lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1474534945-19648-1-git-send-email-nikita.yoush@cogentembedded.com>
Date:   Thu, 22 Sep 2016 12:02:25 +0300
From:   Nikita Yushchenko <nikita.yoush@...entembedded.com>
To:     Mark Brown <broonie@...nel.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Kuninori Morimoto <kuninori.morimoto.gx@...esas.com>,
        Xiubo Li <lixiubo@...s.chinamobile.com>,
        Dan Carpenter <dan.carpenter@...cle.com>,
        Jon Ringle <jringle@...dpoint.com>,
        Chen-Yu Tsai <wens@...e.org>,
        "David S. Miller" <davem@...emloft.net>,
        linux-kernel@...r.kernel.org, Chris Healy <cphealy@...il.com>
Cc:     Nikita Yushchenko <nikita.yoush@...entembedded.com>
Subject: [PATCH] regmap: fix deadlock on _regmap_raw_write() error path

Commit 815806e39bf6 ("regmap: drop cache if the bus transfer error")
added a call to regcache_drop_region() to error path in
_regmap_raw_write(). However that path runs with regmap lock taken,
and regcache_drop_region() tries to re-take it, causing deadlock:

amixer          D 8068ae98     0   197    183 0x00000000
Backtrace:
[<8068ab7c>] (__schedule) from [<8068b1c4>] (schedule+0xb8/0xd0)
[<8068b10c>] (schedule) from [<8068b61c>] (schedule_preempt_disabled+0x20/0x2c)
[<8068b5fc>] (schedule_preempt_disabled) from [<8068cd18>] (__mutex_lock_slowpath+0xf8/0x180)
[<8068cc20>] (__mutex_lock_slowpath) from [<8068cde0>] (mutex_lock+0x40/0x58)
[<8068cda0>] (mutex_lock) from [<8047c440>] (regmap_lock_mutex+0x18/0x1c)
[<8047c428>] (regmap_lock_mutex) from [<8047fedc>] (regcache_drop_region+0x44/0x144)
[<8047fe98>] (regcache_drop_region) from [<8047f0a4>] (_regmap_raw_write+0x65c/0x7f0)
[<8047ea48>] (_regmap_raw_write) from [<8047f2b8>] (_regmap_bus_raw_write+0x80/0x98)
[<8047f238>] (_regmap_bus_raw_write) from [<8047dea4>] (_regmap_write+0x11c/0x16c)
[<8047dd88>] (_regmap_write) from [<8047dfa4>] (_regmap_update_bits+0xb0/0xd4)
[<8047def4>] (_regmap_update_bits) from [<8047f460>] (regmap_update_bits_base+0x60/0x84)
[<8047f400>] (regmap_update_bits_base) from [<805acecc>] (snd_soc_component_update_bits+0x40/0x5c)
[<805ace8c>] (snd_soc_component_update_bits) from [<805adec0>] (snd_soc_put_volsw+0x9c/0xf8)
[<805ade24>] (snd_soc_put_volsw) from [<8058b070>] (snd_ctl_ioctl+0x75c/0xbe8)
[<8058a914>] (snd_ctl_ioctl) from [<80209d04>] (vfs_ioctl+0x30/0x44)
[<80209cd4>] (vfs_ioctl) from [<8020a5ec>] (do_vfs_ioctl+0x7b0/0x884)
[<80209e3c>] (do_vfs_ioctl) from [<8020a704>] (SyS_ioctl+0x44/0x6c)
[<8020a6c0>] (SyS_ioctl) from [<80107900>] (ret_fast_syscall+0x0/0x3c)

Fix that by calling map->cache_ops->drop() directly.

Signed-off-by: Nikita Yushchenko <nikita.yoush@...entembedded.com>
---
 drivers/base/regmap/regmap.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/drivers/base/regmap/regmap.c b/drivers/base/regmap/regmap.c
index 25d26bb..e964d06 100644
--- a/drivers/base/regmap/regmap.c
+++ b/drivers/base/regmap/regmap.c
@@ -1475,7 +1475,11 @@ int _regmap_raw_write(struct regmap *map, unsigned int reg,
 
 		kfree(buf);
 	} else if (ret != 0 && !map->cache_bypass && map->format.parse_val) {
-		regcache_drop_region(map, reg, reg + 1);
+		/* regcache_drop_region() takes lock that we already have,
+		 * thus call map->cache_ops->drop() directly
+		 */
+		if (map->cache_ops && map->cache_ops->drop)
+			map->cache_ops->drop(map, reg, reg + 1);
 	}
 
 	trace_regmap_hw_write_done(map, reg, val_len / map->format.val_bytes);
-- 
2.1.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ