From patchwork Sat Sep 9 03:16:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steven Rostedt X-Patchwork-Id: 137839 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ab0a:0:b0:3f2:4152:657d with SMTP id m10csp1257838vqo; Sat, 9 Sep 2023 11:21:15 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFN3nbY2dTykE23J8xKS0TpPjD2mp13OHn+Qhp0eL/F8NHxQGnDHxw/jKNPUMgbrnk8ZyOf X-Received: by 2002:a05:6830:1607:b0:6bc:b8d9:476e with SMTP id g7-20020a056830160700b006bcb8d9476emr5748493otr.16.1694283675399; Sat, 09 Sep 2023 11:21:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694283675; cv=none; d=google.com; s=arc-20160816; b=aq6mcE5OnFMmm3E/VR7aV3W3yV3/iz0lpoA/TpVoqk0gX0mEzNw5izjxMbn6hdmQJ0 cQB5WGAjNxSbw/J5X8a7X4dQ3BYOa/gdym2LteQNHkXKqXGiPEeQjyt5JgDGDMDXAaoH BlLfA+37dFqFKgklO6d84TH9zCpUBgd8MWuYM8l0p1S5JUXelHr7THwUw7d1wRKZSGsO h9KkaQ9J4fpKh7QnXyprGrVkWkbtYzaKcDecnHmTcUxmr/oYEmZ6BgiBtKaDslIR969N kzAQl+6fUNbkgJtDttqw5nZd2YbPUWZZ4Qe3ZrCJTEDxQjcJtSdbyEDgQ7FQ62OFBc6b 9JBA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:subject:cc:to:from:date :user-agent:message-id; bh=HQdoEf3W4kIBuLnX97SQ2EKKzNgYYhCPUSykScAOZDE=; fh=Flox7kw3EEVQs2h84utvXZ0uTwTh44oufEJTr1Mxlxc=; b=xGDV3w6khx/VmJbkuU4JGwH6p5CK07KxmrNdYv2BUjxtNX+o07sDDprzMbA2++dGQy JdaA3m9k4IbwAnqhm6g5LgtfENhr2P6VnGpDaYK2BtokFYSMr2th49U3DbFTrxHcPVrn NpyDLIlHua/qCMcP5QlsB9YuUGtQ9BsvlJBCq3LlSmkuGEeDEEDLIX7KRFLmo4XcaTcg S3tonTGvB8Ie1LDv5/GP0/xPLuQfBd8VENbYLZahAoacZbO6kcsVx8GRioX8dB8YdmGN RPFy5fj/iRSi4Q3itxXY9Z8sB2BRk8IbPXwymZ78KiPbSPcmQZjEsQR1R0clHVHD12yb 0efQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u13-20020a62d44d000000b0068e42950c86si3411027pfl.44.2023.09.09.11.21.12; Sat, 09 Sep 2023 11:21:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238235AbjIIDXq (ORCPT + 11 others); Fri, 8 Sep 2023 23:23:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59112 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232883AbjIIDXg (ORCPT ); Fri, 8 Sep 2023 23:23:36 -0400 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B24AD1FEF; Fri, 8 Sep 2023 20:23:32 -0700 (PDT) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 95669C433C9; Sat, 9 Sep 2023 03:23:30 +0000 (UTC) Received: from rostedt by gandalf with local (Exim 4.96) (envelope-from ) id 1qeoZZ-000YfT-0f; Fri, 08 Sep 2023 23:23:49 -0400 Message-ID: <20230909032349.020450746@goodmis.org> User-Agent: quilt/0.66 Date: Fri, 08 Sep 2023 23:16:20 -0400 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Masami Hiramatsu , Mark Rutland , Andrew Morton , stable@vger.kernel.org, Zheng Yejian , Linux Kernel Functional Testing , Naresh Kamboju Subject: [for-linus][PATCH 05/15] tracing: Have tracing_max_latency inc the trace array ref count References: <20230909031615.047488015@goodmis.org> MIME-Version: 1.0 X-Spam-Status: No, score=-4.0 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1776585199087099834 X-GMAIL-MSGID: 1776585199087099834 From: "Steven Rostedt (Google)" The tracing_max_latency file points to the trace_array max_latency field. For an instance, if the file is opened and the instance is deleted, reading or writing to the file will cause a use after free. Up the ref count of the trace_array when tracing_max_latency is opened. Link: https://lkml.kernel.org/r/20230907024803.666889383@goodmis.org Link: https://lore.kernel.org/all/1cb3aee2-19af-c472-e265-05176fe9bd84@huawei.com/ Cc: stable@vger.kernel.org Cc: Masami Hiramatsu Cc: Mark Rutland Cc: Andrew Morton Cc: Zheng Yejian Fixes: 8530dec63e7b4 ("tracing: Add tracing_check_open_get_tr()") Tested-by: Linux Kernel Functional Testing Tested-by: Naresh Kamboju Signed-off-by: Steven Rostedt (Google) --- kernel/trace/trace.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index 0827037ee3b8..c8b8b4c6feaf 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -1772,7 +1772,7 @@ static void trace_create_maxlat_file(struct trace_array *tr, init_irq_work(&tr->fsnotify_irqwork, latency_fsnotify_workfn_irq); tr->d_max_latency = trace_create_file("tracing_max_latency", TRACE_MODE_WRITE, - d_tracer, &tr->max_latency, + d_tracer, tr, &tracing_max_lat_fops); } @@ -1805,7 +1805,7 @@ void latency_fsnotify(struct trace_array *tr) #define trace_create_maxlat_file(tr, d_tracer) \ trace_create_file("tracing_max_latency", TRACE_MODE_WRITE, \ - d_tracer, &tr->max_latency, &tracing_max_lat_fops) + d_tracer, tr, &tracing_max_lat_fops) #endif @@ -6717,14 +6717,18 @@ static ssize_t tracing_max_lat_read(struct file *filp, char __user *ubuf, size_t cnt, loff_t *ppos) { - return tracing_nsecs_read(filp->private_data, ubuf, cnt, ppos); + struct trace_array *tr = filp->private_data; + + return tracing_nsecs_read(&tr->max_latency, ubuf, cnt, ppos); } static ssize_t tracing_max_lat_write(struct file *filp, const char __user *ubuf, size_t cnt, loff_t *ppos) { - return tracing_nsecs_write(filp->private_data, ubuf, cnt, ppos); + struct trace_array *tr = filp->private_data; + + return tracing_nsecs_write(&tr->max_latency, ubuf, cnt, ppos); } #endif @@ -7778,10 +7782,11 @@ static const struct file_operations tracing_thresh_fops = { #ifdef CONFIG_TRACER_MAX_TRACE static const struct file_operations tracing_max_lat_fops = { - .open = tracing_open_generic, + .open = tracing_open_generic_tr, .read = tracing_max_lat_read, .write = tracing_max_lat_write, .llseek = generic_file_llseek, + .release = tracing_release_generic_tr, }; #endif