[PATCH] tracing: Fix crash due to uninitialized new_pages list head

[PATCH] tracing: Fix crash due to uninitialized new_pages list head

[Vaibhav Nagarnaik]

The new_pages list head in the cpu_buffer is not initialized. When
adding pages to the ring buffer, if the memory allocation fails in
ring_buffer_resize, the clean up handler tries to free up the allocated
pages from all the cpu buffers. The panic is caused by referencing the
uninitialized new_pages list head.

Initializing the new_pages list head in rb_allocate_cpu_buffer fixes
this.

Signed-off-by: Vaibhav Nagarnaik <vnagarnaik@google.com>
---
 kernel/trace/ring_buffer.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
index a2bec4c..c5a5479 100644
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -1075,6 +1075,7 @@ rb_allocate_cpu_buffer(struct ring_buffer *buffer, int nr_pages, int cpu)
 	rb_init_page(bpage->page);
 
 	INIT_LIST_HEAD(&cpu_buffer->reader_page->list);
+	INIT_LIST_HEAD(&cpu_buffer->new_pages);
 
 	ret = rb_allocate_pages(cpu_buffer, nr_pages);
 	if (ret < 0)
-- 
1.7.7.3

Re: [PATCH] tracing: Fix crash due to uninitialized new_pages list head

[Vaibhav Nagarnaik]

On Fri, Jun 22, 2012 at 11:50 AM, Vaibhav Nagarnaik
<vnagarnaik@google.com> wrote:
> The new_pages list head in the cpu_buffer is not initialized. When
> adding pages to the ring buffer, if the memory allocation fails in
> ring_buffer_resize, the clean up handler tries to free up the allocated
> pages from all the cpu buffers. The panic is caused by referencing the
> uninitialized new_pages list head.
>
> Initializing the new_pages list head in rb_allocate_cpu_buffer fixes
> this.
>
> Signed-off-by: Vaibhav Nagarnaik <vnagarnaik@google.com>
> ---

Hi Steven,

I believe this fix should be pushed to 3.5 along with the other patch
I sent earlier:
tracing: Update entries counter when removing pages

These two patches fix issues with the recently added atomic resize patches.


Thanks

Vaibhav Nagarnaik

[tip:perf/urgent] ring-buffer: Fix crash due to uninitialized new_pages list head

[tip-bot for Vaibhav Nagarnaik]

Commit-ID:  44b99462d9d776522e174d6c531ce5ccef309e26
Gitweb:     http://git.kernel.org/tip/44b99462d9d776522e174d6c531ce5ccef309e26
Author:     Vaibhav Nagarnaik <vnagarnaik@google.com>
AuthorDate: Fri, 22 Jun 2012 11:50:05 -0700
Committer:  Steven Rostedt <rostedt@goodmis.org>
CommitDate: Fri, 29 Jun 2012 16:16:35 -0400

ring-buffer: Fix crash due to uninitialized new_pages list head

The new_pages list head in the cpu_buffer is not initialized. When
adding pages to the ring buffer, if the memory allocation fails in
ring_buffer_resize, the clean up handler tries to free up the allocated
pages from all the cpu buffers. The panic is caused by referencing the
uninitialized new_pages list head.

Initializing the new_pages list head in rb_allocate_cpu_buffer fixes
this.

Link: http://lkml.kernel.org/r/1340391005-10880-1-git-send-email-vnagarnaik@google.com

Cc: Justin Teravest <teravest@google.com>
Cc: David Sharp <dhsharp@google.com>
Signed-off-by: Vaibhav Nagarnaik <vnagarnaik@google.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
---
 kernel/trace/ring_buffer.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
index 1d0f6a8..ba39cba 100644
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -1075,6 +1075,7 @@ rb_allocate_cpu_buffer(struct ring_buffer *buffer, int nr_pages, int cpu)
 	rb_init_page(bpage->page);
 
 	INIT_LIST_HEAD(&cpu_buffer->reader_page->list);
+	INIT_LIST_HEAD(&cpu_buffer->new_pages);
 
 	ret = rb_allocate_pages(cpu_buffer, nr_pages);
 	if (ret < 0)