Prev: [033/156] mqueue: fix mq_open() file descriptor leak on user-space processes
Next: [022/156] tracing: Use same local variable when resetting the ring buffer
From: Greg KH on 30 Mar 2010 20:00
2.6.33-stable review patch. If anyone has any objections, please let us know.

------------------

From: Lai Jiangshan <laijs(a)cn.fujitsu.com>

commit ac91d85456372a90af5b85eb6620fd2efb1e431b upstream.

This warning in s_next() can be triggered by lseek():
[<c018b3f7>] ? s_next+0x77/0x80
[<c013e3c1>] warn_slowpath_common+0x81/0xa0
[<c018b3f7>] ? s_next+0x77/0x80
[<c013e3fa>] warn_slowpath_null+0x1a/0x20
[<c018b3f7>] s_next+0x77/0x80
[<c01efa77>] traverse+0x117/0x200
[<c01eff13>] seq_lseek+0xa3/0x120
[<c01efe70>] ? seq_lseek+0x0/0x120
[<c01d7081>] vfs_llseek+0x41/0x50
[<c01d8116>] sys_llseek+0x66/0xa0
[<c0102bd0>] sysenter_do_call+0x12/0x26

The iterator "leftover" variable is zeroed in the opening of the trace
file. But lseek can call s_start() which will call s_next() without
reseting the "leftover" variable back to zero, which might trigger
the WARN_ON_ONCE(iter->leftover) that is in s_next().

Signed-off-by: Lai Jiangshan <laijs(a)cn.fujitsu.com>
LKML-Reference: <4B8CE06A.9090207(a)cn.fujitsu.com>
Signed-off-by: Steven Rostedt <rostedt(a)goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)suse.de>

---
kernel/trace/trace.c | 1 +
1 file changed, 1 insertion(+)

--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -1628,6 +1628,7 @@ static void *s_start(struct seq_file *m,

ftrace_enable_cpu();

+ iter->leftover = 0;
for (p = iter; p && l < *pos; p = s_next(m, p, &l))
;



--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
 | 
Pages: 1
Prev: [033/156] mqueue: fix mq_open() file descriptor leak on user-space processes
Next: [022/156] tracing: Use same local variable when resetting the ring buffer