ring_buffer: reset write when reserve buffer fail
authorLai Jiangshan <laijs@cn.fujitsu.com>
Mon, 12 Jan 2009 03:06:18 +0000 (11:06 +0800)
committerIngo Molnar <mingo@elte.hu>
Thu, 15 Jan 2009 08:46:40 +0000 (09:46 +0100)
Impact: reset struct buffer_page.write when interrupt storm

if struct buffer_page.write is not reset, any succedent committing
will corrupted ring_buffer:

static inline void
rb_set_commit_to_write(struct ring_buffer_per_cpu *cpu_buffer)
{
......
cpu_buffer->commit_page->commit =
cpu_buffer->commit_page->write;
......
}

when "if (RB_WARN_ON(cpu_buffer, next_page == reader_page))", ring_buffer
is disabled, but some reserved buffers may haven't been committed.
we need reset struct buffer_page.write.

when "if (unlikely(next_page == cpu_buffer->commit_page))", ring_buffer
is still available, we should not corrupt it.

Signed-off-by: Lai Jiangshan <laijs@cn.fujitsu.com>
Signed-off-by: Steven Rostedt <srostedt@redhat.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
kernel/trace/ring_buffer.c

index 4832ffa5d93706025173adb7af8f207cc0ba7b47..0b9de5a3d6997c64301a315c03ae5bfaf88ae040 100644 (file)
@@ -1017,12 +1017,8 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
                }
 
                if (next_page == head_page) {
-                       if (!(buffer->flags & RB_FL_OVERWRITE)) {
-                               /* reset write */
-                               if (tail <= BUF_PAGE_SIZE)
-                                       local_set(&tail_page->write, tail);
+                       if (!(buffer->flags & RB_FL_OVERWRITE))
                                goto out_unlock;
-                       }
 
                        /* tail_page has not moved yet? */
                        if (tail_page == cpu_buffer->tail_page) {
@@ -1097,6 +1093,10 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
        return event;
 
  out_unlock:
+       /* reset write */
+       if (tail <= BUF_PAGE_SIZE)
+               local_set(&tail_page->write, tail);
+
        __raw_spin_unlock(&cpu_buffer->lock);
        local_irq_restore(flags);
        return NULL;