Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/kernel/trace
History
Qing Wang e39bb9e02b tracing: Fix WARN_ON in tracing_buffers_mmap_close 
When a process forks, the child process copies the parent's VMAs but the
user_mapped reference count is not incremented. As a result, when both the
parent and child processes exit, tracing_buffers_mmap_close() is called
twice. On the second call, user_mapped is already 0, causing the function to
return -ENODEV and triggering a WARN_ON.

Normally, this isn't an issue as the memory is mapped with VM_DONTCOPY set.
But this is only a hint, and the application can call
madvise(MADVISE_DOFORK) which resets the VM_DONTCOPY flag. When the
application does that, it can trigger this issue on fork.

Fix it by incrementing the user_mapped reference count without re-mapping
the pages in the VMA's open callback.

Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Vincent Donnefort <vdonnefort@google.com>
Cc: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
Link: https://patch.msgid.link/20260227025842.1085206-1-wangqing7171@gmail.com
Fixes: cf9f0f7c4c ("tracing: Allow user-space mapping of the ring-buffer")
Reported-by: syzbot+3b5dd2030fe08afdf65d@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=3b5dd2030fe08afdf65d
Tested-by: syzbot+3b5dd2030fe08afdf65d@syzkaller.appspotmail.com
Signed-off-by: Qing Wang <wangqing7171@gmail.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
 		2026-03-03 22:25:32 -05:00
..
rv verification/rvgen: Remove unused variable declaration from containers 2026-01-12 07:43:51 +01:00
Kconfig tracing updates for 7.0: 2026-02-13 19:25:16 -08:00
Makefile tracing: Move pid filtering into trace_pid.c 2026-02-08 21:01:13 -05:00
blktrace.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
bpf_trace.c bpf: Fix kprobe_multi cookies access in show_fdinfo callback 2026-02-26 11:23:57 -08:00
bpf_trace.h
error_report-traces.c
fgraph.c fgraph: Do not call handlers direct when not using ftrace_ops 2026-02-19 15:21:22 -05:00
fprobe.c Convert 'alloc_flex' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
ftrace.c ftrace: Disable preemption in the tracepoint callbacks handling filtered pids 2026-03-03 22:25:31 -05:00
ftrace_internal.h
kprobe_event_gen_test.c
pid_list.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
pid_list.h trace/pid_list: optimize pid_list->lock contention 2025-11-13 15:15:54 -05:00
power-traces.c PM: cpufreq: powernv/tracing: Move powernv_throttle trace event 2025-07-21 16:40:56 -04:00
preemptirq_delay_test.c kernel: trace: preemptirq_delay_test: use offstack cpu mask 2025-07-08 18:17:38 -04:00
rethook.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
ring_buffer.c tracing: Fix WARN_ON in tracing_buffers_mmap_close 2026-03-03 22:25:32 -05:00
ring_buffer_benchmark.c tracing: Fix typo in ring_buffer_benchmark.c 2025-12-05 15:43:40 -05:00
rpm-traces.c
synth_event_gen_test.c
trace.c tracing: Fix WARN_ON in tracing_buffers_mmap_close 2026-03-03 22:25:32 -05:00
trace.h tracing updates for 7.0: 2026-02-13 19:25:16 -08:00
trace_benchmark.c
trace_benchmark.h
trace_boot.c
trace_branch.c
trace_btf.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
trace_btf.h
trace_clock.c
trace_dynevent.c tracing: Report wrong dynamic event command 2025-11-10 19:26:14 -05:00
trace_dynevent.h
trace_entries.h tracing: Fix ftrace event field alignments 2026-02-05 09:47:11 -05:00
trace_eprobe.c Convert 'alloc_flex' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
trace_event_perf.c
trace_events.c tracing: Disable preemption in the tracepoint callbacks handling filtered pids 2026-03-03 22:25:32 -05:00
trace_events_filter.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
trace_events_filter_test.h
trace_events_hist.c Convert more 'alloc_obj' cases to default GFP_KERNEL arguments 2026-02-21 20:03:00 -08:00
trace_events_inject.c
trace_events_synth.c Convert remaining multi-line kmalloc_obj/flex GFP_KERNEL uses 2026-02-22 08:26:33 -08:00
trace_events_trigger.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
trace_events_user.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
trace_export.c tracing: Fix ftrace event field alignments 2026-02-05 09:47:11 -05:00
trace_fprobe.c Convert 'alloc_flex' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
trace_functions.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
trace_functions_graph.c fgraph: Fix thresh_return nosleeptime double-adjust 2026-03-03 22:11:20 -05:00
trace_hwlat.c tracing: Fix false sharing in hwlat get_sample() 2026-02-10 03:36:39 -05:00
trace_irqsoff.c tracing: Allow tracer to add more than 32 options 2025-11-04 21:44:00 +09:00
trace_kdb.c tracing: Allow tracer to add more than 32 options 2025-11-04 21:44:00 +09:00
trace_kprobe.c Convert 'alloc_flex' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
trace_kprobe_selftest.c
trace_kprobe_selftest.h
trace_mmiotrace.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
trace_nop.c
trace_osnoise.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
trace_output.c tracing: Add bitmask-list option for human-readable bitmask display 2026-01-26 17:00:50 -05:00
trace_output.h tracing: Allow tracer to add more than 32 options 2025-11-04 21:44:00 +09:00
trace_pid.c tracing: Move pid filtering into trace_pid.c 2026-02-08 21:01:13 -05:00
trace_preemptirq.c
trace_printk.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
trace_probe.c Convert more 'alloc_obj' cases to default GFP_KERNEL arguments 2026-02-21 20:03:00 -08:00
trace_probe.h tracing: probes: Use __free() for trace_probe_log 2025-11-01 01:10:28 +09:00
trace_probe_kernel.h
trace_probe_tmpl.h
trace_recursion_record.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
trace_sched_switch.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
trace_sched_wakeup.c tracing: Allow tracer to add more than 32 options 2025-11-04 21:44:00 +09:00
trace_selftest.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
trace_selftest_dynamic.c
trace_seq.c tracing: Add bitmask-list option for human-readable bitmask display 2026-01-26 17:00:50 -05:00
trace_stack.c
trace_stat.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
trace_stat.h
trace_synth.h
trace_syscalls.c Convert remaining multi-line kmalloc_obj/flex GFP_KERNEL uses 2026-02-22 08:26:33 -08:00
trace_uprobe.c Convert 'alloc_flex' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
tracing_map.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
tracing_map.h