qiurui
/
linux-kernelorg-stable
mirror of https://kernel.googlesource.com/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux-kernelorg-stable/kernel
History
Luo Gengkun 3d62ab32df tracing: Fix tracing_marker may trigger page fault during preempt_disable 
Both tracing_mark_write and tracing_mark_raw_write call
__copy_from_user_inatomic during preempt_disable. But in some case,
__copy_from_user_inatomic may trigger page fault, and will call schedule()
subtly. And if a task is migrated to other cpu, the following warning will
be trigger:
        if (RB_WARN_ON(cpu_buffer,
                       !local_read(&cpu_buffer->committing)))

An example can illustrate this issue:

process flow						CPU
---------------------------------------------------------------------

tracing_mark_raw_write():				cpu:0
   ...
   ring_buffer_lock_reserve():				cpu:0
      ...
      cpu = raw_smp_processor_id()			cpu:0
      cpu_buffer = buffer->buffers[cpu]			cpu:0
      ...
   ...
   __copy_from_user_inatomic():				cpu:0
      ...
      # page fault
      do_mem_abort():					cpu:0
         ...
         # Call schedule
         schedule()					cpu:0
	 ...
   # the task schedule to cpu1
   __buffer_unlock_commit():				cpu:1
      ...
      ring_buffer_unlock_commit():			cpu:1
	 ...
	 cpu = raw_smp_processor_id()			cpu:1
	 cpu_buffer = buffer->buffers[cpu]		cpu:1

As shown above, the process will acquire cpuid twice and the return values
are not the same.

To fix this problem using copy_from_user_nofault instead of
__copy_from_user_inatomic, as the former performs 'access_ok' before
copying.

Link: https://lore.kernel.org/20250819105152.2766363-1-luogengkun@huaweicloud.com
Fixes: 656c7f0d2d ("tracing: Replace kmap with copy_from_user() in trace_marker writing")
Signed-off-by: Luo Gengkun <luogengkun@huaweicloud.com>
Reviewed-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
 		2025-09-02 12:02:42 -04:00
..
bpf bpf: Fix memory leak of bpf_scc_info objects 2025-08-02 09:04:57 -07:00
cgroup cgroup: avoid null de-ref in css_rstat_exit() 2025-08-09 08:46:32 -10:00
configs configs/hardening: Enable CONFIG_INIT_ON_FREE_DEFAULT_ON 2025-07-21 21:41:57 -07:00
debug
dma dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted 2025-08-13 11:02:10 +02:00
entry ARM: 2025-07-30 17:14:01 -07:00
events perf: Avoid undefined behavior from stopping/starting inactive events 2025-08-15 13:12:56 +02:00
futex futex: Use user_write_access_begin/_end() in futex_put_value() 2025-08-11 17:53:21 +02:00
gcov
irq genirq/test: Resolve irq lock inversion warnings 2025-08-06 10:29:48 +02:00
kcsan kcsan: test: Initialize dummy variable 2025-07-23 08:51:32 +02:00
livepatch
locking - Make sure sanity checks down in the mutex lock path happen on the correct 2025-08-17 05:57:47 -07:00
module Significant patch series in this pull request: 2025-08-05 16:02:07 +03:00
power drm for 6.17-rc1 2025-07-30 19:26:49 -07:00
printk printk changes for 6.17 2025-08-04 10:54:36 -07:00
rcu rcu: Fix racy re-initialization of irq_work causing hangs 2025-08-11 08:43:49 +05:30
sched sched/deadline: Don't count nr_running for dl_server proxy tasks 2025-08-26 10:46:01 +02:00
time bitmap-for-6.17 2025-07-31 16:52:32 -07:00
trace tracing: Fix tracing_marker may trigger page fault during preempt_disable 2025-09-02 12:02:42 -04:00
unwind unwind: Finish up unwind when a task exits 2025-07-31 10:20:11 -04:00
.gitignore kheaders: rebuild kheaders_data.tar.xz when a file is modified within a minute 2025-06-24 20:30:37 +09:00
Kconfig.freezer
Kconfig.hz
Kconfig.kexec kho: mm: don't allow deferred struct page with KHO 2025-08-19 16:35:53 -07:00
Kconfig.locks
Kconfig.preempt
Makefile Kbuild updates for v6.17 2025-08-06 07:32:52 +03:00
acct.c
async.c
audit.c
audit.h
audit_fsnotify.c
audit_tree.c replace collect_mounts()/drop_collected_mounts() with a safer variant 2025-06-23 14:01:49 -04:00
audit_watch.c
auditfilter.c
auditsc.c
backtracetest.c
bounds.c
capability.c
cfi.c cfi: Move BPF CFI types and helpers to generic code 2025-07-31 18:23:53 -07:00
compat.c
configs.c
context_tracking.c
cpu.c cpu: Remove obsolete comment from takedown_cpu() 2025-08-06 22:48:12 +02:00
cpu_pm.c
crash_core.c kdump: wait for DMA to finish when using CMA 2025-07-19 19:08:23 -07:00
crash_dump_dm_crypt.c
crash_reserve.c kdump: implement reserve_crashkernel_cma 2025-07-19 19:08:23 -07:00
cred.c
delayacct.c
dma.c
elfcorehdr.c
exec_domain.c
exit.c Significant patch series in this pull request: 2025-08-03 16:23:09 -07:00
exit.h
extable.c
fail_function.c
fork.c - Prevent a futex hash leak due to different mm lifetimes 2025-08-10 08:11:39 +03:00
freezer.c sched,freezer: Remove unnecessary warning in __thaw_task 2025-07-17 07:56:50 -10:00
gen_kheaders.sh kheaders: make it possible to override TAR 2025-08-06 10:23:36 +09:00
groups.c
hung_task.c hung_task: extend hung task blocker tracking to rwsems 2025-07-19 19:08:26 -07:00
iomem.c
irq_work.c
jump_label.c
kallsyms.c bpf: Clean up individual BTF_ID code 2025-07-16 18:34:42 -07:00
kallsyms_internal.h
kallsyms_selftest.c
kallsyms_selftest.h
kcmp.c
kcov.c kcov: fix typo in comment of kcov_fault_in_area 2025-07-09 22:57:52 -07:00
kexec.c kexec: enable CMA based contiguous allocation 2025-08-02 12:01:38 -07:00
kexec_core.c Significant patch series in this pull request: 2025-08-03 16:23:09 -07:00
kexec_elf.c
kexec_file.c Significant patch series in this pull request: 2025-08-03 16:23:09 -07:00
kexec_handover.c kho: warn if KHO is disabled due to an error 2025-08-19 16:35:53 -07:00
kexec_internal.h kexec: enable CMA based contiguous allocation 2025-08-02 12:01:38 -07:00
kheaders.c
kprobes.c kprobes: Add missing kerneldoc for __get_insn_slot 2025-07-15 18:45:34 +09:00
kstack_erase.c stackleak: Rename stackleak_track_stack to __sanitizer_cov_stack_depth 2025-07-21 21:40:39 -07:00
ksyms_common.c
ksysfs.c
kthread.c ipvs: Fix estimator kthreads preferred affinity 2025-08-13 08:34:33 +02:00
latencytop.c
module_signature.c
notifier.c
nsproxy.c
padata.c
panic.c Significant patch series in this pull request: 2025-08-03 16:23:09 -07:00
params.c params: Replace deprecated strcpy() with strscpy() and memcpy() 2025-08-16 21:47:25 +02:00
pid.c Summary 2025-07-29 21:43:08 -07:00
pid_namespace.c
pid_sysctl.h
profile.c
ptrace.c
range.c
reboot.c
regset.c
relay.c relayfs: support a counter tracking if data is too big to write 2025-07-09 22:57:52 -07:00
resource.c resource: fix false warning in __request_region() 2025-07-24 17:57:59 -07:00
resource_kunit.c
rseq.c
scftorture.c
scs.c
seccomp.c
signal.c signal: Fix memory leak for PIDFD_SELF* sentinels 2025-08-19 13:51:28 +02:00
smp.c smp: Fix spelling in on_each_cpu_cond_mask()'s doc-comment 2025-08-02 14:24:50 +02:00
smpboot.c
smpboot.h
softirq.c
stacktrace.c
static_call.c
static_call_inline.c
stop_machine.c sched/core: Fix migrate_swap() vs. hotplug 2025-07-01 15:02:03 +02:00
sys.c Summary of significant series in this pull request: 2025-07-31 14:57:54 -07:00
sys_ni.c
sysctl-test.c
sysctl.c sysctl: rename kern_table -> sysctl_subsys_table 2025-07-23 11:56:02 +02:00
task_work.c
taskstats.c
torture.c
tracepoint.c
tsacct.c
ucount.c ucount: use atomic_long_try_cmpxchg() in atomic_long_inc_below() 2025-08-02 12:01:38 -07:00
uid16.c
uid16.h
umh.c
up.c
user-return-notifier.c
user.c
user_namespace.c
utsname.c
utsname_sysctl.c
vhost_task.c vhost: Use ERR_CAST inlined function instead of ERR_PTR(PTR_ERR(...)) 2025-08-01 09:11:08 -04:00
vmcore_info.c
watch_queue.c
watchdog.c
watchdog_buddy.c watchdog: fix opencoded cpumask_next_wrap() in watchdog_next_cpu() 2025-07-31 11:28:03 -04:00
watchdog_perf.c watchdog/perf: Provide function for adjusting the event period 2025-07-04 13:17:30 +01:00
workqueue.c workqueue: Changes for v6.17 2025-07-31 15:40:22 -07:00
workqueue_internal.h