Skip to content

Commit 2721e72

Browse files
committed
tracing: Fix race in snapshot swapping
Although the swap is wrapped with a spin_lock, the assignment of the temp buffer used to swap is not within that lock. It needs to be moved into that lock, otherwise two swaps happening on two different CPUs, can end up using the wrong temp buffer to assign in the swap. Luckily, all current callers of the swap function appear to have their own locks. But in case something is added that allows two different callers to call the swap, then there's a chance that this race can trigger and corrupt the buffers. New code is coming soon that will allow for this race to trigger. I've Cc'd stable, so this bug will not show up if someone backports one of the changes that can trigger this bug. Cc: [email protected] Signed-off-by: Steven Rostedt <[email protected]>
1 parent 1abccd7 commit 2721e72

File tree

1 file changed

+2
-1
lines changed

1 file changed

+2
-1
lines changed

kernel/trace/trace.c

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -704,7 +704,7 @@ __update_max_tr(struct trace_array *tr, struct task_struct *tsk, int cpu)
704704
void
705705
update_max_tr(struct trace_array *tr, struct task_struct *tsk, int cpu)
706706
{
707-
struct ring_buffer *buf = tr->buffer;
707+
struct ring_buffer *buf;
708708

709709
if (trace_stop_count)
710710
return;
@@ -719,6 +719,7 @@ update_max_tr(struct trace_array *tr, struct task_struct *tsk, int cpu)
719719

720720
arch_spin_lock(&ftrace_max_lock);
721721

722+
buf = tr->buffer;
722723
tr->buffer = max_tr.buffer;
723724
max_tr.buffer = buf;
724725

0 commit comments

Comments
 (0)