Attachment:
0001-tracing-Fix-fields-of-struct-trace_iterator-that-are.patch
Description: Binary data