[PATCH 2/2] oprofile: warn on freeing event buffer too early

From: Robert Richter
Date: Fri Oct 09 2009 - 15:49:41 EST

Next message: Robert Richter: "Re: [PATCH 1/2] oprofile: fix race condition in event_buffer free"
Previous message: Robert Richter: "[PATCH 1/2] oprofile: fix race condition in event_buffer free"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

A race shouldn't happen since all workqueues or handlers are canceled
or flushed before the event buffer is freed. A warning is triggered
now if the buffer is freed too early.

Also, this patch adds some comments about event buffer protection,
reworks some code and adds code to clear buffer_pos during alloc and
free of the event buffer.

Cc: David Rientjes <rientjes@xxxxxxxxxx>
Cc: Stephane Eranian <eranian@xxxxxxxxxx>
Signed-off-by: Robert Richter <robert.richter@xxxxxxx>
---
drivers/oprofile/event_buffer.c | 25 +++++++++++++++----------
1 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/drivers/oprofile/event_buffer.c b/drivers/oprofile/event_buffer.c
index c38adb3..5df60a6 100644
--- a/drivers/oprofile/event_buffer.c
+++ b/drivers/oprofile/event_buffer.c
@@ -35,17 +35,22 @@ static size_t buffer_pos;
/* atomic_t because wait_event checks it outside of buffer_mutex */
static atomic_t buffer_ready = ATOMIC_INIT(0);

-/* Add an entry to the event buffer. When we
- * get near to the end we wake up the process
- * sleeping on the read() of the file.
+/*
+ * Add an entry to the event buffer. When we get near to the end we
+ * wake up the process sleeping on the read() of the file. To protect
+ * the event_buffer this function may only be called when buffer_mutex
+ * is set.
*/
void add_event_entry(unsigned long value)
{
/*
- * catch potential error
+ * This shouldn't happen since all workqueues or handlers are
+ * canceled or flushed before the event buffer is freed.
*/
- if (!event_buffer)
+ if (!event_buffer) {
+ WARN_ON_ONCE(1);
return;
+ }

if (buffer_pos == buffer_size) {
atomic_inc(&oprofile_stats.event_lost_overflow);
@@ -75,7 +80,6 @@ void wake_up_buffer_waiter(void)

int alloc_event_buffer(void)
{
- int err = -ENOMEM;
unsigned long flags;

spin_lock_irqsave(&oprofilefs_lock, flags);
@@ -86,13 +90,12 @@ int alloc_event_buffer(void)
if (buffer_watershed >= buffer_size)
return -EINVAL;

+ buffer_pos = 0;
event_buffer = vmalloc(sizeof(unsigned long) * buffer_size);
if (!event_buffer)
- goto out;
+ return -ENOMEM;

- err = 0;
-out:
- return err;
+ return 0;
}

@@ -100,6 +103,7 @@ void free_event_buffer(void)
{
mutex_lock(&buffer_mutex);
vfree(event_buffer);
+ buffer_pos = 0;
event_buffer = NULL;
mutex_unlock(&buffer_mutex);
}
@@ -174,6 +178,7 @@ static ssize_t event_buffer_read(struct file *file, char __user *buf,

mutex_lock(&buffer_mutex);

+ /* May happen if the buffer is freed during pending reads. */
if (!event_buffer) {
retval = -EINTR;
goto out;
--
1.6.5.rc2

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Robert Richter: "Re: [PATCH 1/2] oprofile: fix race condition in event_buffer free"
Previous message: Robert Richter: "[PATCH 1/2] oprofile: fix race condition in event_buffer free"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]