From nobody Thu Feb 12 06:12:19 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9996FC7EE20 for ; Wed, 26 Apr 2023 17:17:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234813AbjDZRR5 (ORCPT ); Wed, 26 Apr 2023 13:17:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40612 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232184AbjDZRRw (ORCPT ); Wed, 26 Apr 2023 13:17:52 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 73486525D for ; Wed, 26 Apr 2023 10:17:51 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 08D1963049 for ; Wed, 26 Apr 2023 17:17:51 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 623EBC433D2; Wed, 26 Apr 2023 17:17:50 +0000 (UTC) Received: from rostedt by gandalf with local (Exim 4.96) (envelope-from ) id 1prim5-005KXf-1H; Wed, 26 Apr 2023 13:17:49 -0400 Message-ID: <20230426171749.213807197@goodmis.org> User-Agent: quilt/0.66 Date: Wed, 26 Apr 2023 13:17:04 -0400 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Masami Hiramatsu , Mark Rutland , Andrew Morton , Zheng Yejian Subject: [for-next][PATCH 01/11] ring-buffer: Clearly check null ptr returned by rb_set_head_page() References: <20230426171703.202523909@goodmis.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Zheng Yejian In error case, 'buffer_page' returned by rb_set_head_page() is NULL, currently check '&buffer_page->list' is equivalent to check 'buffer_page' due to 'list' is the first member of 'buffer_page', but suppose it is not some time, 'head_page' would be wild memory while check would be bypassed. Link: https://lore.kernel.org/linux-trace-kernel/20230414071729.57312-1-zhe= ngyejian1@huawei.com Cc: Signed-off-by: Zheng Yejian Signed-off-by: Steven Rostedt (Google) --- kernel/trace/ring_buffer.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index 2d5c3caff32d..58be5b409f72 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -2054,10 +2054,11 @@ rb_insert_pages(struct ring_buffer_per_cpu *cpu_buf= fer) struct list_head *head_page, *prev_page, *r; struct list_head *last_page, *first_page; struct list_head *head_page_with_bit; + struct buffer_page *hpage =3D rb_set_head_page(cpu_buffer); =20 - head_page =3D &rb_set_head_page(cpu_buffer)->list; - if (!head_page) + if (!hpage) break; + head_page =3D &hpage->list; prev_page =3D head_page->prev; =20 first_page =3D pages->next; --=20 2.39.2 From nobody Thu Feb 12 06:12:19 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4B7F5C7618E for ; Wed, 26 Apr 2023 17:18:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231528AbjDZRR7 (ORCPT ); Wed, 26 Apr 2023 13:17:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40588 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233187AbjDZRRw (ORCPT ); Wed, 26 Apr 2023 13:17:52 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9A8D955B1 for ; Wed, 26 Apr 2023 10:17:51 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 395F863153 for ; Wed, 26 Apr 2023 17:17:51 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 97BECC4339C; Wed, 26 Apr 2023 17:17:50 +0000 (UTC) Received: from rostedt by gandalf with local (Exim 4.96) (envelope-from ) id 1prim5-005KYD-1v; Wed, 26 Apr 2023 13:17:49 -0400 Message-ID: <20230426171749.416626191@goodmis.org> User-Agent: quilt/0.66 Date: Wed, 26 Apr 2023 13:17:05 -0400 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Masami Hiramatsu , Mark Rutland , Andrew Morton , Beau Belgrave Subject: [for-next][PATCH 02/11] tracing/user_events: Set event filter_type from type References: <20230426171703.202523909@goodmis.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Beau Belgrave Users expect that events can be filtered by the kernel. User events currently sets all event fields as FILTER_OTHER which limits to binary filters only. When strings are being used, functionality is reduced. Use filter_assign_type() to find the most appropriate filter type for each field in user events to ensure full kernel capabilities. Link: https://lkml.kernel.org/r/20230419214140.4158-2-beaub@linux.microsoft= .com Signed-off-by: Beau Belgrave Signed-off-by: Steven Rostedt (Google) --- kernel/trace/trace_events_user.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_u= ser.c index cc8c6d8b69b5..eadb58a3efba 100644 --- a/kernel/trace/trace_events_user.c +++ b/kernel/trace/trace_events_user.c @@ -918,6 +918,9 @@ static int user_event_add_field(struct user_event *user= , const char *type, field->is_signed =3D is_signed; field->filter_type =3D filter_type; =20 + if (filter_type =3D=3D FILTER_OTHER) + field->filter_type =3D filter_assign_type(type); + list_add(&field->link, &user->fields); =20 /* --=20 2.39.2 From nobody Thu Feb 12 06:12:19 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 51520C77B78 for ; Wed, 26 Apr 2023 17:18:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234902AbjDZRSF (ORCPT ); Wed, 26 Apr 2023 13:18:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40628 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234698AbjDZRRw (ORCPT ); Wed, 26 Apr 2023 13:17:52 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C07D4659C for ; Wed, 26 Apr 2023 10:17:51 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 561556307A for ; Wed, 26 Apr 2023 17:17:51 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B93DDC433A0; Wed, 26 Apr 2023 17:17:50 +0000 (UTC) Received: from rostedt by gandalf with local (Exim 4.96) (envelope-from ) id 1prim5-005KYl-2a; Wed, 26 Apr 2023 13:17:49 -0400 Message-ID: <20230426171749.616376240@goodmis.org> User-Agent: quilt/0.66 Date: Wed, 26 Apr 2023 13:17:06 -0400 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Masami Hiramatsu , Mark Rutland , Andrew Morton , Doug Cook , Beau Belgrave Subject: [for-next][PATCH 03/11] tracing: Fix print_fields() for __dyn_loc/__rel_loc References: <20230426171703.202523909@goodmis.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Beau Belgrave Both print_fields() and print_array() do not handle if dynamic data ends at the last byte of the payload for both __dyn_loc and __rel_loc field types. For __rel_loc, the offset was off by 4 bytes, leading to incorrect strings and data being printed out. In print_array() the buffer pos was missed from being advanced, which results in the first payload byte being used as the offset base instead of the field offset. Advance __rel_loc offset by 4 to ensure correct offset and advance pos to the field offset to ensure correct data is displayed when printing arrays. Change >=3D to > when checking if data is in-bounds, since it's valid for dynamic data to include the last byte of the payload. Example outputs for event format: field:unsigned short common_type; offset:0; size:2; sig= ned:0; field:unsigned char common_flags; offset:2; size:1; sig= ned:0; field:unsigned char common_preempt_count; offset:3; siz= e:1; signed:0; field:int common_pid; offset:4; size:4; signed:1; field:__rel_loc char text[]; offset:8; size:4; signed:1; Output before: tp_rel_loc: text=3D Output after: tp_rel_loc: text=3DTest Link: https://lkml.kernel.org/r/20230419214140.4158-3-beaub@linux.microsoft= .com Fixes: 80a76994b2d8 ("tracing: Add "fields" option to show raw trace event = fields") Reported-by: Doug Cook Signed-off-by: Beau Belgrave Signed-off-by: Steven Rostedt (Google) --- kernel/trace/trace_output.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/kernel/trace/trace_output.c b/kernel/trace/trace_output.c index 780c6971c944..952cc8aa8e59 100644 --- a/kernel/trace/trace_output.c +++ b/kernel/trace/trace_output.c @@ -819,13 +819,15 @@ static void print_array(struct trace_iterator *iter, = void *pos, len =3D *(int *)pos >> 16; =20 if (field) - offset +=3D field->offset; + offset +=3D field->offset + sizeof(int); =20 - if (offset + len >=3D iter->ent_size) { + if (offset + len > iter->ent_size) { trace_seq_puts(&iter->seq, ""); return; } =20 + pos =3D (void *)iter->ent + offset; + for (i =3D 0; i < len; i++, pos++) { if (i) trace_seq_putc(&iter->seq, ','); @@ -861,9 +863,9 @@ static void print_fields(struct trace_iterator *iter, s= truct trace_event_call *c len =3D *(int *)pos >> 16; =20 if (field->filter_type =3D=3D FILTER_RDYN_STRING) - offset +=3D field->offset; + offset +=3D field->offset + sizeof(int); =20 - if (offset + len >=3D iter->ent_size) { + if (offset + len > iter->ent_size) { trace_seq_puts(&iter->seq, ""); break; } --=20 2.39.2 From nobody Thu Feb 12 06:12:19 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DD598C7618E for ; Wed, 26 Apr 2023 17:18:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234841AbjDZRSD (ORCPT ); Wed, 26 Apr 2023 13:18:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40586 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234139AbjDZRRw (ORCPT ); Wed, 26 Apr 2023 13:17:52 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0C18965B7 for ; Wed, 26 Apr 2023 10:17:52 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 9BB9A636FF for ; Wed, 26 Apr 2023 17:17:51 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0FD34C433EF; Wed, 26 Apr 2023 17:17:51 +0000 (UTC) Received: from rostedt by gandalf with local (Exim 4.96) (envelope-from ) id 1prim6-005KZJ-02; Wed, 26 Apr 2023 13:17:50 -0400 Message-ID: <20230426171749.823208218@goodmis.org> User-Agent: quilt/0.66 Date: Wed, 26 Apr 2023 13:17:07 -0400 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Masami Hiramatsu , Mark Rutland , Andrew Morton , Sergey Senozhatsky , Petr Mladek , Yosry Ahmed Subject: [for-next][PATCH 04/11] seq_buf: Add seq_buf_do_printk() helper References: <20230426171703.202523909@goodmis.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Sergey Senozhatsky Sometimes we use seq_buf to format a string buffer, which we then pass to printk(). However, in certain situations the seq_buf string buffer can get too big, exceeding the PRINTKRB_RECORD_MAX bytes limit, and causing printk() to truncate the string. Add a new seq_buf helper. This helper prints the seq_buf string buffer line by line, using \n as a delimiter, rather than passing the whole string buffer to printk() at once. Link: https://lkml.kernel.org/r/20230415100110.1419872-1-senozhatsky@chromi= um.org Cc: Andrew Morton Signed-off-by: Sergey Senozhatsky Reviewed-by: Petr Mladek Tested-by: Yosry Ahmed Signed-off-by: Steven Rostedt (Google) --- include/linux/seq_buf.h | 2 ++ lib/seq_buf.c | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/include/linux/seq_buf.h b/include/linux/seq_buf.h index 5b31c5147969..515d7fcb9634 100644 --- a/include/linux/seq_buf.h +++ b/include/linux/seq_buf.h @@ -159,4 +159,6 @@ extern int seq_buf_bprintf(struct seq_buf *s, const char *fmt, const u32 *binary); #endif =20 +void seq_buf_do_printk(struct seq_buf *s, const char *lvl); + #endif /* _LINUX_SEQ_BUF_H */ diff --git a/lib/seq_buf.c b/lib/seq_buf.c index 0a68f7aa85d6..45c450f423fa 100644 --- a/lib/seq_buf.c +++ b/lib/seq_buf.c @@ -93,6 +93,38 @@ int seq_buf_printf(struct seq_buf *s, const char *fmt, .= ..) } EXPORT_SYMBOL_GPL(seq_buf_printf); =20 +/** + * seq_buf_do_printk - printk seq_buf line by line + * @s: seq_buf descriptor + * @lvl: printk level + * + * printk()-s a multi-line sequential buffer line by line. The function + * makes sure that the buffer in @s is nul terminated and safe to read + * as a string. + */ +void seq_buf_do_printk(struct seq_buf *s, const char *lvl) +{ + const char *start, *lf; + + if (s->size =3D=3D 0 || s->len =3D=3D 0) + return; + + seq_buf_terminate(s); + + start =3D s->buffer; + while ((lf =3D strchr(start, '\n'))) { + int len =3D lf - start + 1; + + printk("%s%.*s", lvl, len, start); + start =3D ++lf; + } + + /* No trailing LF */ + if (start < s->buffer + s->len) + printk("%s%s\n", lvl, start); +} +EXPORT_SYMBOL_GPL(seq_buf_do_printk); + #ifdef CONFIG_BINARY_PRINTF /** * seq_buf_bprintf - Write the printf string from binary arguments --=20 2.39.2 From nobody Thu Feb 12 06:12:19 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2D955C7618E for ; Wed, 26 Apr 2023 17:18:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233390AbjDZRSP (ORCPT ); Wed, 26 Apr 2023 13:18:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40586 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234727AbjDZRRx (ORCPT ); Wed, 26 Apr 2023 13:17:53 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7034F6A54 for ; Wed, 26 Apr 2023 10:17:52 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id A31286370D for ; Wed, 26 Apr 2023 17:17:51 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 17ED6C433A4; Wed, 26 Apr 2023 17:17:51 +0000 (UTC) Received: from rostedt by gandalf with local (Exim 4.96) (envelope-from ) id 1prim6-005KZr-0g; Wed, 26 Apr 2023 13:17:50 -0400 Message-ID: <20230426171750.028699848@goodmis.org> User-Agent: quilt/0.66 Date: Wed, 26 Apr 2023 13:17:08 -0400 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Masami Hiramatsu , Mark Rutland , Andrew Morton , Doug Cook , Beau Belgrave Subject: [for-next][PATCH 05/11] tracing/user_events: Ensure write index cannot be negative References: <20230426171703.202523909@goodmis.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Beau Belgrave The write index indicates which event the data is for and accesses a per-file array. The index is passed by user processes during write() calls as the first 4 bytes. Ensure that it cannot be negative by returning -EINVAL to prevent out of bounds accesses. Update ftrace self-test to ensure this occurs properly. Link: https://lkml.kernel.org/r/20230425225107.8525-2-beaub@linux.microsoft= .com Fixes: 7f5a08c79df3 ("user_events: Add minimal support for trace_event into= ftrace") Reported-by: Doug Cook Signed-off-by: Beau Belgrave Signed-off-by: Steven Rostedt (Google) --- kernel/trace/trace_events_user.c | 3 +++ tools/testing/selftests/user_events/ftrace_test.c | 5 +++++ 2 files changed, 8 insertions(+) diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_u= ser.c index eadb58a3efba..546d47a57520 100644 --- a/kernel/trace/trace_events_user.c +++ b/kernel/trace/trace_events_user.c @@ -1824,6 +1824,9 @@ static ssize_t user_events_write_core(struct file *fi= le, struct iov_iter *i) if (unlikely(copy_from_iter(&idx, sizeof(idx), i) !=3D sizeof(idx))) return -EFAULT; =20 + if (idx < 0) + return -EINVAL; + rcu_read_lock_sched(); =20 refs =3D rcu_dereference_sched(info->refs); diff --git a/tools/testing/selftests/user_events/ftrace_test.c b/tools/test= ing/selftests/user_events/ftrace_test.c index aceafacfb126..91272f9d6fce 100644 --- a/tools/testing/selftests/user_events/ftrace_test.c +++ b/tools/testing/selftests/user_events/ftrace_test.c @@ -296,6 +296,11 @@ TEST_F(user, write_events) { ASSERT_NE(-1, writev(self->data_fd, (const struct iovec *)io, 3)); after =3D trace_bytes(); ASSERT_GT(after, before); + + /* Negative index should fail with EINVAL */ + reg.write_index =3D -1; + ASSERT_EQ(-1, writev(self->data_fd, (const struct iovec *)io, 3)); + ASSERT_EQ(EINVAL, errno); } =20 TEST_F(user, write_fault) { --=20 2.39.2 From nobody Thu Feb 12 06:12:19 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4F592C77B7C for ; Wed, 26 Apr 2023 17:18:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235043AbjDZRSR (ORCPT ); Wed, 26 Apr 2023 13:18:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40644 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234751AbjDZRRx (ORCPT ); Wed, 26 Apr 2023 13:17:53 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A9AD92701 for ; Wed, 26 Apr 2023 10:17:52 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id EAD4E62FEA for ; Wed, 26 Apr 2023 17:17:51 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5C5E9C433D2; Wed, 26 Apr 2023 17:17:51 +0000 (UTC) Received: from rostedt by gandalf with local (Exim 4.96) (envelope-from ) id 1prim6-005KaP-1K; Wed, 26 Apr 2023 13:17:50 -0400 Message-ID: <20230426171750.231148604@goodmis.org> User-Agent: quilt/0.66 Date: Wed, 26 Apr 2023 13:17:09 -0400 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Masami Hiramatsu , Mark Rutland , Andrew Morton , Doug Cook , Beau Belgrave Subject: [for-next][PATCH 06/11] tracing/user_events: Ensure bit is cleared on unregister References: <20230426171703.202523909@goodmis.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Beau Belgrave If an event is enabled and a user process unregisters user_events, the bit is left set. Fix this by always clearing the bit in the user process if unregister is successful. Update abi self-test to ensure this occurs properly. Link: https://lkml.kernel.org/r/20230425225107.8525-3-beaub@linux.microsoft= .com Suggested-by: Doug Cook Signed-off-by: Beau Belgrave Signed-off-by: Steven Rostedt (Google) --- kernel/trace/trace_events_user.c | 34 +++++++++++++++++++ .../testing/selftests/user_events/abi_test.c | 9 +++-- 2 files changed, 40 insertions(+), 3 deletions(-) diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_u= ser.c index 546d47a57520..4f9ae63dfc5d 100644 --- a/kernel/trace/trace_events_user.c +++ b/kernel/trace/trace_events_user.c @@ -2149,6 +2149,35 @@ static long user_unreg_get(struct user_unreg __user = *ureg, return ret; } =20 +static int user_event_mm_clear_bit(struct user_event_mm *user_mm, + unsigned long uaddr, unsigned char bit) +{ + struct user_event_enabler enabler; + int result; + + memset(&enabler, 0, sizeof(enabler)); + enabler.addr =3D uaddr; + enabler.values =3D bit; +retry: + /* Prevents state changes from racing with new enablers */ + mutex_lock(&event_mutex); + + /* Force the bit to be cleared, since no event is attached */ + mmap_read_lock(user_mm->mm); + result =3D user_event_enabler_write(user_mm, &enabler, false); + mmap_read_unlock(user_mm->mm); + + mutex_unlock(&event_mutex); + + if (result) { + /* Attempt to fault-in and retry if it worked */ + if (!user_event_mm_fault_in(user_mm, uaddr)) + goto retry; + } + + return result; +} + /* * Unregisters an enablement address/bit within a task/user mm. */ @@ -2193,6 +2222,11 @@ static long user_events_ioctl_unreg(unsigned long ua= rg) =20 mutex_unlock(&event_mutex); =20 + /* Ensure bit is now cleared for user, regardless of event status */ + if (!ret) + ret =3D user_event_mm_clear_bit(mm, reg.disable_addr, + reg.disable_bit); + return ret; } =20 diff --git a/tools/testing/selftests/user_events/abi_test.c b/tools/testing= /selftests/user_events/abi_test.c index e0323d3777a7..5125c42efe65 100644 --- a/tools/testing/selftests/user_events/abi_test.c +++ b/tools/testing/selftests/user_events/abi_test.c @@ -109,13 +109,16 @@ TEST_F(user, enablement) { ASSERT_EQ(0, change_event(false)); ASSERT_EQ(0, self->check); =20 - /* Should not change after disable */ + /* Ensure kernel clears bit after disable */ ASSERT_EQ(0, change_event(true)); ASSERT_EQ(1, self->check); ASSERT_EQ(0, reg_disable(&self->check, 0)); + ASSERT_EQ(0, self->check); + + /* Ensure doesn't change after unreg */ + ASSERT_EQ(0, change_event(true)); + ASSERT_EQ(0, self->check); ASSERT_EQ(0, change_event(false)); - ASSERT_EQ(1, self->check); - self->check =3D 0; } =20 TEST_F(user, bit_sizes) { --=20 2.39.2 From nobody Thu Feb 12 06:12:19 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9345BC77B78 for ; Wed, 26 Apr 2023 17:18:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229927AbjDZRS2 (ORCPT ); Wed, 26 Apr 2023 13:18:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40648 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234754AbjDZRRy (ORCPT ); Wed, 26 Apr 2023 13:17:54 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 22ABF76BC for ; Wed, 26 Apr 2023 10:17:53 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 2718161B36 for ; Wed, 26 Apr 2023 17:17:52 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 91DF5C433AC; Wed, 26 Apr 2023 17:17:51 +0000 (UTC) Received: from rostedt by gandalf with local (Exim 4.96) (envelope-from ) id 1prim6-005Kaz-1z; Wed, 26 Apr 2023 13:17:50 -0400 Message-ID: <20230426171750.432594181@goodmis.org> User-Agent: quilt/0.66 Date: Wed, 26 Apr 2023 13:17:10 -0400 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Masami Hiramatsu , Mark Rutland , Andrew Morton , Doug Cook , Beau Belgrave Subject: [for-next][PATCH 07/11] tracing/user_events: Prevent same address and bit per process References: <20230426171703.202523909@goodmis.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Beau Belgrave User processes register an address and bit pair for events. If the same address and bit pair are registered multiple times in the same process, it can cause undefined behavior when events are enabled/disabled. When more than one are used, the bit could be turned off by another event being disabled, while the original event is still enabled. Prevent undefined behavior by checking the current mm to see if any event has already been registered for the address and bit pair. Return EADDRINUSE back to the user process if it's already being used. Update ftrace self-test to ensure this occurs properly. Link: https://lkml.kernel.org/r/20230425225107.8525-4-beaub@linux.microsoft= .com Suggested-by: Doug Cook Signed-off-by: Beau Belgrave Signed-off-by: Steven Rostedt (Google) --- kernel/trace/trace_events_user.c | 41 +++++++++++++++++++ .../selftests/user_events/ftrace_test.c | 9 +++- 2 files changed, 49 insertions(+), 1 deletion(-) diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_u= ser.c index 4f9ae63dfc5d..a29cd13caf55 100644 --- a/kernel/trace/trace_events_user.c +++ b/kernel/trace/trace_events_user.c @@ -419,6 +419,21 @@ static int user_event_enabler_write(struct user_event_= mm *mm, return 0; } =20 +static bool user_event_enabler_exists(struct user_event_mm *mm, + unsigned long uaddr, unsigned char bit) +{ + struct user_event_enabler *enabler; + struct user_event_enabler *next; + + list_for_each_entry_safe(enabler, next, &mm->enablers, link) { + if (enabler->addr =3D=3D uaddr && + (enabler->values & ENABLE_VAL_BIT_MASK) =3D=3D bit) + return true; + } + + return false; +} + static void user_event_enabler_update(struct user_event *user) { struct user_event_enabler *enabler; @@ -657,6 +672,22 @@ void user_event_mm_dup(struct task_struct *t, struct u= ser_event_mm *old_mm) user_event_mm_remove(t); } =20 +static bool current_user_event_enabler_exists(unsigned long uaddr, + unsigned char bit) +{ + struct user_event_mm *user_mm =3D current_user_event_mm(); + bool exists; + + if (!user_mm) + return false; + + exists =3D user_event_enabler_exists(user_mm, uaddr, bit); + + user_event_mm_put(user_mm); + + return exists; +} + static struct user_event_enabler *user_event_enabler_create(struct user_reg *reg, struct user_event *user, int *write_result) @@ -2048,6 +2079,16 @@ static long user_events_ioctl_reg(struct user_event_= file_info *info, if (ret) return ret; =20 + /* + * Prevent users from using the same address and bit multiple times + * within the same mm address space. This can cause unexpected behavior + * for user processes that is far easier to debug if this is explictly + * an error upon registering. + */ + if (current_user_event_enabler_exists((unsigned long)reg.enable_addr, + reg.enable_bit)) + return -EADDRINUSE; + name =3D strndup_user((const char __user *)(uintptr_t)reg.name_args, MAX_EVENT_DESC); =20 diff --git a/tools/testing/selftests/user_events/ftrace_test.c b/tools/test= ing/selftests/user_events/ftrace_test.c index 91272f9d6fce..7c99cef94a65 100644 --- a/tools/testing/selftests/user_events/ftrace_test.c +++ b/tools/testing/selftests/user_events/ftrace_test.c @@ -219,7 +219,12 @@ TEST_F(user, register_events) { ASSERT_EQ(0, ioctl(self->data_fd, DIAG_IOCSREG, ®)); ASSERT_EQ(0, reg.write_index); =20 - /* Multiple registers should result in same index */ + /* Multiple registers to the same addr + bit should fail */ + ASSERT_EQ(-1, ioctl(self->data_fd, DIAG_IOCSREG, ®)); + ASSERT_EQ(EADDRINUSE, errno); + + /* Multiple registers to same name should result in same index */ + reg.enable_bit =3D 30; ASSERT_EQ(0, ioctl(self->data_fd, DIAG_IOCSREG, ®)); ASSERT_EQ(0, reg.write_index); =20 @@ -242,6 +247,8 @@ TEST_F(user, register_events) { =20 /* Unregister */ ASSERT_EQ(0, ioctl(self->data_fd, DIAG_IOCSUNREG, &unreg)); + unreg.disable_bit =3D 30; + ASSERT_EQ(0, ioctl(self->data_fd, DIAG_IOCSUNREG, &unreg)); =20 /* Delete should work only after close and unregister */ close(self->data_fd); --=20 2.39.2 From nobody Thu Feb 12 06:12:19 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 85877C77B78 for ; Wed, 26 Apr 2023 17:18:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234910AbjDZRSI (ORCPT ); Wed, 26 Apr 2023 13:18:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40628 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234750AbjDZRRx (ORCPT ); Wed, 26 Apr 2023 13:17:53 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 70D11768F for ; Wed, 26 Apr 2023 10:17:52 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id D75036367A for ; Wed, 26 Apr 2023 17:17:51 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B1DFEC433EF; Wed, 26 Apr 2023 17:17:51 +0000 (UTC) Received: from rostedt by gandalf with local (Exim 4.96) (envelope-from ) id 1prim6-005KbY-2e; Wed, 26 Apr 2023 13:17:50 -0400 Message-ID: <20230426171750.635695746@goodmis.org> User-Agent: quilt/0.66 Date: Wed, 26 Apr 2023 13:17:11 -0400 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Masami Hiramatsu , Mark Rutland , Andrew Morton , Beau Belgrave Subject: [for-next][PATCH 08/11] tracing/user_events: Limit max fault-in attempts References: <20230426171703.202523909@goodmis.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Beau Belgrave When event enablement changes, user_events attempts to update a bit in the user process. If a fault is hit, an attempt to fault-in the page and the write is retried if the page made it in. While this normally requires a couple attempts, it is possible a bad user process could attempt to cause infinite loops. Ensure fault-in attempts either sync or async are limited to a max of 10 attempts for each update. When the max is hit, return -EFAULT so another attempt is not made in all cases. Link: https://lkml.kernel.org/r/20230425225107.8525-5-beaub@linux.microsoft= .com Suggested-by: Steven Rostedt (Google) Signed-off-by: Beau Belgrave Signed-off-by: Steven Rostedt (Google) --- kernel/trace/trace_events_user.c | 49 +++++++++++++++++++++++--------- 1 file changed, 35 insertions(+), 14 deletions(-) diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_u= ser.c index a29cd13caf55..b1ecd7677642 100644 --- a/kernel/trace/trace_events_user.c +++ b/kernel/trace/trace_events_user.c @@ -123,6 +123,7 @@ struct user_event_enabler_fault { struct work_struct work; struct user_event_mm *mm; struct user_event_enabler *enabler; + int attempt; }; =20 static struct kmem_cache *fault_cache; @@ -266,11 +267,19 @@ static void user_event_enabler_destroy(struct user_ev= ent_enabler *enabler) kfree(enabler); } =20 -static int user_event_mm_fault_in(struct user_event_mm *mm, unsigned long = uaddr) +static int user_event_mm_fault_in(struct user_event_mm *mm, unsigned long = uaddr, + int attempt) { bool unlocked; int ret; =20 + /* + * Normally this is low, ensure that it cannot be taken advantage of by + * bad user processes to cause excessive looping. + */ + if (attempt > 10) + return -EFAULT; + mmap_read_lock(mm->mm); =20 /* Ensure MM has tasks, cannot use after exit_mm() */ @@ -289,7 +298,7 @@ static int user_event_mm_fault_in(struct user_event_mm = *mm, unsigned long uaddr) =20 static int user_event_enabler_write(struct user_event_mm *mm, struct user_event_enabler *enabler, - bool fixup_fault); + bool fixup_fault, int *attempt); =20 static void user_event_enabler_fault_fixup(struct work_struct *work) { @@ -298,9 +307,10 @@ static void user_event_enabler_fault_fixup(struct work= _struct *work) struct user_event_enabler *enabler =3D fault->enabler; struct user_event_mm *mm =3D fault->mm; unsigned long uaddr =3D enabler->addr; + int attempt =3D fault->attempt; int ret; =20 - ret =3D user_event_mm_fault_in(mm, uaddr); + ret =3D user_event_mm_fault_in(mm, uaddr, attempt); =20 if (ret && ret !=3D -ENOENT) { struct user_event *user =3D enabler->event; @@ -329,7 +339,7 @@ static void user_event_enabler_fault_fixup(struct work_= struct *work) =20 if (!ret) { mmap_read_lock(mm->mm); - user_event_enabler_write(mm, enabler, true); + user_event_enabler_write(mm, enabler, true, &attempt); mmap_read_unlock(mm->mm); } out: @@ -341,7 +351,8 @@ static void user_event_enabler_fault_fixup(struct work_= struct *work) } =20 static bool user_event_enabler_queue_fault(struct user_event_mm *mm, - struct user_event_enabler *enabler) + struct user_event_enabler *enabler, + int attempt) { struct user_event_enabler_fault *fault; =20 @@ -353,6 +364,7 @@ static bool user_event_enabler_queue_fault(struct user_= event_mm *mm, INIT_WORK(&fault->work, user_event_enabler_fault_fixup); fault->mm =3D user_event_mm_get(mm); fault->enabler =3D enabler; + fault->attempt =3D attempt; =20 /* Don't try to queue in again while we have a pending fault */ set_bit(ENABLE_VAL_FAULTING_BIT, ENABLE_BITOPS(enabler)); @@ -372,7 +384,7 @@ static bool user_event_enabler_queue_fault(struct user_= event_mm *mm, =20 static int user_event_enabler_write(struct user_event_mm *mm, struct user_event_enabler *enabler, - bool fixup_fault) + bool fixup_fault, int *attempt) { unsigned long uaddr =3D enabler->addr; unsigned long *ptr; @@ -383,6 +395,8 @@ static int user_event_enabler_write(struct user_event_m= m *mm, lockdep_assert_held(&event_mutex); mmap_assert_locked(mm->mm); =20 + *attempt +=3D 1; + /* Ensure MM has tasks, cannot use after exit_mm() */ if (refcount_read(&mm->tasks) =3D=3D 0) return -ENOENT; @@ -398,7 +412,7 @@ static int user_event_enabler_write(struct user_event_m= m *mm, if (!fixup_fault) return -EFAULT; =20 - if (!user_event_enabler_queue_fault(mm, enabler)) + if (!user_event_enabler_queue_fault(mm, enabler, *attempt)) pr_warn("user_events: Unable to queue fault handler\n"); =20 return -EFAULT; @@ -439,15 +453,19 @@ static void user_event_enabler_update(struct user_eve= nt *user) struct user_event_enabler *enabler; struct user_event_mm *mm =3D user_event_mm_get_all(user); struct user_event_mm *next; + int attempt; =20 while (mm) { next =3D mm->next; mmap_read_lock(mm->mm); rcu_read_lock(); =20 - list_for_each_entry_rcu(enabler, &mm->enablers, link) - if (enabler->event =3D=3D user) - user_event_enabler_write(mm, enabler, true); + list_for_each_entry_rcu(enabler, &mm->enablers, link) { + if (enabler->event =3D=3D user) { + attempt =3D 0; + user_event_enabler_write(mm, enabler, true, &attempt); + } + } =20 rcu_read_unlock(); mmap_read_unlock(mm->mm); @@ -695,6 +713,7 @@ static struct user_event_enabler struct user_event_enabler *enabler; struct user_event_mm *user_mm; unsigned long uaddr =3D (unsigned long)reg->enable_addr; + int attempt =3D 0; =20 user_mm =3D current_user_event_mm(); =20 @@ -715,7 +734,8 @@ static struct user_event_enabler =20 /* Attempt to reflect the current state within the process */ mmap_read_lock(user_mm->mm); - *write_result =3D user_event_enabler_write(user_mm, enabler, false); + *write_result =3D user_event_enabler_write(user_mm, enabler, false, + &attempt); mmap_read_unlock(user_mm->mm); =20 /* @@ -735,7 +755,7 @@ static struct user_event_enabler =20 if (*write_result) { /* Attempt to fault-in and retry if it worked */ - if (!user_event_mm_fault_in(user_mm, uaddr)) + if (!user_event_mm_fault_in(user_mm, uaddr, attempt)) goto retry; =20 kfree(enabler); @@ -2195,6 +2215,7 @@ static int user_event_mm_clear_bit(struct user_event_= mm *user_mm, { struct user_event_enabler enabler; int result; + int attempt =3D 0; =20 memset(&enabler, 0, sizeof(enabler)); enabler.addr =3D uaddr; @@ -2205,14 +2226,14 @@ static int user_event_mm_clear_bit(struct user_even= t_mm *user_mm, =20 /* Force the bit to be cleared, since no event is attached */ mmap_read_lock(user_mm->mm); - result =3D user_event_enabler_write(user_mm, &enabler, false); + result =3D user_event_enabler_write(user_mm, &enabler, false, &attempt); mmap_read_unlock(user_mm->mm); =20 mutex_unlock(&event_mutex); =20 if (result) { /* Attempt to fault-in and retry if it worked */ - if (!user_event_mm_fault_in(user_mm, uaddr)) + if (!user_event_mm_fault_in(user_mm, uaddr, attempt)) goto retry; } =20 --=20 2.39.2 From nobody Thu Feb 12 06:12:19 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CD7FAC77B78 for ; Wed, 26 Apr 2023 17:18:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231848AbjDZRSM (ORCPT ); Wed, 26 Apr 2023 13:18:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40588 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234745AbjDZRRx (ORCPT ); Wed, 26 Apr 2023 13:17:53 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AA25D76A1 for ; Wed, 26 Apr 2023 10:17:52 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 2C1F663712 for ; Wed, 26 Apr 2023 17:17:52 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 07E1EC433EF; Wed, 26 Apr 2023 17:17:52 +0000 (UTC) Received: from rostedt by gandalf with local (Exim 4.96) (envelope-from ) id 1prim7-005Kc7-04; Wed, 26 Apr 2023 13:17:51 -0400 Message-ID: <20230426171750.842971434@goodmis.org> User-Agent: quilt/0.66 Date: Wed, 26 Apr 2023 13:17:12 -0400 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Masami Hiramatsu , Mark Rutland , Andrew Morton , Hao Zeng Subject: [for-next][PATCH 09/11] recordmcount: Fix memory leaks in the uwrite function References: <20230426171703.202523909@goodmis.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Hao Zeng Common realloc mistake: 'file_append' nulled but not freed upon failure Link: https://lkml.kernel.org/r/20230426010527.703093-1-zenghao@kylinos.cn Signed-off-by: Hao Zeng Suggested-by: Steven Rostedt Signed-off-by: Steven Rostedt (Google) --- scripts/recordmcount.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/scripts/recordmcount.c b/scripts/recordmcount.c index e30216525325..40ae6b2c7a6d 100644 --- a/scripts/recordmcount.c +++ b/scripts/recordmcount.c @@ -110,6 +110,7 @@ static ssize_t uwrite(void const *const buf, size_t con= st count) { size_t cnt =3D count; off_t idx =3D 0; + void *p =3D NULL; =20 file_updated =3D 1; =20 @@ -117,7 +118,10 @@ static ssize_t uwrite(void const *const buf, size_t co= nst count) off_t aoffset =3D (file_ptr + count) - file_end; =20 if (aoffset > file_append_size) { - file_append =3D realloc(file_append, aoffset); + p =3D realloc(file_append, aoffset); + if (!p) + free(file_append); + file_append =3D p; file_append_size =3D aoffset; } if (!file_append) { --=20 2.39.2 From nobody Thu Feb 12 06:12:19 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 439FDC77B78 for ; Wed, 26 Apr 2023 17:18:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235085AbjDZRSU (ORCPT ); Wed, 26 Apr 2023 13:18:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40646 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234756AbjDZRRy (ORCPT ); Wed, 26 Apr 2023 13:17:54 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 21883525D; Wed, 26 Apr 2023 10:17:53 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 5352F63706; Wed, 26 Apr 2023 17:17:52 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2D009C4339B; Wed, 26 Apr 2023 17:17:52 +0000 (UTC) Received: from rostedt by gandalf with local (Exim 4.96) (envelope-from ) id 1prim7-005Kcf-0k; Wed, 26 Apr 2023 13:17:51 -0400 Message-ID: <20230426171751.044554153@goodmis.org> User-Agent: quilt/0.66 Date: Wed, 26 Apr 2023 13:17:13 -0400 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Masami Hiramatsu , Mark Rutland , Andrew Morton , stable@vger.kernel.org, npiggin@gmail.com, Cheng-Jui Wang , Tze-nan Wu Subject: [for-next][PATCH 10/11] ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus References: <20230426171703.202523909@goodmis.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Tze-nan Wu In ring_buffer_reset_online_cpus, the buffer_size_kb write operation may permanently fail if the cpu_online_mask changes between two for_each_online_buffer_cpu loops. The number of increases and decreases on both cpu_buffer->resize_disabled and cpu_buffer->record_disabled may be inconsistent, causing some CPUs to have non-zero values for these atomic variables after the function returns. This issue can be reproduced by "echo 0 > trace" while hotplugging cpu. After reproducing success, we can find out buffer_size_kb will not be functional anymore. To prevent leaving 'resize_disabled' and 'record_disabled' non-zero after ring_buffer_reset_online_cpus returns, we ensure that each atomic variable has been set up before atomic_sub() to it. Link: https://lore.kernel.org/linux-trace-kernel/20230426062027.17451-1-Tze= -nan.Wu@mediatek.com Cc: stable@vger.kernel.org Cc: Cc: npiggin@gmail.com Fixes: b23d7a5f4a07 ("ring-buffer: speed up buffer resets by avoiding synch= ronize_rcu for each CPU") Reviewed-by: Cheng-Jui Wang Signed-off-by: Tze-nan Wu Signed-off-by: Steven Rostedt (Google) --- kernel/trace/ring_buffer.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index 58be5b409f72..9a0cb94c3972 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -5326,6 +5326,9 @@ void ring_buffer_reset_cpu(struct trace_buffer *buffe= r, int cpu) } EXPORT_SYMBOL_GPL(ring_buffer_reset_cpu); =20 +/* Flag to ensure proper resetting of atomic variables */ +#define RESET_BIT (1 << 30) + /** * ring_buffer_reset_online_cpus - reset a ring buffer per CPU buffer * @buffer: The ring buffer to reset a per cpu buffer of @@ -5342,20 +5345,27 @@ void ring_buffer_reset_online_cpus(struct trace_buf= fer *buffer) for_each_online_buffer_cpu(buffer, cpu) { cpu_buffer =3D buffer->buffers[cpu]; =20 - atomic_inc(&cpu_buffer->resize_disabled); + atomic_add(RESET_BIT, &cpu_buffer->resize_disabled); atomic_inc(&cpu_buffer->record_disabled); } =20 /* Make sure all commits have finished */ synchronize_rcu(); =20 - for_each_online_buffer_cpu(buffer, cpu) { + for_each_buffer_cpu(buffer, cpu) { cpu_buffer =3D buffer->buffers[cpu]; =20 + /* + * If a CPU came online during the synchronize_rcu(), then + * ignore it. + */ + if (!(atomic_read(&cpu_buffer->resize_disabled) & RESET_BIT)) + continue; + reset_disabled_cpu_buffer(cpu_buffer); =20 atomic_dec(&cpu_buffer->record_disabled); - atomic_dec(&cpu_buffer->resize_disabled); + atomic_sub(RESET_BIT, &cpu_buffer->resize_disabled); } =20 mutex_unlock(&buffer->mutex); --=20 2.39.2 From nobody Thu Feb 12 06:12:19 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id BD5AAC7618E for ; Wed, 26 Apr 2023 17:18:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233480AbjDZRSY (ORCPT ); Wed, 26 Apr 2023 13:18:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40650 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234759AbjDZRRy (ORCPT ); Wed, 26 Apr 2023 13:17:54 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 523BF65B7 for ; Wed, 26 Apr 2023 10:17:53 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 78C8863049 for ; Wed, 26 Apr 2023 17:17:52 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 53C11C4339E; Wed, 26 Apr 2023 17:17:52 +0000 (UTC) Received: from rostedt by gandalf with local (Exim 4.96) (envelope-from ) id 1prim7-005KdF-1Q; Wed, 26 Apr 2023 13:17:51 -0400 Message-ID: <20230426171751.250610496@goodmis.org> User-Agent: quilt/0.66 Date: Wed, 26 Apr 2023 13:17:14 -0400 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Masami Hiramatsu , Mark Rutland , Andrew Morton , Ken Lin Subject: [for-next][PATCH 11/11] tracing: Add missing spaces in trace_print_hex_seq() References: <20230426171703.202523909@goodmis.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ken Lin If the buffer length is larger than 16 and concatenate is set to false, there would be missing spaces every 16 bytes. Example: Before: c5 11 10 50 05 4d 31 40 00 40 00 40 00 4d 31 4000 40 00 After: c5 11 10 50 05 4d 31 40 00 40 00 40 00 4d 31 40 00 40 00 Link: https://lore.kernel.org/linux-trace-kernel/20230426032257.3157247-1-l= yenting@google.com Signed-off-by: Ken Lin Signed-off-by: Steven Rostedt (Google) --- kernel/trace/trace_output.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/kernel/trace/trace_output.c b/kernel/trace/trace_output.c index 952cc8aa8e59..15f05faaae44 100644 --- a/kernel/trace/trace_output.c +++ b/kernel/trace/trace_output.c @@ -221,8 +221,11 @@ trace_print_hex_seq(struct trace_seq *p, const unsigne= d char *buf, int buf_len, const char *ret =3D trace_seq_buffer_ptr(p); const char *fmt =3D concatenate ? "%*phN" : "%*ph"; =20 - for (i =3D 0; i < buf_len; i +=3D 16) + for (i =3D 0; i < buf_len; i +=3D 16) { + if (!concatenate && i !=3D 0) + trace_seq_putc(p, ' '); trace_seq_printf(p, fmt, min(buf_len - i, 16), &buf[i]); + } trace_seq_putc(p, 0); =20 return ret; --=20 2.39.2