All of lore.kernel.org
 help / color / mirror / Atom feed
* [RFC]ftrace: fix a unallocated memory access in function_graph
@ 2010-07-27  8:06 Shaohua Li
  2010-08-06 16:09 ` Steven Rostedt
  2010-08-16 17:30 ` [tip:perf/urgent] tracing: Fix an " tip-bot for Shaohua Li
  0 siblings, 2 replies; 3+ messages in thread
From: Shaohua Li @ 2010-07-27  8:06 UTC (permalink / raw)
  To: lkml; +Cc: Ingo Molnar, srostedt, Huang, Ying

With CONFIG_DEBUG_PAGEALLOC, I observed a unallocated memory access in
function_graph trace. It appears we find a small size entry in ring buffer, but
we access it as a big size entry. The access overflows a page size and touch
a unallocated page.

Signed-off-by: Shaohua Li <shaohua.li@intel.com>

diff --git a/kernel/trace/trace_functions_graph.c b/kernel/trace/trace_functions_graph.c
index 79f4bac..33b379d 100644
--- a/kernel/trace/trace_functions_graph.c
+++ b/kernel/trace/trace_functions_graph.c
@@ -507,7 +507,10 @@ get_return_for_leaf(struct trace_iterator *iter,
 			 * if the output fails.
 			 */
 			data->ent = *curr;
-			data->ret = *next;
+			if (next->ent.type == TRACE_GRAPH_RET)
+				data->ret = *next;
+			else
+				data->ret.ent.type = next->ent.type;
 		}
 	}
 



^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [RFC]ftrace: fix a unallocated memory access in function_graph
  2010-07-27  8:06 [RFC]ftrace: fix a unallocated memory access in function_graph Shaohua Li
@ 2010-08-06 16:09 ` Steven Rostedt
  2010-08-16 17:30 ` [tip:perf/urgent] tracing: Fix an " tip-bot for Shaohua Li
  1 sibling, 0 replies; 3+ messages in thread
From: Steven Rostedt @ 2010-08-06 16:09 UTC (permalink / raw)
  To: Shaohua Li; +Cc: lkml, Ingo Molnar, srostedt, Huang, Ying, Frederic Weisbecker

Sorry for the late response, I just got back from vacation.

Also note, please do not send to my RH account. I do not check it as
much. Send emails to me to this (goodmis) account.


On Tue, 2010-07-27 at 16:06 +0800, Shaohua Li wrote:
> With CONFIG_DEBUG_PAGEALLOC, I observed a unallocated memory access in
> function_graph trace. It appears we find a small size entry in ring buffer, but
> we access it as a big size entry. The access overflows a page size and touch
> a unallocated page.

Nice catch! This is a legit bug. I'll prepare it for 2.6.36, as well as
send it off to stable.

Thanks!

-- Steve

> 
> Signed-off-by: Shaohua Li <shaohua.li@intel.com>
> 
> diff --git a/kernel/trace/trace_functions_graph.c b/kernel/trace/trace_functions_graph.c
> index 79f4bac..33b379d 100644
> --- a/kernel/trace/trace_functions_graph.c
> +++ b/kernel/trace/trace_functions_graph.c
> @@ -507,7 +507,10 @@ get_return_for_leaf(struct trace_iterator *iter,
>  			 * if the output fails.
>  			 */
>  			data->ent = *curr;
> -			data->ret = *next;
> +			if (next->ent.type == TRACE_GRAPH_RET)
> +				data->ret = *next;
> +			else
> +				data->ret.ent.type = next->ent.type;
>  		}
>  	}
>  
> 
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/



^ permalink raw reply	[flat|nested] 3+ messages in thread
* [tip:perf/urgent] tracing: Fix an unallocated memory access in function_graph
  2010-07-27  8:06 [RFC]ftrace: fix a unallocated memory access in function_graph Shaohua Li
  2010-08-06 16:09 ` Steven Rostedt
@ 2010-08-16 17:30 ` tip-bot for Shaohua Li
  1 sibling, 0 replies; 3+ messages in thread
From: tip-bot for Shaohua Li @ 2010-08-16 17:30 UTC (permalink / raw)
  To: linux-tip-commits
  Cc: linux-kernel, hpa, mingo, rostedt, stable, shaohua.li, tglx

Commit-ID:  575570f02761bd680ba5731c1dfd4701062e7fb2
Gitweb:     http://git.kernel.org/tip/575570f02761bd680ba5731c1dfd4701062e7fb2
Author:     Shaohua Li <shaohua.li@intel.com>
AuthorDate: Tue, 27 Jul 2010 16:06:34 +0800
Committer:  Steven Rostedt <rostedt@goodmis.org>
CommitDate: Fri, 6 Aug 2010 12:19:15 -0400

tracing: Fix an unallocated memory access in function_graph

With CONFIG_DEBUG_PAGEALLOC, I observed an unallocated memory access in
function_graph trace. It appears we find a small size entry in ring buffer,
but we access it as a big size entry. The access overflows the page size
and touches an unallocated page.

Cc: <stable@kernel.org>
Signed-off-by: Shaohua Li <shaohua.li@intel.com>
LKML-Reference: <1280217994.32400.76.camel@sli10-desk.sh.intel.com>
[ Added a comment to explain the problem - SDR ]
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
---
 kernel/trace/trace_functions_graph.c |   10 +++++++++-
 1 files changed, 9 insertions(+), 1 deletions(-)

diff --git a/kernel/trace/trace_functions_graph.c b/kernel/trace/trace_functions_graph.c
index 79f4bac..b4c179a 100644
--- a/kernel/trace/trace_functions_graph.c
+++ b/kernel/trace/trace_functions_graph.c
@@ -507,7 +507,15 @@ get_return_for_leaf(struct trace_iterator *iter,
 			 * if the output fails.
 			 */
 			data->ent = *curr;
-			data->ret = *next;
+			/*
+			 * If the next event is not a return type, then
+			 * we only care about what type it is. Otherwise we can
+			 * safely copy the entire event.
+			 */
+			if (next->ent.type == TRACE_GRAPH_RET)
+				data->ret = *next;
+			else
+				data->ret.ent.type = next->ent.type;
 		}
 	}
 

^ permalink raw reply related	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2010-08-16 17:31 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-07-27  8:06 [RFC]ftrace: fix a unallocated memory access in function_graph Shaohua Li
2010-08-06 16:09 ` Steven Rostedt
2010-08-16 17:30 ` [tip:perf/urgent] tracing: Fix an " tip-bot for Shaohua Li

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.