diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2022-11-09 16:32:32 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2022-11-09 16:33:01 +0100 |
| commit | c5b96b887b95520f3046df02ce37e5f64ec1a0e9 (patch) | |
| tree | 3475234b9e726d8ffb6aaa50cfdfab5e7cac2b58 | |
| parent | a211edf7b95e91eb33705c218463d7c697e7e58e (diff) | |
| download | linux-debian-c5b96b887b95520f3046df02ce37e5f64ec1a0e9.tar.gz | |
ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters()
Closes: #1023726
| -rw-r--r-- | debian/changelog | 2 | ||||
| -rw-r--r-- | debian/patches/bugfix/all/ring-buffer-Check-for-NULL-cpu_buffer-in-ring_buffer.patch | 71 | ||||
| -rw-r--r-- | debian/patches/series | 1 |
3 files changed, 74 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 9f81bffc7..a1f24ac22 100644 --- a/debian/changelog +++ b/debian/changelog @@ -7,6 +7,8 @@ linux (6.0.7-2) UNRELEASED; urgency=medium [ Salvatore Bonaccorso ] * ext4: update the backup superblock's at the end of the online resize (Closes: #1023450) + * ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() + (Closes: #1023726) -- Vincent Blut <vincent.debian@free.fr> Mon, 07 Nov 2022 17:51:22 +0100 diff --git a/debian/patches/bugfix/all/ring-buffer-Check-for-NULL-cpu_buffer-in-ring_buffer.patch b/debian/patches/bugfix/all/ring-buffer-Check-for-NULL-cpu_buffer-in-ring_buffer.patch new file mode 100644 index 000000000..c72410b41 --- /dev/null +++ b/debian/patches/bugfix/all/ring-buffer-Check-for-NULL-cpu_buffer-in-ring_buffer.patch @@ -0,0 +1,71 @@ +From: "Steven Rostedt (Google)" <rostedt@goodmis.org> +Date: Tue, 1 Nov 2022 19:10:09 -0400 +Subject: ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() +Origin: https://git.kernel.org/linus/7433632c9ff68a991bd0bc38cabf354e9d2de410 +Bug-Debian: https://bugs.debian.org/1023726 + +On some machines the number of listed CPUs may be bigger than the actual +CPUs that exist. The tracing subsystem allocates a per_cpu directory with +access to the per CPU ring buffer via a cpuX file. But to save space, the +ring buffer will only allocate buffers for online CPUs, even though the +CPU array will be as big as the nr_cpu_ids. + +With the addition of waking waiters on the ring buffer when closing the +file, the ring_buffer_wake_waiters() now needs to make sure that the +buffer is allocated (with the irq_work allocated with it) before trying to +wake waiters, as it will cause a NULL pointer dereference. + +While debugging this, I added a NULL check for the buffer itself (which is +OK to do), and also NULL pointer checks against buffer->buffers (which is +not fine, and will WARN) as well as making sure the CPU number passed in +is within the nr_cpu_ids (which is also not fine if it isn't). + +Link: https://lore.kernel.org/all/87h6zklb6n.wl-tiwai@suse.de/ +Link: https://lore.kernel.org/all/CAM6Wdxc0KRJMXVAA0Y=u6Jh2V=uWB-_Fn6M4xRuNppfXzL1mUg@mail.gmail.com/ +Link: https://lkml.kernel.org/linux-trace-kernel/20221101191009.1e7378c8@rorschach.local.home + +Cc: stable@vger.kernel.org +Cc: Steven Noonan <steven.noonan@gmail.com> +Bugzilla: https://bugzilla.opensuse.org/show_bug.cgi?id=1204705 +Reported-by: Takashi Iwai <tiwai@suse.de> +Reported-by: Roland Ruckerbauer <roland.rucky@gmail.com> +Fixes: f3ddb74ad079 ("tracing: Wake up ring buffer waiters on closing of the file") +Reviewed-by: Masami Hiramatsu (Google) <mhiramat@kernel.org> +Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> +--- + kernel/trace/ring_buffer.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c +index 199759c73519..9712083832f4 100644 +--- a/kernel/trace/ring_buffer.c ++++ b/kernel/trace/ring_buffer.c +@@ -937,6 +937,9 @@ void ring_buffer_wake_waiters(struct trace_buffer *buffer, int cpu) + struct ring_buffer_per_cpu *cpu_buffer; + struct rb_irq_work *rbwork; + ++ if (!buffer) ++ return; ++ + if (cpu == RING_BUFFER_ALL_CPUS) { + + /* Wake up individual ones too. One level recursion */ +@@ -945,7 +948,15 @@ void ring_buffer_wake_waiters(struct trace_buffer *buffer, int cpu) + + rbwork = &buffer->irq_work; + } else { ++ if (WARN_ON_ONCE(!buffer->buffers)) ++ return; ++ if (WARN_ON_ONCE(cpu >= nr_cpu_ids)) ++ return; ++ + cpu_buffer = buffer->buffers[cpu]; ++ /* The CPU buffer may not have been initialized yet */ ++ if (!cpu_buffer) ++ return; + rbwork = &cpu_buffer->irq_work; + } + +-- +2.38.1 + diff --git a/debian/patches/series b/debian/patches/series index cc2601b0f..58a2ff274 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -82,6 +82,7 @@ bugfix/all/disable-some-marvell-phys.patch bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch bugfix/all/wifi-ath11k-avoid-deadlock-during-regulatory-update-.patch bugfix/all/ext4-update-the-backup-superblock-s-at-the-end-of-th.patch +bugfix/all/ring-buffer-Check-for-NULL-cpu_buffer-in-ring_buffer.patch # Miscellaneous features |