| Message ID | 20230907024710.866917011@goodmis.org (mailing list archive) |
|---|---|
| Headers | show |
| Series | tracing: Fix removing instances while reading/writing to their files | expand |
On Thu, 7 Sept 2023 at 08:17, Steven Rostedt <rostedt@goodmis.org> wrote: > > > It appears that the dynamic code of eventfs has caused a race window > to open up a bit more and showed that several files were not protected > by the trace array ref count. This means that a task could open one > of the files in an instance, remove the instance, and still be able to > read or write to that file. That access will then cause a "use-after-free" > bug. > > Close those holes! > > Also, fix a left over unused variable in the eventfs dput fix. This patch set applied on top of Linux next master branch and tested selftests ftrace tests [1]. The test run to complete and not found any crashes. Tested-by: Linux Kernel Functional Testing <lkft@linaro.org> Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org> > > Steven Rostedt (Google) (6): > tracefs/eventfs: Use dput to free the toplevel events directory > tracing: Increase trace array ref count on enable and filter files > tracing: Have tracing_max_latency inc the trace array ref count > tracing: Have current_trace inc the trace array ref count > tracing: Have option files inc the trace array ref count > tracing: Have event inject files inc the trace array ref count > > ---- > fs/tracefs/event_inode.c | 17 +++++++--- > fs/tracefs/inode.c | 2 +- > fs/tracefs/internal.h | 5 +-- > kernel/trace/trace.c | 68 ++++++++++++++++++++++++++++++++++---- > kernel/trace/trace.h | 2 ++ > kernel/trace/trace_events.c | 6 ++-- > kernel/trace/trace_events_inject.c | 3 +- > 7 files changed, 85 insertions(+), 18 deletions(-) [1] https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/naresh/tests/2V4IYQhAHrFXjwQvHLc2w3mKhXs -- Linaro LKFT https://lkft.linaro.org
On Thu, 7 Sep 2023 18:54:46 +0530 Naresh Kamboju <naresh.kamboju@linaro.org> wrote: > This patch set applied on top of Linux next master branch and > tested selftests ftrace tests [1]. The test run to complete and not > found any crashes. > > Tested-by: Linux Kernel Functional Testing <lkft@linaro.org> > Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org> Thanks Naresh! -- Steve
It appears that the dynamic code of eventfs has caused a race window to open up a bit more and showed that several files were not protected by the trace array ref count. This means that a task could open one of the files in an instance, remove the instance, and still be able to read or write to that file. That access will then cause a "use-after-free" bug. Close those holes! Also, fix a left over unused variable in the eventfs dput fix. Steven Rostedt (Google) (6): tracefs/eventfs: Use dput to free the toplevel events directory tracing: Increase trace array ref count on enable and filter files tracing: Have tracing_max_latency inc the trace array ref count tracing: Have current_trace inc the trace array ref count tracing: Have option files inc the trace array ref count tracing: Have event inject files inc the trace array ref count ---- fs/tracefs/event_inode.c | 17 +++++++--- fs/tracefs/inode.c | 2 +- fs/tracefs/internal.h | 5 +-- kernel/trace/trace.c | 68 ++++++++++++++++++++++++++++++++++---- kernel/trace/trace.h | 2 ++ kernel/trace/trace_events.c | 6 ++-- kernel/trace/trace_events_inject.c | 3 +- 7 files changed, 85 insertions(+), 18 deletions(-)