Commit 00e95830 authored by Li Zefan's avatar Li Zefan Committed by Steven Rostedt

tracing/filters: fix race between filter setting and module unload

Module unload is protected by event_mutex, while setting filter is
protected by filter_mutex. This leads to the race:

echo 'bar == 0 || bar == 10' \    |
		> sample/filter   |
                                  |  insmod sample.ko
  add_pred("bar == 0")            |
    -> n_preds == 1               |
  add_pred("bar == 100")          |
    -> n_preds == 2               |
                                  |  rmmod sample.ko
                                  |  insmod sample.ko
  add_pred("&&")                  |
    -> n_preds == 1 (should be 3) |

Now event->filter->preds is corrupted. An then when filter_match_preds()
is called, the WARN_ON() in it will be triggered.

To avoid the race, we remove filter_mutex, and replace it with event_mutex.

[ Impact: prevent corruption of filters by module removing and loading ]
Signed-off-by: default avatarLi Zefan <lizf@cn.fujitsu.com>
LKML-Reference: <4A375A4D.6000205@cn.fujitsu.com>
Signed-off-by: default avatarSteven Rostedt <rostedt@goodmis.org>
parent 57be8887
...@@ -27,8 +27,6 @@ ...@@ -27,8 +27,6 @@
#include "trace.h" #include "trace.h"
#include "trace_output.h" #include "trace_output.h"
static DEFINE_MUTEX(filter_mutex);
enum filter_op_ids enum filter_op_ids
{ {
OP_OR, OP_OR,
...@@ -294,12 +292,12 @@ void print_event_filter(struct ftrace_event_call *call, struct trace_seq *s) ...@@ -294,12 +292,12 @@ void print_event_filter(struct ftrace_event_call *call, struct trace_seq *s)
{ {
struct event_filter *filter = call->filter; struct event_filter *filter = call->filter;
mutex_lock(&filter_mutex); mutex_lock(&event_mutex);
if (filter->filter_string) if (filter->filter_string)
trace_seq_printf(s, "%s\n", filter->filter_string); trace_seq_printf(s, "%s\n", filter->filter_string);
else else
trace_seq_printf(s, "none\n"); trace_seq_printf(s, "none\n");
mutex_unlock(&filter_mutex); mutex_unlock(&event_mutex);
} }
void print_subsystem_event_filter(struct event_subsystem *system, void print_subsystem_event_filter(struct event_subsystem *system,
...@@ -307,12 +305,12 @@ void print_subsystem_event_filter(struct event_subsystem *system, ...@@ -307,12 +305,12 @@ void print_subsystem_event_filter(struct event_subsystem *system,
{ {
struct event_filter *filter = system->filter; struct event_filter *filter = system->filter;
mutex_lock(&filter_mutex); mutex_lock(&event_mutex);
if (filter->filter_string) if (filter->filter_string)
trace_seq_printf(s, "%s\n", filter->filter_string); trace_seq_printf(s, "%s\n", filter->filter_string);
else else
trace_seq_printf(s, "none\n"); trace_seq_printf(s, "none\n");
mutex_unlock(&filter_mutex); mutex_unlock(&event_mutex);
} }
static struct ftrace_event_field * static struct ftrace_event_field *
...@@ -434,7 +432,6 @@ static void filter_free_subsystem_preds(struct event_subsystem *system) ...@@ -434,7 +432,6 @@ static void filter_free_subsystem_preds(struct event_subsystem *system)
filter->n_preds = 0; filter->n_preds = 0;
} }
mutex_lock(&event_mutex);
list_for_each_entry(call, &ftrace_events, list) { list_for_each_entry(call, &ftrace_events, list) {
if (!call->define_fields) if (!call->define_fields)
continue; continue;
...@@ -444,7 +441,6 @@ static void filter_free_subsystem_preds(struct event_subsystem *system) ...@@ -444,7 +441,6 @@ static void filter_free_subsystem_preds(struct event_subsystem *system)
remove_filter_string(call->filter); remove_filter_string(call->filter);
} }
} }
mutex_unlock(&event_mutex);
} }
static int filter_add_pred_fn(struct filter_parse_state *ps, static int filter_add_pred_fn(struct filter_parse_state *ps,
...@@ -631,7 +627,6 @@ static int filter_add_subsystem_pred(struct filter_parse_state *ps, ...@@ -631,7 +627,6 @@ static int filter_add_subsystem_pred(struct filter_parse_state *ps,
filter->preds[filter->n_preds] = pred; filter->preds[filter->n_preds] = pred;
filter->n_preds++; filter->n_preds++;
mutex_lock(&event_mutex);
list_for_each_entry(call, &ftrace_events, list) { list_for_each_entry(call, &ftrace_events, list) {
if (!call->define_fields) if (!call->define_fields)
...@@ -642,14 +637,12 @@ static int filter_add_subsystem_pred(struct filter_parse_state *ps, ...@@ -642,14 +637,12 @@ static int filter_add_subsystem_pred(struct filter_parse_state *ps,
err = filter_add_pred(ps, call, pred); err = filter_add_pred(ps, call, pred);
if (err) { if (err) {
mutex_unlock(&event_mutex);
filter_free_subsystem_preds(system); filter_free_subsystem_preds(system);
parse_error(ps, FILT_ERR_BAD_SUBSYS_FILTER, 0); parse_error(ps, FILT_ERR_BAD_SUBSYS_FILTER, 0);
goto out; goto out;
} }
replace_filter_string(call->filter, filter_string); replace_filter_string(call->filter, filter_string);
} }
mutex_unlock(&event_mutex);
out: out:
return err; return err;
} }
...@@ -1076,12 +1069,12 @@ int apply_event_filter(struct ftrace_event_call *call, char *filter_string) ...@@ -1076,12 +1069,12 @@ int apply_event_filter(struct ftrace_event_call *call, char *filter_string)
struct filter_parse_state *ps; struct filter_parse_state *ps;
mutex_lock(&filter_mutex); mutex_lock(&event_mutex);
if (!strcmp(strstrip(filter_string), "0")) { if (!strcmp(strstrip(filter_string), "0")) {
filter_disable_preds(call); filter_disable_preds(call);
remove_filter_string(call->filter); remove_filter_string(call->filter);
mutex_unlock(&filter_mutex); mutex_unlock(&event_mutex);
return 0; return 0;
} }
...@@ -1109,7 +1102,7 @@ int apply_event_filter(struct ftrace_event_call *call, char *filter_string) ...@@ -1109,7 +1102,7 @@ int apply_event_filter(struct ftrace_event_call *call, char *filter_string)
postfix_clear(ps); postfix_clear(ps);
kfree(ps); kfree(ps);
out_unlock: out_unlock:
mutex_unlock(&filter_mutex); mutex_unlock(&event_mutex);
return err; return err;
} }
...@@ -1121,12 +1114,12 @@ int apply_subsystem_event_filter(struct event_subsystem *system, ...@@ -1121,12 +1114,12 @@ int apply_subsystem_event_filter(struct event_subsystem *system,
struct filter_parse_state *ps; struct filter_parse_state *ps;
mutex_lock(&filter_mutex); mutex_lock(&event_mutex);
if (!strcmp(strstrip(filter_string), "0")) { if (!strcmp(strstrip(filter_string), "0")) {
filter_free_subsystem_preds(system); filter_free_subsystem_preds(system);
remove_filter_string(system->filter); remove_filter_string(system->filter);
mutex_unlock(&filter_mutex); mutex_unlock(&event_mutex);
return 0; return 0;
} }
...@@ -1154,7 +1147,7 @@ int apply_subsystem_event_filter(struct event_subsystem *system, ...@@ -1154,7 +1147,7 @@ int apply_subsystem_event_filter(struct event_subsystem *system,
postfix_clear(ps); postfix_clear(ps);
kfree(ps); kfree(ps);
out_unlock: out_unlock:
mutex_unlock(&filter_mutex); mutex_unlock(&event_mutex);
return err; return err;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment