Commit a3578000 authored by Lai Jiangshan's avatar Lai Jiangshan Committed by Ingo Molnar

tracing/workqueues: Add refcnt to struct cpu_workqueue_stats

The stat entries can be freed when the stat file is being read.
The worse is, the ptr can be freed immediately after it's returned
from workqueue_stat_start/next().

Add a refcnt to struct cpu_workqueue_stats to avoid use-after-free.
Signed-off-by: default avatarLai Jiangshan <laijs@cn.fujitsu.com>
Signed-off-by: default avatarLi Zefan <lizf@cn.fujitsu.com>
Acked-by: default avatarFrederic Weisbecker <fweisbec@gmail.com>
Cc: Steven Rostedt <rostedt@goodmis.org>
LKML-Reference: <4A51B16F.6010608@cn.fujitsu.com>
Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
parent d8ea37d5
...@@ -9,6 +9,7 @@ ...@@ -9,6 +9,7 @@
#include <trace/events/workqueue.h> #include <trace/events/workqueue.h>
#include <linux/list.h> #include <linux/list.h>
#include <linux/percpu.h> #include <linux/percpu.h>
#include <linux/kref.h>
#include "trace_stat.h" #include "trace_stat.h"
#include "trace.h" #include "trace.h"
...@@ -16,6 +17,7 @@ ...@@ -16,6 +17,7 @@
/* A cpu workqueue thread */ /* A cpu workqueue thread */
struct cpu_workqueue_stats { struct cpu_workqueue_stats {
struct list_head list; struct list_head list;
struct kref kref;
int cpu; int cpu;
pid_t pid; pid_t pid;
/* Can be inserted from interrupt or user context, need to be atomic */ /* Can be inserted from interrupt or user context, need to be atomic */
...@@ -39,6 +41,11 @@ struct workqueue_global_stats { ...@@ -39,6 +41,11 @@ struct workqueue_global_stats {
static DEFINE_PER_CPU(struct workqueue_global_stats, all_workqueue_stat); static DEFINE_PER_CPU(struct workqueue_global_stats, all_workqueue_stat);
#define workqueue_cpu_stat(cpu) (&per_cpu(all_workqueue_stat, cpu)) #define workqueue_cpu_stat(cpu) (&per_cpu(all_workqueue_stat, cpu))
static void cpu_workqueue_stat_free(struct kref *kref)
{
kfree(container_of(kref, struct cpu_workqueue_stats, kref));
}
/* Insertion of a work */ /* Insertion of a work */
static void static void
probe_workqueue_insertion(struct task_struct *wq_thread, probe_workqueue_insertion(struct task_struct *wq_thread,
...@@ -96,8 +103,8 @@ static void probe_workqueue_creation(struct task_struct *wq_thread, int cpu) ...@@ -96,8 +103,8 @@ static void probe_workqueue_creation(struct task_struct *wq_thread, int cpu)
return; return;
} }
INIT_LIST_HEAD(&cws->list); INIT_LIST_HEAD(&cws->list);
kref_init(&cws->kref);
cws->cpu = cpu; cws->cpu = cpu;
cws->pid = wq_thread->pid; cws->pid = wq_thread->pid;
spin_lock_irqsave(&workqueue_cpu_stat(cpu)->lock, flags); spin_lock_irqsave(&workqueue_cpu_stat(cpu)->lock, flags);
...@@ -118,7 +125,7 @@ static void probe_workqueue_destruction(struct task_struct *wq_thread) ...@@ -118,7 +125,7 @@ static void probe_workqueue_destruction(struct task_struct *wq_thread)
list) { list) {
if (node->pid == wq_thread->pid) { if (node->pid == wq_thread->pid) {
list_del(&node->list); list_del(&node->list);
kfree(node); kref_put(&node->kref, cpu_workqueue_stat_free);
goto found; goto found;
} }
} }
...@@ -137,9 +144,11 @@ static struct cpu_workqueue_stats *workqueue_stat_start_cpu(int cpu) ...@@ -137,9 +144,11 @@ static struct cpu_workqueue_stats *workqueue_stat_start_cpu(int cpu)
spin_lock_irqsave(&workqueue_cpu_stat(cpu)->lock, flags); spin_lock_irqsave(&workqueue_cpu_stat(cpu)->lock, flags);
if (!list_empty(&workqueue_cpu_stat(cpu)->list)) if (!list_empty(&workqueue_cpu_stat(cpu)->list)) {
ret = list_entry(workqueue_cpu_stat(cpu)->list.next, ret = list_entry(workqueue_cpu_stat(cpu)->list.next,
struct cpu_workqueue_stats, list); struct cpu_workqueue_stats, list);
kref_get(&ret->kref);
}
spin_unlock_irqrestore(&workqueue_cpu_stat(cpu)->lock, flags); spin_unlock_irqrestore(&workqueue_cpu_stat(cpu)->lock, flags);
...@@ -162,9 +171,9 @@ static void *workqueue_stat_start(struct tracer_stat *trace) ...@@ -162,9 +171,9 @@ static void *workqueue_stat_start(struct tracer_stat *trace)
static void *workqueue_stat_next(void *prev, int idx) static void *workqueue_stat_next(void *prev, int idx)
{ {
struct cpu_workqueue_stats *prev_cws = prev; struct cpu_workqueue_stats *prev_cws = prev;
struct cpu_workqueue_stats *ret;
int cpu = prev_cws->cpu; int cpu = prev_cws->cpu;
unsigned long flags; unsigned long flags;
void *ret = NULL;
spin_lock_irqsave(&workqueue_cpu_stat(cpu)->lock, flags); spin_lock_irqsave(&workqueue_cpu_stat(cpu)->lock, flags);
if (list_is_last(&prev_cws->list, &workqueue_cpu_stat(cpu)->list)) { if (list_is_last(&prev_cws->list, &workqueue_cpu_stat(cpu)->list)) {
...@@ -175,11 +184,14 @@ static void *workqueue_stat_next(void *prev, int idx) ...@@ -175,11 +184,14 @@ static void *workqueue_stat_next(void *prev, int idx)
return NULL; return NULL;
} while (!(ret = workqueue_stat_start_cpu(cpu))); } while (!(ret = workqueue_stat_start_cpu(cpu)));
return ret; return ret;
} else {
ret = list_entry(prev_cws->list.next,
struct cpu_workqueue_stats, list);
kref_get(&ret->kref);
} }
spin_unlock_irqrestore(&workqueue_cpu_stat(cpu)->lock, flags); spin_unlock_irqrestore(&workqueue_cpu_stat(cpu)->lock, flags);
return list_entry(prev_cws->list.next, struct cpu_workqueue_stats, return ret;
list);
} }
static int workqueue_stat_show(struct seq_file *s, void *p) static int workqueue_stat_show(struct seq_file *s, void *p)
...@@ -203,6 +215,13 @@ static int workqueue_stat_show(struct seq_file *s, void *p) ...@@ -203,6 +215,13 @@ static int workqueue_stat_show(struct seq_file *s, void *p)
return 0; return 0;
} }
static void workqueue_stat_release(void *stat)
{
struct cpu_workqueue_stats *node = stat;
kref_put(&node->kref, cpu_workqueue_stat_free);
}
static int workqueue_stat_headers(struct seq_file *s) static int workqueue_stat_headers(struct seq_file *s)
{ {
seq_printf(s, "# CPU INSERTED EXECUTED NAME\n"); seq_printf(s, "# CPU INSERTED EXECUTED NAME\n");
...@@ -215,6 +234,7 @@ struct tracer_stat workqueue_stats __read_mostly = { ...@@ -215,6 +234,7 @@ struct tracer_stat workqueue_stats __read_mostly = {
.stat_start = workqueue_stat_start, .stat_start = workqueue_stat_start,
.stat_next = workqueue_stat_next, .stat_next = workqueue_stat_next,
.stat_show = workqueue_stat_show, .stat_show = workqueue_stat_show,
.stat_release = workqueue_stat_release,
.stat_headers = workqueue_stat_headers .stat_headers = workqueue_stat_headers
}; };
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment