[PATCH 1/2] ftrace: Update ftrace_ops->next pointer with rcu_assign_pointer()

From: Li Huafei
Date: Wed Mar 17 2021 - 06:27:36 EST

Next message: Eugeniu Rosca: "Re: [PATCH] softirq: Be more verbose on t->state BUG()"
Previous message: Li Huafei: "[PATCH 0/2] Fix the race on &event->ftrace_ops between perf and ftrace"
In reply to: Li Huafei: "[PATCH 2/2] perf, ftrace: Fix use-after-free in __ftrace_ops_list_func()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The unregistered ftrace_ops may be freed by the caller, so we should use
rcu_assign_pointer() in remove_ftrace_ops() to remove the ftrace_ops,
which ensures that no more users will reference the ftrace_ops after
synchronize_rcu() is called.

Signed-off-by: Li Huafei <lihuafei1@xxxxxxxxxx>
---
kernel/trace/ftrace.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
index 4d8e35575549..2e315a145d20 100644
--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
@@ -282,7 +282,7 @@ static int remove_ftrace_ops(struct ftrace_ops __rcu **list,
lockdep_is_held(&ftrace_lock)) == ops &&
rcu_dereference_protected(ops->next,
lockdep_is_held(&ftrace_lock)) == &ftrace_list_end) {
- *list = &ftrace_list_end;
+ rcu_assign_pointer(*list, &ftrace_list_end);
return 0;
}

@@ -293,7 +293,7 @@ static int remove_ftrace_ops(struct ftrace_ops __rcu **list,
if (*p != ops)
return -1;

- *p = (*p)->next;
+ rcu_assign_pointer(*p, (*p)->next);
return 0;
}

--
2.17.1

Next message: Eugeniu Rosca: "Re: [PATCH] softirq: Be more verbose on t->state BUG()"
Previous message: Li Huafei: "[PATCH 0/2] Fix the race on &event->ftrace_ops between perf and ftrace"
In reply to: Li Huafei: "[PATCH 2/2] perf, ftrace: Fix use-after-free in __ftrace_ops_list_func()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]