lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 13 Mar 2013 19:53:31 -0400
From:	Steven Rostedt <rostedt@...dmis.org>
To:	LKML <linux-kernel@...r.kernel.org>
Cc:	Ingo Molnar <mingo@...nel.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Paul McKenney <paulmck@...ux.vnet.ibm.com>,
	stable <stable@...r.kernel.org>
Subject: [PATCH][GIT PULL][3.9] tracing: Fix free of probe entry by calling
 call_rcu_sched()


Ingo,

While testing my new code I stumbled upon this bug. This is a real
bug and has been in the kernel forever. Luckily, it's in a feature
that is seldom used. But it can cause a crash if the race is hit.

I based this off of my last pull request of tip/perf/urgent.

Thanks,

-- Steve


Please pull the latest tip/perf/urgent-2 tree, which can be found at:

  git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace.git
tip/perf/urgent-2

Head SHA1: 740466bc89ad8bd5afcc8de220f715f62b21e365


Steven Rostedt (Red Hat) (1):
      tracing: Fix free of probe entry by calling call_rcu_sched()

----
 kernel/trace/ftrace.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
---------------------------
commit 740466bc89ad8bd5afcc8de220f715f62b21e365
Author: Steven Rostedt (Red Hat) <rostedt@...dmis.org>
Date:   Wed Mar 13 11:15:19 2013 -0400

    tracing: Fix free of probe entry by calling call_rcu_sched()
    
    Because function tracing is very invasive, and can even trace
    calls to rcu_read_lock(), RCU access in function tracing is done
    with preempt_disable_notrace(). This requires a synchronize_sched()
    for updates and not a synchronize_rcu().
    
    Function probes (traceon, traceoff, etc) must be freed after
    a synchronize_sched() after its entry has been removed from the
    hash. But call_rcu() is used. Fix this by using call_rcu_sched().
    
    Also fix the usage to use hlist_del_rcu() instead of hlist_del().
    
    Cc: stable@...r.kernel.org
    Cc: Paul McKenney <paulmck@...ux.vnet.ibm.com>
    Signed-off-by: Steven Rostedt <rostedt@...dmis.org>

diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
index 98ca94a..e6effd0 100644
--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
@@ -3108,8 +3108,8 @@ __unregister_ftrace_function_probe(char *glob, struct ftrace_probe_ops *ops,
 					continue;
 			}
 
-			hlist_del(&entry->node);
-			call_rcu(&entry->rcu, ftrace_free_entry_rcu);
+			hlist_del_rcu(&entry->node);
+			call_rcu_sched(&entry->rcu, ftrace_free_entry_rcu);
 		}
 	}
 	__disable_ftrace_function_probe();


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ