lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 20 Dec 2010 20:43:50 +0200 From: Felipe Contreras <felipe.contreras@...il.com> To: "Kanigeri, Hari" <h-kanigeri2@...com> Cc: Felipe Contreras <felipe.contreras@...ia.com>, linux-main <linux-kernel@...r.kernel.org>, linux-omap <linux-omap@...r.kernel.org>, Greg KH <greg@...ah.com>, Omar Ramirez Luna <omar.ramirez@...com>, Ohad Ben-Cohen <ohad@...ery.com>, Fernando Guzman Lugo <fernando.lugo@...com>, Nishanth Menon <nm@...com>, Ameya Palande <ameya.palande@...ia.com> Subject: Re: [PATCH] staging: tidspbridge: protect dmm_map properly Hi, On Mon, Dec 20, 2010 at 8:30 PM, Kanigeri, Hari <h-kanigeri2@...com> wrote: > On Mon, Dec 20, 2010 at 11:12 AM, Felipe Contreras > <felipe.contreras@...ia.com> wrote: >> We need to protect not only the dmm_map list, but the individual >> map_obj's, otherwise, we might be building the scatter-gather list with >> garbage. So, use the existing proc_lock for that. >> >> I observed race conditions which caused kernel panics while running >> stress tests. This patch fixes those. >> >> Signed-off-by: Felipe Contreras <felipe.contreras@...ia.com> >> --- >> drivers/staging/tidspbridge/rmgr/proc.c | 18 ++++++++++++++---- >> 1 files changed, 14 insertions(+), 4 deletions(-) >> >> diff --git a/drivers/staging/tidspbridge/rmgr/proc.c b/drivers/staging/tidspbridge/rmgr/proc.c >> index b47d7aa..21052e3 100644 >> --- a/drivers/staging/tidspbridge/rmgr/proc.c >> +++ b/drivers/staging/tidspbridge/rmgr/proc.c >> @@ -781,12 +781,14 @@ int proc_begin_dma(void *hprocessor, void *pmpu_addr, u32 ul_size, >> (u32)pmpu_addr, >> ul_size, dir); >> >> + mutex_lock(&proc_lock); > > May be you should use mutex_lock_interruptable instead of mutex_lock. Right, but I think that should be a separate patch since mutex_lock(&proc_lock) is already being used. >> @@ -819,12 +823,14 @@ int proc_end_dma(void *hprocessor, void *pmpu_addr, u32 ul_size, >> (u32)pmpu_addr, >> ul_size, dir); >> >> + mutex_lock(&proc_lock); >> + >> /* find requested memory are in cached mapping information */ >> map_obj = find_containing_mapping(pr_ctxt, (u32) pmpu_addr, ul_size); >> if (!map_obj) { >> pr_err("%s: find_containing_mapping failed\n", __func__); >> status = -EFAULT; >> - goto err_out; >> + goto no_map; >> } >> >> if (memory_regain_ownership(map_obj, (u32) pmpu_addr, ul_size, dir)) { >> @@ -834,6 +840,8 @@ int proc_end_dma(void *hprocessor, void *pmpu_addr, u32 ul_size, >> goto err_out; > > Mutex is not released in this case as it is released only at no_map. Oops! I didn't test proc_end_dma() and quickly added those locks after I noticed it. I'll resend with the fix. -- Felipe Contreras -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists