Re: [PATCH kernel] tracepoint: Fix race between tracing and removing tracepoint

From: Peter Zijlstra
Date: Tue Feb 02 2021 - 05:10:07 EST

Next message: Sergey Senozhatsky: "Re: [PATCH 1/3] printk: use CONFIG_CONSOLE_LOGLEVEL_* directly"
Previous message: nakamura.shun@xxxxxxxxxxx: "RE: [PATCH v4 4/4] perf vendor events: Add Fujitsu A64FX V1.2 pmu event"
In reply to: Alexey Kardashevskiy: "[PATCH kernel] tracepoint: Fix race between tracing and removing tracepoint"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Feb 02, 2021 at 06:23:26PM +1100, Alexey Kardashevskiy wrote:
> When executing a tracepoint, the tracepoint's func is dereferenced twice -
> in __DO_TRACE() (where the returned pointer is checked) and later on in
> __traceiter_##_name where the returned pointer is dereferenced without
> checking which leads to races against tracepoint_removal_sync() and
> crashes.
>
> This adds a check before referencing the pointer in tracepoint_ptr_deref.

Agreed, a reload got added and it doesn't check the value again.

> Fixes: d25e37d89dd2f ("tracepoint: Optimize using static_call()")
> Signed-off-by: Alexey Kardashevskiy <aik@xxxxxxxxx>

> it_func_ptr = \
> rcu_dereference_raw((&__tracepoint_##_name)->funcs); \

> + if (it_func_ptr) { \
> + do { \
> + it_func = (it_func_ptr)->func; \
> + __data = (it_func_ptr)->data; \
> + ((void(*)(void *, proto))(it_func))(__data, args); \
> + } while ((++it_func_ptr)->func); \
> + } \
> return 0; \

Acked-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx>

Next message: Sergey Senozhatsky: "Re: [PATCH 1/3] printk: use CONFIG_CONSOLE_LOGLEVEL_* directly"
Previous message: nakamura.shun@xxxxxxxxxxx: "RE: [PATCH v4 4/4] perf vendor events: Add Fujitsu A64FX V1.2 pmu event"
In reply to: Alexey Kardashevskiy: "[PATCH kernel] tracepoint: Fix race between tracing and removing tracepoint"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]