linux/kernel/trace
Al Viro 92fdd98cf8 tracing: Fix buggered tee(2) on tracing_pipe
In kernel/trace/trace.c we have this:
static void tracing_pipe_buf_release(struct pipe_inode_info *pipe,
                                     struct pipe_buffer *buf)
{
        __free_page(buf->page);
}
static const struct pipe_buf_operations tracing_pipe_buf_ops = {
        .can_merge              = 0,
        .map                    = generic_pipe_buf_map,
        .unmap                  = generic_pipe_buf_unmap,
        .confirm                = generic_pipe_buf_confirm,
        .release                = tracing_pipe_buf_release,
        .steal                  = generic_pipe_buf_steal,
        .get                    = generic_pipe_buf_get,
};
with
void generic_pipe_buf_get(struct pipe_inode_info *pipe, struct pipe_buffer *buf)
{
        page_cache_get(buf->page);
}

and I don't see anything that would've prevented tee(2) called on the pipe
that got stuff spliced into it from that sucker.  ->ops->get() will be
called, then buf gets copied into target pipe's ->bufs[] and eventually
readers get to both copies of the buffer.  With
	get_page(page)
	look at that page
	__free_page(page)
	look at that page
	__free_page(page)
which is not a good thing, to put it mildly.  AFAICS, that ought to use
the normal generic_pipe_buf_release() (aka page_cache_release(buf->page)),
shouldn't it?

[
 SDR - As trace_pipe just allocates the page with alloc_page(GFP_KERNEL),
  and doesn't do anything special with it (no LRU logic). The __free_page()
  should be fine, as it wont actually free a page with reference count.
  Maybe there's a chance to leak memory? Anyway, This change is at a minimum
  good for being symmetric with generic_pipe_buf_get, it is fine to add.
]

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
[ SDR - Removed no longer used tracing_pipe_buf_release ]
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
2014-01-19 16:53:13 -05:00
..
blktrace.c kernel: trace: blktrace: remove redundent memcpy() in compat_blk_trace_setup() 2013-11-08 09:04:30 -07:00
ftrace.c ftrace: Fix synchronization location disabling and freeing ftrace_ops 2014-01-13 12:56:21 -05:00
Kconfig ring-buffer: Select IRQ_WORK 2013-05-03 19:24:17 -04:00
Makefile tracing: Add basic event trigger framework 2013-12-20 18:40:22 -05:00
power-traces.c PM / tracing: remove deprecated power trace API 2013-01-26 00:39:12 +01:00
ring_buffer_benchmark.c tracing: Use NUMA allocation for per-cpu ring buffer pages 2011-06-14 22:04:39 -04:00
ring_buffer.c tracing: Typo fix on ring buffer comments 2013-07-18 21:31:26 -04:00
rpm-traces.c PM / Runtime: Introduce trace points for tracing rpm_* functions 2011-09-27 22:53:27 +02:00
trace_branch.c tracing: Update event filters for multibuffer 2013-11-05 16:50:20 -05:00
trace_clock.c tracing: Add "uptime" trace clock that uses jiffies 2013-03-15 00:36:09 -04:00
trace_entries.h tracing: Add trace_puts() for even faster trace_printk() tracing 2013-03-15 00:35:55 -04:00
trace_event_perf.c perf/trace: Properly use u64 to hold event_id 2013-11-19 16:57:44 +01:00
trace_events_filter_test.h tracing/filter: Add startup tests for events filter 2011-08-19 14:35:59 -04:00
trace_events_filter.c tracing: Add and use generic set_trigger_filter() implementation 2013-12-21 22:02:17 -05:00
trace_events_trigger.c tracing: Show available event triggers when no trigger is set 2014-01-09 21:20:32 -05:00
trace_events.c tracing: Move ftrace_event_file() out of DYNAMIC_FTRACE ifdef 2013-12-21 22:02:17 -05:00
trace_export.c tracing: Update event filters for multibuffer 2013-11-05 16:50:20 -05:00
trace_functions_graph.c tracing: Do not use signed enums with unsigned long long in fgragh output 2013-11-06 15:26:56 -05:00
trace_functions.c tracing: Add ref_data to function and fgraph tracer structs 2013-07-18 21:31:31 -04:00
trace_irqsoff.c tracing: Use flag buffer_disabled for irqsoff tracer 2013-07-01 20:34:28 -04:00
trace_kdb.c tracing: Consolidate max_tr into main trace_array structure 2013-03-15 00:35:40 -04:00
trace_kprobe.c tracing: Consolidate event trigger code 2014-01-09 21:20:07 -05:00
trace_mmiotrace.c tracing: Update event filters for multibuffer 2013-11-05 16:50:20 -05:00
trace_nop.c tracing/ftrace: make nop-tracer use polling wait for events on pipe 2009-03-23 09:22:15 +01:00
trace_output.c ftrace, sched: Add TRACE_FLAG_PREEMPT_RESCHED 2013-11-11 12:43:39 +01:00
trace_output.h tracing: Rename trace_event_mutex to trace_event_sem 2013-03-15 13:22:10 -04:00
trace_printk.c tracing: Add __tracepoint_string() to export string pointers 2013-07-26 13:39:44 -04:00
trace_probe.c tracing/uprobes: Add @+file_offset fetch method 2014-01-02 20:57:05 -05:00
trace_probe.h tracing/probes: Fix build break on !CONFIG_KPROBE_EVENT 2014-01-03 15:27:18 -05:00
trace_sched_switch.c tracing: Update event filters for multibuffer 2013-11-05 16:50:20 -05:00
trace_sched_wakeup.c tracing: Add function-trace option to disable function tracing of latency tracers 2013-03-15 00:36:08 -04:00
trace_selftest_dynamic.c ftrace: Add self-tests for multiple function trace users 2011-05-18 19:24:51 -04:00
trace_selftest.c ftrace: Do not run selftest if command line parameter is set 2013-07-01 20:57:15 -04:00
trace_stack.c tracing: Add generic tracing_lseek() function 2014-01-02 16:17:12 -05:00
trace_stat.c trace/trace_stat: use rbtree postorder iteration helper instead of opencoding 2013-11-05 16:01:47 -05:00
trace_stat.h tracing/stat: Add stat_release() callback 2009-07-10 12:14:05 +02:00
trace_syscalls.c tracing: Consolidate event trigger code 2014-01-09 21:20:07 -05:00
trace_uprobe.c tracing/probes: Fix build break on !CONFIG_KPROBE_EVENT 2014-01-03 15:27:18 -05:00
trace.c tracing: Fix buggered tee(2) on tracing_pipe 2014-01-19 16:53:13 -05:00
trace.h tracing: Fix rcu handling of event_trigger_data filter field 2014-01-02 16:17:22 -05:00