Preparation to make the next patches more understandable. The caller of trace_remove_event_call() is going to free call/files, this means that every opened id/filter/enable/format file will use the already freed memory via filp->private_data / inode->i_private.
Change remove_event_from_tracers() to clear ->i_private for every child. This fixes nothing and even makes the crash more possible, but this allows to fix the problem later. Note: this doesn't affect instance_rmdir() paths. It has the similar problems and they will be fixed separately. Signed-off-by: Oleg Nesterov <[email protected]> --- kernel/trace/trace_events.c | 9 +++++++++ 1 files changed, 9 insertions(+), 0 deletions(-) diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c index 9d2b499..cbd1a57 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c @@ -1534,6 +1534,14 @@ static void remove_subsystem(struct ftrace_subsystem_dir *dir) } } +static void invalidate_event_file(struct dentry *dir) +{ + struct dentry *child; + /* ->i_mutex is not needed, nodody can create/remove a file */ + list_for_each_entry(child, &dir->d_subdirs, d_u.d_child) + child->d_inode->i_private = NULL; +} + static void remove_event_from_tracers(struct ftrace_event_call *call) { struct ftrace_event_file *file; @@ -1545,6 +1553,7 @@ static void remove_event_from_tracers(struct ftrace_event_call *call) continue; list_del(&file->list); + invalidate_event_file(file->dir); debugfs_remove_recursive(file->dir); remove_subsystem(file->system); kmem_cache_free(file_cachep, file); -- 1.5.5.1 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
