| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 19 Feb 2016 15:25:13 -0800
From: Jesse Barnes <jbarnes@...tuousgeek.org>
To: Vincent Pelletier <plr.vincent@...il.com>,
Simon Guinot <simon.guinot@...uanux.org>
Cc: Alan Cox <alan@...ux.intel.com>, Giel van Schijndel <me@...tis.eu>,
linux-gpio@...r.kernel.org, linux-kernel@...r.kernel.org,
Vincent Donnefort <vdonnefort@...il.com>,
Yoann Sculo <yoann@...lo.fr>,
Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: [PATCH] kernel/resource.c: fix muxed resource handling in
__request_region()
+Linus (the de-facto resource guy).
On 02/19/2016 01:10 PM, Vincent Pelletier wrote:
> Hello,
>
> I finally got around to rebasing some patches, and realised that the
> patch from Simon Guinot below still gets rebased over torvalds' v4.4 .
>
> Any reason it was not applied ?
> Or was the issue fixed in another, non-git-conflicting way ? (I see
> nothing recent in git log kernel/resource.c)
>
> I do not find a trace of a mail confirming that I tested it and that it
> fixes the issue. So here goes:
> Tested-by: Vincent Pelletier <plr.vincent@...il.com>
>
> Testing details: bug reproduced on 4.1, patch applied over 4.1 and bug
> disappeared. After rebasing this patch (along with others) over 4.4,
> bug does not reappear. I did not try to reproduce bug with 4.4, but if
> preferred I can give it a go.
>
> On Thu, 10 Sep 2015 00:15:18 +0200, Simon Guinot
> <simon.guinot@...uanux.org> wrote:
>> In __request_region, if a conflict with a BUSY and MUXED resource is
>> detected, then the caller goes to sleep and waits for the resource to
>> be released. A pointer on the conflicting resource is kept. At wake-up
>> this pointer is used as a parent to retry to request the region. A first
>> problem is that this pointer might well be invalid (if for example the
>> conflicting resource have already been freed). An another problem is
>> that the next call to __request_region() fails to detect a remaining
>> conflict. The previously conflicting resource is passed as a parameter
>> and __request_region() will look for a conflict among the children of
>> this resource and not at the resource itself. It is likely to succeed
>> anyway, even if there is still a conflict. Instead, the parent of the
>> conflicting resource should be passed to __request_region().
>>
>> As a fix attempt, this patch don't update the parent resource pointer in
>> the case we have to wait for a muxed region right after.
>>
>> Reported-by: Vincent Pelletier <plr.vincent@...il.com>
>> Signed-off-by: Simon Guinot <simon.guinot@...uanux.org>
>> Tested-by: Vincent Donnefort <vdonnefort@...il.com>
>> ---
>> kernel/resource.c | 5 +++--
>> 1 file changed, 3 insertions(+), 2 deletions(-)
>>
>> diff --git a/kernel/resource.c b/kernel/resource.c
>> index fed052a1bc9f..b8c84804db6a 100644
>> --- a/kernel/resource.c
>> +++ b/kernel/resource.c
>> @@ -1072,9 +1072,10 @@ struct resource * __request_region(struct resource *parent,
>> if (!conflict)
>> break;
>> if (conflict != parent) {
>> - parent = conflict;
>> - if (!(conflict->flags & IORESOURCE_BUSY))
>> + if (!(conflict->flags & IORESOURCE_BUSY)) {
>> + parent = conflict;
>> continue;
>> + }
>> }
>> if (conflict->flags & flags & IORESOURCE_MUXED) {
>> add_wait_queue(&muxed_resource_wait, &wait);
>
> Regards,
>
Powered by blists - more mailing lists