From patchwork Thu Nov 6 12:41:55 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Thompson X-Patchwork-Id: 40278 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-ee0-f70.google.com (mail-ee0-f70.google.com [74.125.83.70]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id E95D820C4E for ; Thu, 6 Nov 2014 12:42:18 +0000 (UTC) Received: by mail-ee0-f70.google.com with SMTP id b57sf2088662eek.5 for ; Thu, 06 Nov 2014 04:42:18 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:delivered-to:from:to:cc:subject :date:message-id:in-reply-to:references:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :list-post:list-help:list-archive:list-unsubscribe; bh=Lt6/r6ojgGHyK0U8Mp5DE2UnoqT8BwaxFqbzjssbFY8=; b=FmOpuu9Q0BH/s1uk1qtI76d6VZT5lVhDk+v1y5h/2gubpWxCanx/1mcaNxJQucDdVd ld4FJ4J7/DFH6XB2aW9aRIzXEbh1sRagJ1taopZzfSC/EAElXAYAGjF/LQY1rrDEbXk3 W7/yMGoQhZ+05PQasx9HM6I4nSj5bO6EThNmnUrXq10XnJGVbgMe8PAKMaUWYHUEEe97 +ZO1SoAktGnvt62ypMpgzd0ZTpxqlEC5BhRpPTmyizeV0khpEOWxgP4CDdvK4MYQoYOs n9Fpg6nRXDfuPFBB2ymiz6cwlMTXh6jjs93X3gNxPtu87BPHNfgJCtwx/AzsIOMwKwbr RHNg== X-Gm-Message-State: ALoCoQkxpIEZCWIIKaxTfRqNzMQlhTLCiC/k1aL/OnRvCN0VHBP+t5oE/b8q7Z75pgwpgYqccgGV X-Received: by 10.180.221.7 with SMTP id qa7mr1383481wic.6.1415277738223; Thu, 06 Nov 2014 04:42:18 -0800 (PST) MIME-Version: 1.0 X-BeenThere: patchwork-forward@linaro.org Received: by 10.152.36.100 with SMTP id p4ls74711laj.46.gmail; Thu, 06 Nov 2014 04:42:17 -0800 (PST) X-Received: by 10.112.54.162 with SMTP id k2mr4741305lbp.63.1415277737497; Thu, 06 Nov 2014 04:42:17 -0800 (PST) Received: from mail-la0-f54.google.com (mail-la0-f54.google.com. [209.85.215.54]) by mx.google.com with ESMTPS id ro8si11319810lbb.75.2014.11.06.04.42.17 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 06 Nov 2014 04:42:17 -0800 (PST) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.54 as permitted sender) client-ip=209.85.215.54; Received: by mail-la0-f54.google.com with SMTP id s18so2470321lam.41 for ; Thu, 06 Nov 2014 04:42:17 -0800 (PST) X-Received: by 10.112.189.10 with SMTP id ge10mr4766594lbc.23.1415277737159; Thu, 06 Nov 2014 04:42:17 -0800 (PST) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patches@linaro.org Received: by 10.112.184.201 with SMTP id ew9csp37325lbc; Thu, 6 Nov 2014 04:42:16 -0800 (PST) X-Received: by 10.180.76.199 with SMTP id m7mr39605161wiw.62.1415277736522; Thu, 06 Nov 2014 04:42:16 -0800 (PST) Received: from mail-wg0-f54.google.com (mail-wg0-f54.google.com. [74.125.82.54]) by mx.google.com with ESMTPS id lx7si9156803wjb.88.2014.11.06.04.42.16 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 06 Nov 2014 04:42:16 -0800 (PST) Received-SPF: pass (google.com: domain of daniel.thompson@linaro.org designates 74.125.82.54 as permitted sender) client-ip=74.125.82.54; Received: by mail-wg0-f54.google.com with SMTP id n12so1070849wgh.41 for ; Thu, 06 Nov 2014 04:42:16 -0800 (PST) X-Received: by 10.180.84.198 with SMTP id b6mr40978334wiz.41.1415277735971; Thu, 06 Nov 2014 04:42:15 -0800 (PST) Received: from sundance.lan (cpc4-aztw19-0-0-cust157.18-1.cable.virginm.net. [82.33.25.158]) by mx.google.com with ESMTPSA id kn5sm132907wjb.48.2014.11.06.04.42.14 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 06 Nov 2014 04:42:15 -0800 (PST) From: Daniel Thompson To: Steven Rostedt , Ingo Molnar Cc: Daniel Thompson , kgdb-bugreport@lists.sourceforge.net, linux-kernel@vger.kernel.org, Andrew Morton , patches@linaro.org, linaro-kernel@lists.linaro.org, John Stultz , Sumit Semwal , Jason Wessel Subject: [PATCH RESEND 3.18-rc3 v2 1/2] trace: kdb: Fix kernel panic during ftdump Date: Thu, 6 Nov 2014 12:41:55 +0000 Message-Id: <1415277716-19419-2-git-send-email-daniel.thompson@linaro.org> X-Mailer: git-send-email 1.9.3 In-Reply-To: <1415277716-19419-1-git-send-email-daniel.thompson@linaro.org> References: <1411554781-16751-1-git-send-email-daniel.thompson@linaro.org> <1415277716-19419-1-git-send-email-daniel.thompson@linaro.org> X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: daniel.thompson@linaro.org X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.54 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Precedence: list Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org List-ID: X-Google-Group-Id: 836684582541 List-Post: , List-Help: , List-Archive: List-Unsubscribe: , Currently kdb's ftdump command unconditionally crashes due to a null pointer de-reference whenever the command is run. This in turn causes the kernel to panic. The abridged stacktrace (gathered with ARCH=arm) is: --- cut here --- [] (panic) from [] (die+0x264/0x440) [] (die) from [] (__do_kernel_fault.part.11+0x74/0x84) [] (__do_kernel_fault.part.11) from [] (do_page_fault+0x1d0/0x3c4) [] (do_page_fault) from [] (do_DataAbort+0x48/0xac) [] (do_DataAbort) from [] (__dabt_svc+0x38/0x60) Exception stack(0xc0deba88 to 0xc0debad0) ba80: e8c29180 00000001 e9854304 e9854300 c0f567d8 c0df2580 baa0: 00000000 00000000 00000000 c0f117b8 c0e3a3c0 c0debb0c 00000000 c0debad0 bac0: 0000672e c02f4d60 60000193 ffffffff [] (__dabt_svc) from [] (kdb_ftdump+0x1e4/0x3d8) [] (kdb_ftdump) from [] (kdb_parse+0x2b8/0x698) [] (kdb_parse) from [] (kdb_main_loop+0x52c/0x784) [] (kdb_main_loop) from [] (kdb_stub+0x238/0x490) --- cut here --- The NULL deref occurs due to the initialized use of struct trace_iter's buffer_iter member. This is a regression, albeit a fairly elderly one. It was introduced by commit 6d158a813efc ("tracing: Remove NR_CPUS array from trace_iterator"). This patch solves this by providing a collection of ring_buffer_iter(s) and using this to initialize buffer_iter. Note that static allocation is used solely because the trace_iter itself is also static allocated. Static allocation also means that we have to NULL-ify the pointer during cleanup to avoid use-after-free problems. Signed-off-by: Daniel Thompson Cc: Jason Wessel Cc: Steven Rostedt Cc: Ingo Molnar --- kernel/trace/trace_kdb.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/kernel/trace/trace_kdb.c b/kernel/trace/trace_kdb.c index bd90e1b..8faa7ce 100644 --- a/kernel/trace/trace_kdb.c +++ b/kernel/trace/trace_kdb.c @@ -20,10 +20,12 @@ static void ftrace_dump_buf(int skip_lines, long cpu_file) { /* use static because iter can be a bit big for the stack */ static struct trace_iterator iter; + static struct ring_buffer_iter *buffer_iter[CONFIG_NR_CPUS]; unsigned int old_userobj; int cnt = 0, cpu; trace_init_global_iter(&iter); + iter.buffer_iter = buffer_iter; for_each_tracing_cpu(cpu) { atomic_inc(&per_cpu_ptr(iter.trace_buffer->data, cpu)->disabled); @@ -86,9 +88,12 @@ out: atomic_dec(&per_cpu_ptr(iter.trace_buffer->data, cpu)->disabled); } - for_each_tracing_cpu(cpu) - if (iter.buffer_iter[cpu]) + for_each_tracing_cpu(cpu) { + if (iter.buffer_iter[cpu]) { ring_buffer_read_finish(iter.buffer_iter[cpu]); + iter.buffer_iter[cpu] = NULL; + } + } } /*