trace: Fix race in trace_open and buffer resize call

Below race can come, if trace_open and resize of cpu buffer is running parallely on different cpus CPUX CPUY ring_buffer_resize atomic_read(&buffer->resize_disabled) tracing_open tracing_reset_online_cpus ring_buffer_reset_cpu rb_reset_cpu rb_update_pages remove/insert pages resetting pointer This race can cause data abort or some times infine loop in rb_remove_pages and rb_insert_pages while checking pages for sanity. Take ring buffer lock in rb reset to avoid resetting of cpu buffer. Change-Id: I1d3344cca99e936d4e04a0e430e0ef9a975404c8 Signed-off-by: Gaurav Kohli <gkohli@codeaurora.org>
2020-09-03 13:12:25 +05:30 · 2020-09-03 13:12:25 +05:30 · a3ec7ba0db
commit a3ec7ba0db
parent 585c41639c
1 changed files with 4 additions and 0 deletions
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@ -4359,6 +4359,8 @@ void ring_buffer_reset_cpu(struct ring_buffer *buffer, int cpu)

 	if (!cpumask_test_cpu(cpu, buffer->cpumask))
 		return;
+	/* prevent another thread from changing buffer sizes */
+	mutex_lock(&buffer->mutex);

 	atomic_inc(&buffer->resize_disabled);
 	atomic_inc(&cpu_buffer->record_disabled);
@ -4382,6 +4384,8 @@ void ring_buffer_reset_cpu(struct ring_buffer *buffer, int cpu)

 	atomic_dec(&cpu_buffer->record_disabled);
 	atomic_dec(&buffer->resize_disabled);
+
+	mutex_unlock(&buffer->mutex);
 }
 EXPORT_SYMBOL_GPL(ring_buffer_reset_cpu);