From patchwork Fri Nov 14 23:24:04 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steven Rostedt X-Patchwork-Id: 40869 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-wi0-f198.google.com (mail-wi0-f198.google.com [209.85.212.198]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 9BF8A244FC for ; Fri, 14 Nov 2014 23:25:03 +0000 (UTC) Received: by mail-wi0-f198.google.com with SMTP id n3sf1572585wiv.5 for ; Fri, 14 Nov 2014 15:25:02 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:delivered-to:message-id:user-agent:date:from:to :cc:subject:references:mime-version:sender:precedence:list-id :x-original-sender:x-original-authentication-results:mailing-list :list-post:list-help:list-archive:list-unsubscribe:content-type :content-disposition; bh=od7tCqNKXKaIWfy3ZSiy3gNz1nDgx9UOy4hx1oO7Wsk=; b=bLsUYxGyvJLSvt8lJ+L/OF1wBcWNH5n8ctmFBQTww1E8xGaHoRjzuSXy20YQghQbe3 9JNIKKkFjz0n8lX7zUDfcOBCzSo9eEhm0497PIPwPS/F7n2l/1dkPrlBeNrtifQaGCX1 d7QJtK66WL3316iHXwouj19G53mPINxxLLa9PdLduFzRmCq0BaSX4jWTPN7s9kKMyR2B 6PlKzT2g5AxQM9qea/VdECI0uoCvFRdqmmycHLtjPOmFoFko/5M2/O/nhmU50UGAYWtg 5uuBnBoAorLfcwa6sysKSB1dbhicETmUkLa1x5F601LVXu/dGKqdC4Y+6yBdyE9Pk06A Awfw== X-Gm-Message-State: ALoCoQkvIf1fboYvRRtL4Kvu4h3NxT8fZZ0BCdRvFM76COgkbYJFmPGI7Caz90srbjq5iWWTMxKY X-Received: by 10.112.50.243 with SMTP id f19mr62737lbo.1.1416007502850; Fri, 14 Nov 2014 15:25:02 -0800 (PST) X-BeenThere: patchwork-forward@linaro.org Received: by 10.152.115.135 with SMTP id jo7ls1015950lab.108.gmail; Fri, 14 Nov 2014 15:25:02 -0800 (PST) X-Received: by 10.112.182.1 with SMTP id ea1mr10724367lbc.16.1416007501978; Fri, 14 Nov 2014 15:25:01 -0800 (PST) Received: from mail-lb0-f172.google.com (mail-lb0-f172.google.com. [209.85.217.172]) by mx.google.com with ESMTPS id oz1si37187925lbb.88.2014.11.14.15.25.01 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 14 Nov 2014 15:25:01 -0800 (PST) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.217.172 as permitted sender) client-ip=209.85.217.172; Received: by mail-lb0-f172.google.com with SMTP id u10so6181116lbd.3 for ; Fri, 14 Nov 2014 15:25:01 -0800 (PST) X-Received: by 10.152.10.67 with SMTP id g3mr11010881lab.59.1416007501594; Fri, 14 Nov 2014 15:25:01 -0800 (PST) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.112.184.201 with SMTP id ew9csp859460lbc; Fri, 14 Nov 2014 15:24:59 -0800 (PST) X-Received: by 10.68.227.104 with SMTP id rz8mr13545024pbc.4.1416007498591; Fri, 14 Nov 2014 15:24:58 -0800 (PST) Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id we5si29536985pac.174.2014.11.14.15.24.57 for ; Fri, 14 Nov 2014 15:24:58 -0800 (PST) Received-SPF: none (google.com: linux-kernel-owner@vger.kernel.org does not designate permitted sender hosts) client-ip=209.132.180.67; Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S935430AbaKNXY4 (ORCPT + 26 others); Fri, 14 Nov 2014 18:24:56 -0500 Received: from cdptpa-outbound-snat.email.rr.com ([107.14.166.232]:18275 "EHLO cdptpa-oedge-vip.email.rr.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S935395AbaKNXYx (ORCPT ); Fri, 14 Nov 2014 18:24:53 -0500 Received: from [67.246.153.56] ([67.246.153.56:53820] helo=gandalf.local.home) by cdptpa-oedge03 (envelope-from ) (ecelerity 3.5.0.35861 r(Momo-dev:tip)) with ESMTP id 00/CB-08967-44F86645; Fri, 14 Nov 2014 23:24:53 +0000 Received: from rostedt by gandalf.local.home with local (Exim 4.84) (envelope-from ) id 1XpQEW-0003Uy-El; Fri, 14 Nov 2014 18:24:52 -0500 Message-Id: <20141114232452.385669375@goodmis.org> User-Agent: quilt/0.61-1 Date: Fri, 14 Nov 2014 18:24:04 -0500 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Ingo Molnar , Andrew Morton Subject: [for-next][PATCH 3/9] tracing: kdb: Fix kernel panic during ftdump References: <20141114232401.493543108@goodmis.org> MIME-Version: 1.0 X-RR-Connecting-IP: 107.14.168.142:25 X-Cloudmark-Score: 0 Sender: linux-kernel-owner@vger.kernel.org Precedence: list List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: rostedt@goodmis.org X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.217.172 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 List-Post: , List-Help: , List-Archive: List-Unsubscribe: , Content-Disposition: inline; filename=0003-tracing-kdb-Fix-kernel-panic-during-ftdump.patch From: Daniel Thompson Currently kdb's ftdump command unconditionally crashes due to a null pointer de-reference whenever the command is run. This in turn causes the kernel to panic. The abridged stacktrace (gathered with ARCH=arm) is: --- cut here --- [] (panic) from [] (die+0x264/0x440) [] (die) from [] (__do_kernel_fault.part.11+0x74/0x84) [] (__do_kernel_fault.part.11) from [] (do_page_fault+0x1d0/0x3c4) [] (do_page_fault) from [] (do_DataAbort+0x48/0xac) [] (do_DataAbort) from [] (__dabt_svc+0x38/0x60) Exception stack(0xc0deba88 to 0xc0debad0) ba80: e8c29180 00000001 e9854304 e9854300 c0f567d8 c0df2580 baa0: 00000000 00000000 00000000 c0f117b8 c0e3a3c0 c0debb0c 00000000 c0debad0 bac0: 0000672e c02f4d60 60000193 ffffffff [] (__dabt_svc) from [] (kdb_ftdump+0x1e4/0x3d8) [] (kdb_ftdump) from [] (kdb_parse+0x2b8/0x698) [] (kdb_parse) from [] (kdb_main_loop+0x52c/0x784) [] (kdb_main_loop) from [] (kdb_stub+0x238/0x490) --- cut here --- The NULL deref occurs due to the initialized use of struct trace_iter's buffer_iter member. This is a regression, albeit a fairly elderly one. It was introduced by commit 6d158a813efc ("tracing: Remove NR_CPUS array from trace_iterator"). This patch solves this by providing a collection of ring_buffer_iter(s) and using this to initialize buffer_iter. Note that static allocation is used solely because the trace_iter itself is also static allocated. Static allocation also means that we have to NULL-ify the pointer during cleanup to avoid use-after-free problems. Link: http://lkml.kernel.org/r/1415277716-19419-2-git-send-email-daniel.thompson@linaro.org Cc: Jason Wessel Signed-off-by: Daniel Thompson Signed-off-by: Steven Rostedt --- kernel/trace/trace_kdb.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/kernel/trace/trace_kdb.c b/kernel/trace/trace_kdb.c index bd90e1b06088..8faa7ce58814 100644 --- a/kernel/trace/trace_kdb.c +++ b/kernel/trace/trace_kdb.c @@ -20,10 +20,12 @@ static void ftrace_dump_buf(int skip_lines, long cpu_file) { /* use static because iter can be a bit big for the stack */ static struct trace_iterator iter; + static struct ring_buffer_iter *buffer_iter[CONFIG_NR_CPUS]; unsigned int old_userobj; int cnt = 0, cpu; trace_init_global_iter(&iter); + iter.buffer_iter = buffer_iter; for_each_tracing_cpu(cpu) { atomic_inc(&per_cpu_ptr(iter.trace_buffer->data, cpu)->disabled); @@ -86,9 +88,12 @@ out: atomic_dec(&per_cpu_ptr(iter.trace_buffer->data, cpu)->disabled); } - for_each_tracing_cpu(cpu) - if (iter.buffer_iter[cpu]) + for_each_tracing_cpu(cpu) { + if (iter.buffer_iter[cpu]) { ring_buffer_read_finish(iter.buffer_iter[cpu]); + iter.buffer_iter[cpu] = NULL; + } + } } /*