oprofile: fix race condition in event_buffer free
[linux-2.6.git] / drivers / oprofile / event_buffer.c
1 /**
2  * @file event_buffer.c
3  *
4  * @remark Copyright 2002 OProfile authors
5  * @remark Read the file COPYING
6  *
7  * @author John Levon <levon@movementarian.org>
8  *
9  * This is the global event buffer that the user-space
10  * daemon reads from. The event buffer is an untyped array
11  * of unsigned longs. Entries are prefixed by the
12  * escape value ESCAPE_CODE followed by an identifying code.
13  */
14
15 #include <linux/vmalloc.h>
16 #include <linux/oprofile.h>
17 #include <linux/sched.h>
18 #include <linux/capability.h>
19 #include <linux/dcookies.h>
20 #include <linux/fs.h>
21 #include <asm/uaccess.h>
22
23 #include "oprof.h"
24 #include "event_buffer.h"
25 #include "oprofile_stats.h"
26
27 DEFINE_MUTEX(buffer_mutex);
28
29 static unsigned long buffer_opened;
30 static DECLARE_WAIT_QUEUE_HEAD(buffer_wait);
31 static unsigned long *event_buffer;
32 static unsigned long buffer_size;
33 static unsigned long buffer_watershed;
34 static size_t buffer_pos;
35 /* atomic_t because wait_event checks it outside of buffer_mutex */
36 static atomic_t buffer_ready = ATOMIC_INIT(0);
37
38 /* Add an entry to the event buffer. When we
39  * get near to the end we wake up the process
40  * sleeping on the read() of the file.
41  */
42 void add_event_entry(unsigned long value)
43 {
44         /*
45          * catch potential error
46          */
47         if (!event_buffer)
48                 return;
49
50         if (buffer_pos == buffer_size) {
51                 atomic_inc(&oprofile_stats.event_lost_overflow);
52                 return;
53         }
54
55         event_buffer[buffer_pos] = value;
56         if (++buffer_pos == buffer_size - buffer_watershed) {
57                 atomic_set(&buffer_ready, 1);
58                 wake_up(&buffer_wait);
59         }
60 }
61
62
63 /* Wake up the waiting process if any. This happens
64  * on "echo 0 >/dev/oprofile/enable" so the daemon
65  * processes the data remaining in the event buffer.
66  */
67 void wake_up_buffer_waiter(void)
68 {
69         mutex_lock(&buffer_mutex);
70         atomic_set(&buffer_ready, 1);
71         wake_up(&buffer_wait);
72         mutex_unlock(&buffer_mutex);
73 }
74
75
76 int alloc_event_buffer(void)
77 {
78         int err = -ENOMEM;
79         unsigned long flags;
80
81         spin_lock_irqsave(&oprofilefs_lock, flags);
82         buffer_size = oprofile_buffer_size;
83         buffer_watershed = oprofile_buffer_watershed;
84         spin_unlock_irqrestore(&oprofilefs_lock, flags);
85
86         if (buffer_watershed >= buffer_size)
87                 return -EINVAL;
88
89         event_buffer = vmalloc(sizeof(unsigned long) * buffer_size);
90         if (!event_buffer)
91                 goto out;
92
93         err = 0;
94 out:
95         return err;
96 }
97
98
99 void free_event_buffer(void)
100 {
101         mutex_lock(&buffer_mutex);
102         vfree(event_buffer);
103         event_buffer = NULL;
104         mutex_unlock(&buffer_mutex);
105 }
106
107
108 static int event_buffer_open(struct inode *inode, struct file *file)
109 {
110         int err = -EPERM;
111
112         if (!capable(CAP_SYS_ADMIN))
113                 return -EPERM;
114
115         if (test_and_set_bit_lock(0, &buffer_opened))
116                 return -EBUSY;
117
118         /* Register as a user of dcookies
119          * to ensure they persist for the lifetime of
120          * the open event file
121          */
122         err = -EINVAL;
123         file->private_data = dcookie_register();
124         if (!file->private_data)
125                 goto out;
126
127         if ((err = oprofile_setup()))
128                 goto fail;
129
130         /* NB: the actual start happens from userspace
131          * echo 1 >/dev/oprofile/enable
132          */
133
134         return 0;
135
136 fail:
137         dcookie_unregister(file->private_data);
138 out:
139         __clear_bit_unlock(0, &buffer_opened);
140         return err;
141 }
142
143
144 static int event_buffer_release(struct inode *inode, struct file *file)
145 {
146         oprofile_stop();
147         oprofile_shutdown();
148         dcookie_unregister(file->private_data);
149         buffer_pos = 0;
150         atomic_set(&buffer_ready, 0);
151         __clear_bit_unlock(0, &buffer_opened);
152         return 0;
153 }
154
155
156 static ssize_t event_buffer_read(struct file *file, char __user *buf,
157                                  size_t count, loff_t *offset)
158 {
159         int retval = -EINVAL;
160         size_t const max = buffer_size * sizeof(unsigned long);
161
162         /* handling partial reads is more trouble than it's worth */
163         if (count != max || *offset)
164                 return -EINVAL;
165
166         wait_event_interruptible(buffer_wait, atomic_read(&buffer_ready));
167
168         if (signal_pending(current))
169                 return -EINTR;
170
171         /* can't currently happen */
172         if (!atomic_read(&buffer_ready))
173                 return -EAGAIN;
174
175         mutex_lock(&buffer_mutex);
176
177         if (!event_buffer) {
178                 retval = -EINTR;
179                 goto out;
180         }
181
182         atomic_set(&buffer_ready, 0);
183
184         retval = -EFAULT;
185
186         count = buffer_pos * sizeof(unsigned long);
187
188         if (copy_to_user(buf, event_buffer, count))
189                 goto out;
190
191         retval = count;
192         buffer_pos = 0;
193
194 out:
195         mutex_unlock(&buffer_mutex);
196         return retval;
197 }
198
199 const struct file_operations event_buffer_fops = {
200         .open           = event_buffer_open,
201         .release        = event_buffer_release,
202         .read           = event_buffer_read,
203 };