MIRRORS/linux-imx
1
0
Fork 0
mirror of https://github.com/nxp-imx/linux-imx.git synced 2026-05-11 01:30:07 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
cb2dfe4e50
linux-imx/kernel
History
Steven Rostedt (Red Hat) cb2dfe4e50 ring-buffer: Up rb_iter_peek() loop count to 3 
commit 021de3d904 upstream.

After writting a test to try to trigger the bug that caused the
ring buffer iterator to become corrupted, I hit another bug:

 WARNING: CPU: 1 PID: 5281 at kernel/trace/ring_buffer.c:3766 rb_iter_peek+0x113/0x238()
 Modules linked in: ipt_MASQUERADE sunrpc [...]
 CPU: 1 PID: 5281 Comm: grep Tainted: G        W     3.16.0-rc3-test+ #143
 Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./To be filled by O.E.M., BIOS SDBLI944.86P 05/08/2007
  0000000000000000 ffffffff81809a80 ffffffff81503fb0 0000000000000000
  ffffffff81040ca1 ffff8800796d6010 ffffffff810c138d ffff8800796d6010
  ffff880077438c80 ffff8800796d6010 ffff88007abbe600 0000000000000003
 Call Trace:
  [<ffffffff81503fb0>] ? dump_stack+0x4a/0x75
  [<ffffffff81040ca1>] ? warn_slowpath_common+0x7e/0x97
  [<ffffffff810c138d>] ? rb_iter_peek+0x113/0x238
  [<ffffffff810c138d>] ? rb_iter_peek+0x113/0x238
  [<ffffffff810c14df>] ? ring_buffer_iter_peek+0x2d/0x5c
  [<ffffffff810c6f73>] ? tracing_iter_reset+0x6e/0x96
  [<ffffffff810c74a3>] ? s_start+0xd7/0x17b
  [<ffffffff8112b13e>] ? kmem_cache_alloc_trace+0xda/0xea
  [<ffffffff8114cf94>] ? seq_read+0x148/0x361
  [<ffffffff81132d98>] ? vfs_read+0x93/0xf1
  [<ffffffff81132f1b>] ? SyS_read+0x60/0x8e
  [<ffffffff8150bf9f>] ? tracesys+0xdd/0xe2

Debugging this bug, which triggers when the rb_iter_peek() loops too
many times (more than 2 times), I discovered there's a case that can
cause that function to legitimately loop 3 times!

rb_iter_peek() is different than rb_buffer_peek() as the rb_buffer_peek()
only deals with the reader page (it's for consuming reads). The
rb_iter_peek() is for traversing the buffer without consuming it, and as
such, it can loop for one more reason. That is, if we hit the end of
the reader page or any page, it will go to the next page and try again.

That is, we have this:

 1. iter->head > iter->head_page->page->commit
    (rb_inc_iter() which moves the iter to the next page)
    try again

 2. event = rb_iter_head_event()
    event->type_len == RINGBUF_TYPE_TIME_EXTEND
    rb_advance_iter()
    try again

 3. read the event.

But we never get to 3, because the count is greater than 2 and we
cause the WARNING and return NULL.

Up the counter to 3.

Fixes: 69d1b839f7 "ring-buffer: Bind time extend and data events together"
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
[bwh: Backported to 3.2: drop inapplicable spelling correction]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
2014-09-13 23:41:43 +01:00
..
debug kgdb,debug_core: pass the breakpoint struct instead of address and memory 2012-04-13 08:33:48 -07:00
events perf: Fix race in removing an event 2014-07-11 13:33:56 +01:00
gcov gcov: disable CONSTRUCTORS for UML 2011-07-26 16:49:45 -07:00
irq genirq: Sanitize spurious interrupt detection of threaded irqs 2014-07-11 13:33:34 +01:00
power PM / hibernate: Avoid overflow in hibernate_preallocate_memory() 2014-01-03 04:33:17 +00:00
time nohz: Fix another inconsistency between CONFIG_NO_HZ=n and nohz=off 2014-08-06 18:07:39 +01:00
trace ring-buffer: Up rb_iter_peek() loop count to 3 2014-09-13 23:41:43 +01:00
.gitignore
acct.c pass a struct path to vfs_statfs 2010-08-09 16:48:42 -04:00
async.c Fix a dead loop in async_synchronize_full() 2012-10-10 03:31:09 +01:00
audit_tree.c kernel/audit_tree.c: tree will leak memory when failure occurs in audit_trim_trees() 2013-05-13 15:02:43 +01:00
audit_watch.c kill path_lookup() 2011-03-14 09:15:23 -04:00
audit.c audit: use nlmsg_len() to get message payload length 2014-01-03 04:33:17 +00:00
audit.h audit: make functions static 2010-10-30 01:42:19 -04:00
auditfilter.c netlink: kill loginuid/sessionid/sid members from struct netlink_skb_parms 2011-03-03 10:55:40 -08:00
auditsc.c auditsc: audit_krule mask accesses need bounds checking 2014-07-11 13:33:49 +01:00
backtracetest.c
bounds.c memcg: remove direct page_cgroup-to-page pointer 2011-03-23 19:46:28 -07:00
capability.c kernel: Map most files to use export.h instead of module.h 2011-10-31 09:20:12 -04:00
cgroup_freezer.c cgroup: cgroup_subsys->fork() should be called after the task is added to css_set 2013-01-03 03:32:56 +00:00
cgroup.c cgroup: update cgroup_enable_task_cg_lists() to grab siglock 2014-04-02 00:58:54 +01:00
compat.c compat: Fix RT signal mask corruption via sigprocmask 2012-05-31 00:43:51 +01:00
configs.c kernel/configs.c: include MODULE_*() when CONFIG_IKCONFIG_PROC=n 2011-07-25 20:57:15 -07:00
cpu_pm.c cpu_pm: call notifiers during suspend 2011-09-23 12:05:29 +05:30
cpu.c CPU hotplug: provide a generic helper to disable/enable CPU hotplug 2013-06-19 02:16:59 +01:00
cpuset.c cpuset,mempolicy: fix sleeping function called from invalid context 2014-08-06 18:07:33 +01:00
crash_dump.c Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
cred.c cred: copy_process() should clear child->replacement_session_keyring 2012-04-13 08:33:50 -07:00
delayacct.c KVM: Steal time implementation 2011-07-14 12:59:14 +03:00
dma.c kernel: Map most files to use export.h instead of module.h 2011-10-31 09:20:12 -04:00
elfcore.c
exec_domain.c sys_personality: remove the bogus checks in sys_personality()->__set_personality() path 2010-08-09 20:45:05 -07:00
exit.c wait: fix reparent_leader() vs EXIT_DEAD->EXIT_ZOMBIE race 2014-04-30 16:23:26 +01:00
extable.c extable, core_kernel_data(): Make sure all archs define _sdata 2011-05-20 08:56:56 +02:00
fork.c tracing: Fix syscall_*regfunc() vs copy_process() race 2014-07-11 13:33:53 +01:00
freezer.c Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
futex_compat.c futex: Do not leak robust list to unprivileged process 2012-04-22 15:31:15 -07:00
futex.c futex: Make lookup_pi_state more robust 2014-06-09 13:29:17 +01:00
groups.c kernel: Map most files to use export.h instead of module.h 2011-10-31 09:20:12 -04:00
hrtimer.c hrtimer: Set expiry time before switch_hrtimer_base() 2014-06-09 13:29:10 +01:00
hung_task.c hung_task: fix false positive during vfork 2012-01-03 16:14:32 -08:00
irq_work.c kernel: fix two implicit header assumptions in irq_work.c 2011-10-31 09:20:12 -04:00
itimer.c
jump_label.c jump_label: jump_label_inc may return before the code is patched 2011-12-05 13:28:46 -05:00
kallsyms.c Merge branch 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2011-03-25 17:52:22 -07:00
Kconfig.freezer
Kconfig.hz
Kconfig.locks locking/mutex: Disable optimistic spinning on some architectures 2014-08-06 18:07:38 +01:00
Kconfig.preempt sched: Isolate preempt counting in its own config option 2011-06-10 15:15:40 +02:00
kexec.c [S390] kdump: Add infrastructure for unmapping crashkernel memory 2011-10-30 15:16:42 +01:00
kfifo.c kernel: Map most files to use export.h instead of module.h 2011-10-31 09:20:12 -04:00
kmod.c usermodehelper: check subprocess_info->path != NULL 2013-05-30 14:35:00 +01:00
kprobes.c kprobes: return proper error code from register_kprobe() 2012-03-12 12:31:26 -07:00
ksysfs.c kernel: ksysfs.c is implicitly using stat.h 2011-10-31 09:20:13 -04:00
kthread.c kernel: Map most files to use export.h instead of module.h 2011-10-31 09:20:12 -04:00
latencytop.c kernel: Map most files to use export.h instead of module.h 2011-10-31 09:20:12 -04:00
lockdep_internals.h
lockdep_proc.c kernel: Map most files to use export.h instead of module.h 2011-10-31 09:20:12 -04:00
lockdep_states.h
lockdep.c lockdep, kmemcheck: Annotate ->lock in lockdep_init_map() 2011-12-06 18:18:13 +01:00
Makefile Merge branch 'devel-stable' of http://ftp.arm.linux.org.uk/pub/linux/arm/kernel/git-cur/linux-2.6-arm 2011-10-28 12:02:27 -07:00
module.c ftrace/module: Hardcode ftrace_module_init() call into load_module() 2014-06-09 13:29:03 +01:00
mutex-debug.c kernel: Map most files to use export.h instead of module.h 2011-10-31 09:20:12 -04:00
mutex-debug.h mutex: Use p->on_cpu for the adaptive spin 2011-04-14 08:52:33 +02:00
mutex.c kernel: Map most files to use export.h instead of module.h 2011-10-31 09:20:12 -04:00
mutex.h mutex: Use p->on_cpu for the adaptive spin 2011-04-14 08:52:33 +02:00
notifier.c kernel: Map most files to use export.h instead of module.h 2011-10-31 09:20:12 -04:00
nsproxy.c kernel: Map most files to use export.h instead of module.h 2011-10-31 09:20:12 -04:00
padata.c kernel: Map most files to use export.h instead of module.h 2011-10-31 09:20:12 -04:00
panic.c lockdep, bug: Exclude TAINT_OOT_MODULE from disabling lock debugging 2012-02-13 11:16:59 -08:00
params.c kernel: params.c needs module.h not moduleparam.h 2011-10-31 09:20:13 -04:00
pid_namespace.c pidns: call pid_ns_prepare_proc() from create_pid_namespace() 2011-03-23 19:46:58 -07:00
pid.c kernel: Map most files to use export.h instead of module.h 2011-10-31 09:20:12 -04:00
posix-cpu-timers.c posix-cpu-timers: Fix nanosleep task_struct leak 2013-03-06 03:24:01 +00:00
posix-timers.c posix-timer: Don't call idr_find() with out-of-range ID 2013-03-06 03:24:09 +00:00
printk.c printk: Fix scheduling-while-atomic problem in console_cpu_notify() 2014-04-02 00:59:00 +01:00
profile.c kernel: Map most files to use export.h instead of module.h 2011-10-31 09:20:12 -04:00
ptrace.c exec/ptrace: fix get_dumpable() incorrect tests 2014-01-03 04:33:21 +00:00
range.c range: fix bogus misuse of module.h to get printk() 2011-10-31 09:20:11 -04:00
rcu.h rcu: Add grace-period, quiescent-state, and call_rcu trace events 2011-09-28 21:38:21 -07:00
rcupdate.c kernel: Map most files to use export.h instead of module.h 2011-10-31 09:20:12 -04:00
rcutiny_plugin.h kernel: fix up module header handling in rcutiny files 2011-10-31 09:20:13 -04:00
rcutiny.c kernel: fix up module header handling in rcutiny files 2011-10-31 09:20:13 -04:00
rcutorture.c rcu: Make rcu_torture_boost() exit loops at end of test 2011-09-28 21:38:46 -07:00
rcutree_plugin.h rcu: Remove rcu_needs_cpu_flush() to avoid false quiescent states 2011-09-28 21:38:48 -07:00
rcutree_trace.c rcu: Simplify quiescent-state accounting 2011-09-28 21:38:22 -07:00
rcutree.c rcu: Fix batch-limit size problem 2013-01-03 03:33:08 +00:00
rcutree.h rcu: Remove rcu_needs_cpu_flush() to avoid false quiescent states 2011-09-28 21:38:48 -07:00
relay.c splice: fix racy pipe->buffers uses 2012-07-12 04:31:59 +01:00
res_counter.c memcg: res_counter_read_u64(): fix potential races on 32-bit machines 2011-03-23 19:46:22 -07:00
resource.c kernel/resource.c: fix stack overflow in __reserve_region_with_split() 2013-02-20 03:15:31 +00:00
rtmutex_common.h rtmutex: Simplify PI algorithm and make highest prio task get lock 2011-01-27 21:13:51 -05:00
rtmutex-debug.c kernel: Map most files to use export.h instead of module.h 2011-10-31 09:20:12 -04:00
rtmutex-debug.h rtmutex: Handle deadlock detection smarter 2014-07-11 13:33:50 +01:00
rtmutex-tester.c kernel: Map most files to use export.h instead of module.h 2011-10-31 09:20:12 -04:00
rtmutex.c rtmutex: Plug slow unlock race 2014-07-11 13:33:51 +01:00
rtmutex.h rtmutex: Handle deadlock detection smarter 2014-07-11 13:33:50 +01:00
rwsem.c kernel: Map most files to use export.h instead of module.h 2011-10-31 09:20:12 -04:00
sched_autogroup.c Revert "sched, autogroup: Stop going ahead if autogroup is disabled" 2013-01-03 03:32:53 +00:00
sched_autogroup.h Revert "sched, autogroup: Stop going ahead if autogroup is disabled" 2013-01-03 03:32:53 +00:00
sched_clock.c sched_clock: Prevent 64bit inatomicity on 32bit systems 2013-04-25 20:25:34 +01:00
sched_cpupri.c sched: Use CPUPRI_NR_PRIORITIES instead of MAX_RT_PRIO in cpupri check 2014-06-09 13:29:10 +01:00
sched_cpupri.h sched/cpupri: Remove cpupri->pri_active 2011-08-14 12:01:11 +02:00
sched_debug.c sched: Fix possible divide by zero in avg_atom() calculation 2014-08-06 18:07:38 +01:00
sched_fair.c sched: Fix double normalization of vruntime 2014-04-02 00:58:56 +01:00
sched_features.h sched, rt: Provide means of disabling cross-cpu bandwidth sharing 2011-11-14 12:50:40 +01:00
sched_idletask.c sched/nohz: Rewrite and fix load-avg computation -- again 2012-07-25 04:11:09 +01:00
sched_rt.c sched/rt: Avoid updating RT entry timeout twice within one tick period 2014-02-15 19:20:18 +00:00
sched_stats.h locking, sched: Annotate thread_group_cputimer as raw 2011-09-13 11:11:55 +02:00
sched_stoptask.c sched: Fix migration thread runtime bogosity 2012-10-17 03:50:03 +01:00
sched.c sched: Unthrottle rt runqueues in __disable_runtime() 2014-02-15 19:20:18 +00:00
seccomp.c
semaphore.c kernel: Map most files to use export.h instead of module.h 2011-10-31 09:20:12 -04:00
signal.c kernel/signal.c: stop info leak via the tkill and the tgkill syscalls 2013-04-25 20:25:42 +01:00
smp.c smp: Fix SMP function call empty cpu mask race 2013-02-06 04:33:49 +00:00
softirq.c kernel: Map most files to use export.h instead of module.h 2011-10-31 09:20:12 -04:00
spinlock.c kernel: Map most files to use export.h instead of module.h 2011-10-31 09:20:12 -04:00
srcu.c kernel: Map most files to use export.h instead of module.h 2011-10-31 09:20:12 -04:00
stacktrace.c kernel: Map most files to use export.h instead of module.h 2011-10-31 09:20:12 -04:00
stop_machine.c Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
sys_ni.c Cross Memory Attach 2011-10-31 17:30:44 -07:00
sys.c reboot: rigrate shutdown/reboot to boot cpu 2013-06-19 02:17:00 +01:00
sysctl_binary.c sysctl: fix null checking in bin_dn_node_address() 2013-03-06 03:24:17 +00:00
sysctl_check.c xfs: remove subdirectories 2011-08-12 16:21:35 -05:00
sysctl.c sysctl: fix write access to dmesg_restrict/kptr_restrict 2012-04-13 08:33:49 -07:00
taskstats.c Make TASKSTATS require root access 2011-09-19 17:04:37 -07:00
test_kprobes.c kprobes: Fix selftest to clear flags field for reusing probes 2010-10-14 08:55:27 +02:00
time.c kernel: Map most files to use export.h instead of module.h 2011-10-31 09:20:12 -04:00
timeconst.pl timeconst.pl: Eliminate Perl warning 2013-03-06 03:23:52 +00:00
timer.c timer: Prevent overflow in apply_slack 2014-06-09 13:29:04 +01:00
tracepoint.c tracepoint: Do not waste memory on mods with no tracepoints 2014-06-09 13:28:55 +01:00
tsacct.c Make taskstats round statistics down to nearest 1k bytes/events 2011-09-19 17:10:57 -07:00
uid16.c userns: user namespaces: convert several capable() calls 2011-03-23 19:47:08 -07:00
up.c kernel: Map most files to use export.h instead of module.h 2011-10-31 09:20:12 -04:00
user_namespace.c kernel: Map most files to use export.h instead of module.h 2011-10-31 09:20:12 -04:00
user-return-notifier.c kernel: Map most files to use export.h instead of module.h 2011-10-31 09:20:12 -04:00
user.c kernel: Map most files to use export.h instead of module.h 2011-10-31 09:20:12 -04:00
utsname_sysctl.c Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
utsname.c kernel: Map most files to use export.h instead of module.h 2011-10-31 09:20:12 -04:00
wait.c kernel: Map most files to use export.h instead of module.h 2011-10-31 09:20:12 -04:00
watchdog.c watchdog: using u64 in get_sample_period() 2012-12-06 11:20:21 +00:00
workqueue_sched.h workqueue: implement concurrency managed dynamic worker pool 2010-06-29 10:07:14 +02:00
workqueue.c workqueue: ensure @task is valid across kthread_stop() 2014-04-02 00:58:54 +01:00