Received: by 2002:a05:6358:51dd:b0:131:369:b2a3 with SMTP id 29csp1101604rwl; Thu, 10 Aug 2023 06:33:25 -0700 (PDT) X-Google-Smtp-Source: AGHT+IENeU/q/zgSNDBReJBr3Ur4YNksOh6zN8f25dS2XX1JYAaPozp9ulGw4DVEmorUUkPkIgJ9 X-Received: by 2002:a17:906:3101:b0:99c:40f2:a402 with SMTP id 1-20020a170906310100b0099c40f2a402mr2146692ejx.6.1691674405360; Thu, 10 Aug 2023 06:33:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691674405; cv=none; d=google.com; s=arc-20160816; b=tW+O9FGfRhqXeew1ZHMO/U4Uqi/scG8pQqhXU1FRc7CMyEzA7wP4/qai+0G80CdQpG 4sV8r9luhlse0+8cUKYxuWtu3A2KNcJusJ9zBe+k6nEhLgzOhzQqYyzsPPJ70bzdxkLK WnzdY5pW9GiNxeNSF2yjuGy4+DZ+kplV8jkReLxfM6YgmZ4hpGXvVEwhlb2fJ8nE68k2 Iqnm7cwOwGHSOwGcSEJzJv/2D0oFPZ+aBNmAnzkNBoEnyianYvfbxZ6ftq6xbCnjpl9B lQaVq1hJd0dJowOU6tRgBWqGGidARlBb3JWCc1jBctlr/f0IFAMTE2VSb9pvUhiZmtR2 uKuw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=RToxi3+5skr3eI7hdsMTJH3wa008g0BiAQLhVxt+3V0=; fh=xCdvb0pchHpICiVB7Yft0edV6bsZADbcLyom6OXel/s=; b=wdKmIRM0h2v4x9ekFyVc/ECzFWf6EvWvsefEptOw+3djL2jv10GzrS7T0FGJTfQvZ/ fZTu7DLQrxZyirZjt7aLZUDpvKuDZeM3OCkkoUPSWqeD+aQ6w4aW7yzMIIMNkQt1ljlU ddwipGODCGkdLsjYIJtg77heJI1emOZxZpy8btGbm9IP5VTstbUDvtvR+/0jlmIkXEml okfnc3iKgLIKeagjQAuOR8myAzw5s+kmBwSNH1yLer3MT1CXts/TwmbvBp5u6Y6NH1qI hWWz8libkUxs22KqoA26uXfioham1qh8pyApIhLN6QDVPErT4m6rweDBWa9dfc24a4L6 WVXw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id p16-20020a1709060e9000b00992d6e88081si1478180ejf.956.2023.08.10.06.32.58; Thu, 10 Aug 2023 06:33:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232651AbjHJMji (ORCPT + 99 others); Thu, 10 Aug 2023 08:39:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38814 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229631AbjHJMjh (ORCPT ); Thu, 10 Aug 2023 08:39:37 -0400 Received: from szxga08-in.huawei.com (szxga08-in.huawei.com [45.249.212.255]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EAE85212F; Thu, 10 Aug 2023 05:39:36 -0700 (PDT) Received: from dggpeml500012.china.huawei.com (unknown [172.30.72.54]) by szxga08-in.huawei.com (SkyGuard) with ESMTP id 4RM60Z2SKrz1L9wc; Thu, 10 Aug 2023 20:38:22 +0800 (CST) Received: from localhost.localdomain (10.67.175.61) by dggpeml500012.china.huawei.com (7.185.36.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Thu, 10 Aug 2023 20:39:34 +0800 From: Zheng Yejian To: , CC: , , , Subject: [PATCH] tracing: Fix race when concurrently splice_read trace_pipe Date: Thu, 10 Aug 2023 20:39:05 +0800 Message-ID: <20230810123905.1531061-1-zhengyejian1@huawei.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Content-Type: text/plain; charset=US-ASCII X-Originating-IP: [10.67.175.61] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To dggpeml500012.china.huawei.com (7.185.36.15) X-CFilter-Loop: Reflected X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When concurrently splice_read file trace_pipe and per_cpu/cpu*/trace_pipe, there are more data being read out than expected. The root cause is that in tracing_splice_read_pipe(), an entry is found outside locks, it may be read by multiple readers or consumed by other reader as starting printing it. To fix it, change to find entry after holding locks. Fixes: 7e53bd42d14c ("tracing: Consolidate protection of reader access to the ring buffer") Signed-off-by: Zheng Yejian --- kernel/trace/trace.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index b8870078ef58..f169d33b948f 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -7054,14 +7054,16 @@ static ssize_t tracing_splice_read_pipe(struct file *filp, if (ret <= 0) goto out_err; - if (!iter->ent && !trace_find_next_entry_inc(iter)) { + trace_event_read_lock(); + trace_access_lock(iter->cpu_file); + + if (!trace_find_next_entry_inc(iter)) { + trace_access_unlock(iter->cpu_file); + trace_event_read_unlock(); ret = -EFAULT; goto out_err; } - trace_event_read_lock(); - trace_access_lock(iter->cpu_file); - /* Fill as many pages as possible. */ for (i = 0, rem = len; i < spd.nr_pages_max && rem; i++) { spd.pages[i] = alloc_page(GFP_KERNEL); -- 2.25.1