lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 20 Dec 2010 20:43:50 +0200
From:	Felipe Contreras <felipe.contreras@...il.com>
To:	"Kanigeri, Hari" <h-kanigeri2@...com>
Cc:	Felipe Contreras <felipe.contreras@...ia.com>,
	linux-main <linux-kernel@...r.kernel.org>,
	linux-omap <linux-omap@...r.kernel.org>,
	Greg KH <greg@...ah.com>,
	Omar Ramirez Luna <omar.ramirez@...com>,
	Ohad Ben-Cohen <ohad@...ery.com>,
	Fernando Guzman Lugo <fernando.lugo@...com>,
	Nishanth Menon <nm@...com>,
	Ameya Palande <ameya.palande@...ia.com>
Subject: Re: [PATCH] staging: tidspbridge: protect dmm_map properly

Hi,

On Mon, Dec 20, 2010 at 8:30 PM, Kanigeri, Hari <h-kanigeri2@...com> wrote:
> On Mon, Dec 20, 2010 at 11:12 AM, Felipe Contreras
> <felipe.contreras@...ia.com> wrote:
>> We need to protect not only the dmm_map list, but the individual
>> map_obj's, otherwise, we might be building the scatter-gather list with
>> garbage. So, use the existing proc_lock for that.
>>
>> I observed race conditions which caused kernel panics while running
>> stress tests. This patch fixes those.
>>
>> Signed-off-by: Felipe Contreras <felipe.contreras@...ia.com>
>> ---
>>  drivers/staging/tidspbridge/rmgr/proc.c |   18 ++++++++++++++----
>>  1 files changed, 14 insertions(+), 4 deletions(-)
>>
>> diff --git a/drivers/staging/tidspbridge/rmgr/proc.c b/drivers/staging/tidspbridge/rmgr/proc.c
>> index b47d7aa..21052e3 100644
>> --- a/drivers/staging/tidspbridge/rmgr/proc.c
>> +++ b/drivers/staging/tidspbridge/rmgr/proc.c
>> @@ -781,12 +781,14 @@ int proc_begin_dma(void *hprocessor, void *pmpu_addr, u32 ul_size,
>>                                                        (u32)pmpu_addr,
>>                                                        ul_size, dir);
>>
>> +       mutex_lock(&proc_lock);
>
> May be you should use mutex_lock_interruptable instead of  mutex_lock.

Right, but I think that should be a separate patch since
mutex_lock(&proc_lock) is already being used.

>> @@ -819,12 +823,14 @@ int proc_end_dma(void *hprocessor, void *pmpu_addr, u32 ul_size,
>>                                                        (u32)pmpu_addr,
>>                                                        ul_size, dir);
>>
>> +       mutex_lock(&proc_lock);
>> +
>>        /* find requested memory are in cached mapping information */
>>        map_obj = find_containing_mapping(pr_ctxt, (u32) pmpu_addr, ul_size);
>>        if (!map_obj) {
>>                pr_err("%s: find_containing_mapping failed\n", __func__);
>>                status = -EFAULT;
>> -               goto err_out;
>> +               goto no_map;
>>        }
>>
>>        if (memory_regain_ownership(map_obj, (u32) pmpu_addr, ul_size, dir)) {
>> @@ -834,6 +840,8 @@ int proc_end_dma(void *hprocessor, void *pmpu_addr, u32 ul_size,
>>                goto err_out;
>
> Mutex is not released in this case as it is released only at no_map.

Oops! I didn't test proc_end_dma() and quickly added those locks after
I noticed it. I'll resend with the fix.

-- 
Felipe Contreras
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists