From: Steven Rostedt Date: Thu, 7 Jan 2010 01:40:44 +0000 (-0500) Subject: ring-buffer: Add rb_list_head() wrapper around new reader page next field X-Git-Tag: firefly_0821_release~9833^2~3342^2~8^2 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=0e1ff5d72a6393f2ef5dbf74f58bb55a12d63834;p=firefly-linux-kernel-4.4.55.git ring-buffer: Add rb_list_head() wrapper around new reader page next field If the very unlikely case happens where the writer moves the head by one between where the head page is read and where the new reader page is assigned _and_ the writer then writes and wraps the entire ring buffer so that the head page is back to what was originally read as the head page, the page to be swapped will have a corrupted next pointer. Simple solution is to wrap the assignment of the next pointer with a rb_list_head(). Signed-off-by: Steven Rostedt --- diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index d5b7308b7e1b..edefe3b2801b 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -2869,7 +2869,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) * Splice the empty reader page into the list around the head. */ reader = rb_set_head_page(cpu_buffer); - cpu_buffer->reader_page->list.next = reader->list.next; + cpu_buffer->reader_page->list.next = rb_list_head(reader->list.next); cpu_buffer->reader_page->list.prev = reader->list.prev; /*