diff options
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-27825/0001-tracing-Fix-race-in-trace_open-and-buffer-resize-cal.patch')
| -rw-r--r-- | meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-27825/0001-tracing-Fix-race-in-trace_open-and-buffer-resize-cal.patch | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-27825/0001-tracing-Fix-race-in-trace_open-and-buffer-resize-cal.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-27825/0001-tracing-Fix-race-in-trace_open-and-buffer-resize-cal.patch new file mode 100644 index 000000000..8313c0533 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-27825/0001-tracing-Fix-race-in-trace_open-and-buffer-resize-cal.patch @@ -0,0 +1,60 @@ +From d8fb64e4164d3f4c89eb58c27b2472a052359823 Mon Sep 17 00:00:00 2001 +From: Gaurav Kohli <gkohli@codeaurora.org> +Date: Tue, 6 Oct 2020 15:03:53 +0530 +Subject: [PATCH] tracing: Fix race in trace_open and buffer resize call + +Below race can come, if trace_open and resize of +cpu buffer is running parallely on different cpus +CPUX CPUY + ring_buffer_resize + atomic_read(&buffer->resize_disabled) +tracing_open +tracing_reset_online_cpus +ring_buffer_reset_cpu +rb_reset_cpu + rb_update_pages + remove/insert pages +resetting pointer + +This race can cause data abort or some times infinte loop in +rb_remove_pages and rb_insert_pages while checking pages +for sanity. + +Take buffer lock to fix this. + +Link: https://lkml.kernel.org/r/1601976833-24377-1-git-send-email-gkohli@codeaurora.org + +Cc: stable@vger.kernel.org +Fixes: b23d7a5f4a07a ("ring-buffer: speed up buffer resets by avoiding synchronize_rcu for each CPU") +Signed-off-by: Gaurav Kohli <gkohli@codeaurora.org> +Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org> +--- + kernel/trace/ring_buffer.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c +index 4bf050fcfe3b..6a790901270f 100644 +--- a/kernel/trace/ring_buffer.c ++++ b/kernel/trace/ring_buffer.c +@@ -4406,6 +4406,9 @@ void ring_buffer_reset_cpu(struct ring_buffer *buffer, int cpu) + if (!cpumask_test_cpu(cpu, buffer->cpumask)) + return; + ++ /* prevent another thread from changing buffer sizes */ ++ mutex_lock(&buffer->mutex); ++ + atomic_inc(&buffer->resize_disabled); + atomic_inc(&cpu_buffer->record_disabled); + +@@ -4428,6 +4431,8 @@ void ring_buffer_reset_cpu(struct ring_buffer *buffer, int cpu) + + atomic_dec(&cpu_buffer->record_disabled); + atomic_dec(&buffer->resize_disabled); ++ ++ mutex_unlock(&buffer->mutex); + } + EXPORT_SYMBOL_GPL(ring_buffer_reset_cpu); + +-- +2.17.1 + |