| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AANLkTi=B2MFz=c9gzcP3ZpApipShYbK88sbFmOOn3QKM@mail.gmail.com>
Date: Mon, 20 Dec 2010 20:43:50 +0200
From: Felipe Contreras <felipe.contreras@...il.com>
To: "Kanigeri, Hari" <h-kanigeri2@...com>
Cc: Felipe Contreras <felipe.contreras@...ia.com>,
linux-main <linux-kernel@...r.kernel.org>,
linux-omap <linux-omap@...r.kernel.org>,
Greg KH <greg@...ah.com>,
Omar Ramirez Luna <omar.ramirez@...com>,
Ohad Ben-Cohen <ohad@...ery.com>,
Fernando Guzman Lugo <fernando.lugo@...com>,
Nishanth Menon <nm@...com>,
Ameya Palande <ameya.palande@...ia.com>
Subject: Re: [PATCH] staging: tidspbridge: protect dmm_map properly
Hi,
On Mon, Dec 20, 2010 at 8:30 PM, Kanigeri, Hari <h-kanigeri2@...com> wrote:
> On Mon, Dec 20, 2010 at 11:12 AM, Felipe Contreras
> <felipe.contreras@...ia.com> wrote:
>> We need to protect not only the dmm_map list, but the individual
>> map_obj's, otherwise, we might be building the scatter-gather list with
>> garbage. So, use the existing proc_lock for that.
>>
>> I observed race conditions which caused kernel panics while running
>> stress tests. This patch fixes those.
>>
>> Signed-off-by: Felipe Contreras <felipe.contreras@...ia.com>
>> ---
>> drivers/staging/tidspbridge/rmgr/proc.c | 18 ++++++++++++++----
>> 1 files changed, 14 insertions(+), 4 deletions(-)
>>
>> diff --git a/drivers/staging/tidspbridge/rmgr/proc.c b/drivers/staging/tidspbridge/rmgr/proc.c
>> index b47d7aa..21052e3 100644
>> --- a/drivers/staging/tidspbridge/rmgr/proc.c
>> +++ b/drivers/staging/tidspbridge/rmgr/proc.c
>> @@ -781,12 +781,14 @@ int proc_begin_dma(void *hprocessor, void *pmpu_addr, u32 ul_size,
>> (u32)pmpu_addr,
>> ul_size, dir);
>>
>> + mutex_lock(&proc_lock);
>
> May be you should use mutex_lock_interruptable instead of mutex_lock.
Right, but I think that should be a separate patch since
mutex_lock(&proc_lock) is already being used.
>> @@ -819,12 +823,14 @@ int proc_end_dma(void *hprocessor, void *pmpu_addr, u32 ul_size,
>> (u32)pmpu_addr,
>> ul_size, dir);
>>
>> + mutex_lock(&proc_lock);
>> +
>> /* find requested memory are in cached mapping information */
>> map_obj = find_containing_mapping(pr_ctxt, (u32) pmpu_addr, ul_size);
>> if (!map_obj) {
>> pr_err("%s: find_containing_mapping failed\n", __func__);
>> status = -EFAULT;
>> - goto err_out;
>> + goto no_map;
>> }
>>
>> if (memory_regain_ownership(map_obj, (u32) pmpu_addr, ul_size, dir)) {
>> @@ -834,6 +840,8 @@ int proc_end_dma(void *hprocessor, void *pmpu_addr, u32 ul_size,
>> goto err_out;
>
> Mutex is not released in this case as it is released only at no_map.
Oops! I didn't test proc_end_dma() and quickly added those locks after
I noticed it. I'll resend with the fix.
--
Felipe Contreras
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists