On Wed, 2012-12-12 at 08:39 -0800, [email protected] wrote: > The patch below does not apply to the 3.4-stable tree. > If someone wants it applied there, or to any other stable or longterm > tree, then please email the backport, including the original git commit > id to <[email protected]>.
Posted early where you complained to me about it: https://lkml.org/lkml/2012/11/30/324 -- Steve > > thanks, > > greg k-h > > ------------------ original commit in Linus's tree ------------------ > > >From 54f7be5b831254199522523ccab4c3d954bbf576 Mon Sep 17 00:00:00 2001 > From: Steven Rostedt <[email protected]> > Date: Thu, 29 Nov 2012 22:27:22 -0500 > Subject: [PATCH] ring-buffer: Fix NULL pointer if rb_set_head_page() fails > > The function rb_set_head_page() searches the list of ring buffer > pages for a the page that has the HEAD page flag set. If it does > not find it, it will do a WARN_ON(), disable the ring buffer and > return NULL, as this should never happen. > > But if this bug happens to happen, not all callers of this function > can handle a NULL pointer being returned from it. That needs to be > fixed. > > Cc: [email protected] # 3.0+ > Signed-off-by: Steven Rostedt <[email protected]> > > diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c > index b979426..ec01803 100644 > --- a/kernel/trace/ring_buffer.c > +++ b/kernel/trace/ring_buffer.c > @@ -1396,6 +1396,8 @@ rb_insert_pages(struct ring_buffer_per_cpu *cpu_buffer) > struct list_head *head_page_with_bit; > > head_page = &rb_set_head_page(cpu_buffer)->list; > + if (!head_page) > + break; > prev_page = head_page->prev; > > first_page = pages->next; > @@ -2934,7 +2936,7 @@ unsigned long ring_buffer_oldest_event_ts(struct > ring_buffer *buffer, int cpu) > unsigned long flags; > struct ring_buffer_per_cpu *cpu_buffer; > struct buffer_page *bpage; > - unsigned long ret; > + unsigned long ret = 0; > > if (!cpumask_test_cpu(cpu, buffer->cpumask)) > return 0; > @@ -2949,7 +2951,8 @@ unsigned long ring_buffer_oldest_event_ts(struct > ring_buffer *buffer, int cpu) > bpage = cpu_buffer->reader_page; > else > bpage = rb_set_head_page(cpu_buffer); > - ret = bpage->page->time_stamp; > + if (bpage) > + ret = bpage->page->time_stamp; > raw_spin_unlock_irqrestore(&cpu_buffer->reader_lock, flags); > > return ret; > @@ -3260,6 +3263,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu > *cpu_buffer) > * Splice the empty reader page into the list around the head. > */ > reader = rb_set_head_page(cpu_buffer); > + if (!reader) > + goto out; > cpu_buffer->reader_page->list.next = rb_list_head(reader->list.next); > cpu_buffer->reader_page->list.prev = reader->list.prev; > -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
