| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 22 Sep 2016 12:02:25 +0300
From: Nikita Yushchenko <nikita.yoush@...entembedded.com>
To: Mark Brown <broonie@...nel.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Kuninori Morimoto <kuninori.morimoto.gx@...esas.com>,
Xiubo Li <lixiubo@...s.chinamobile.com>,
Dan Carpenter <dan.carpenter@...cle.com>,
Jon Ringle <jringle@...dpoint.com>,
Chen-Yu Tsai <wens@...e.org>,
"David S. Miller" <davem@...emloft.net>,
linux-kernel@...r.kernel.org, Chris Healy <cphealy@...il.com>
Cc: Nikita Yushchenko <nikita.yoush@...entembedded.com>
Subject: [PATCH] regmap: fix deadlock on _regmap_raw_write() error path
Commit 815806e39bf6 ("regmap: drop cache if the bus transfer error")
added a call to regcache_drop_region() to error path in
_regmap_raw_write(). However that path runs with regmap lock taken,
and regcache_drop_region() tries to re-take it, causing deadlock:
amixer D 8068ae98 0 197 183 0x00000000
Backtrace:
[<8068ab7c>] (__schedule) from [<8068b1c4>] (schedule+0xb8/0xd0)
[<8068b10c>] (schedule) from [<8068b61c>] (schedule_preempt_disabled+0x20/0x2c)
[<8068b5fc>] (schedule_preempt_disabled) from [<8068cd18>] (__mutex_lock_slowpath+0xf8/0x180)
[<8068cc20>] (__mutex_lock_slowpath) from [<8068cde0>] (mutex_lock+0x40/0x58)
[<8068cda0>] (mutex_lock) from [<8047c440>] (regmap_lock_mutex+0x18/0x1c)
[<8047c428>] (regmap_lock_mutex) from [<8047fedc>] (regcache_drop_region+0x44/0x144)
[<8047fe98>] (regcache_drop_region) from [<8047f0a4>] (_regmap_raw_write+0x65c/0x7f0)
[<8047ea48>] (_regmap_raw_write) from [<8047f2b8>] (_regmap_bus_raw_write+0x80/0x98)
[<8047f238>] (_regmap_bus_raw_write) from [<8047dea4>] (_regmap_write+0x11c/0x16c)
[<8047dd88>] (_regmap_write) from [<8047dfa4>] (_regmap_update_bits+0xb0/0xd4)
[<8047def4>] (_regmap_update_bits) from [<8047f460>] (regmap_update_bits_base+0x60/0x84)
[<8047f400>] (regmap_update_bits_base) from [<805acecc>] (snd_soc_component_update_bits+0x40/0x5c)
[<805ace8c>] (snd_soc_component_update_bits) from [<805adec0>] (snd_soc_put_volsw+0x9c/0xf8)
[<805ade24>] (snd_soc_put_volsw) from [<8058b070>] (snd_ctl_ioctl+0x75c/0xbe8)
[<8058a914>] (snd_ctl_ioctl) from [<80209d04>] (vfs_ioctl+0x30/0x44)
[<80209cd4>] (vfs_ioctl) from [<8020a5ec>] (do_vfs_ioctl+0x7b0/0x884)
[<80209e3c>] (do_vfs_ioctl) from [<8020a704>] (SyS_ioctl+0x44/0x6c)
[<8020a6c0>] (SyS_ioctl) from [<80107900>] (ret_fast_syscall+0x0/0x3c)
Fix that by calling map->cache_ops->drop() directly.
Signed-off-by: Nikita Yushchenko <nikita.yoush@...entembedded.com>
---
drivers/base/regmap/regmap.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/base/regmap/regmap.c b/drivers/base/regmap/regmap.c
index 25d26bb..e964d06 100644
--- a/drivers/base/regmap/regmap.c
+++ b/drivers/base/regmap/regmap.c
@@ -1475,7 +1475,11 @@ int _regmap_raw_write(struct regmap *map, unsigned int reg,
kfree(buf);
} else if (ret != 0 && !map->cache_bypass && map->format.parse_val) {
- regcache_drop_region(map, reg, reg + 1);
+ /* regcache_drop_region() takes lock that we already have,
+ * thus call map->cache_ops->drop() directly
+ */
+ if (map->cache_ops && map->cache_ops->drop)
+ map->cache_ops->drop(map, reg, reg + 1);
}
trace_regmap_hw_write_done(map, reg, val_len / map->format.val_bytes);
--
2.1.4
Powered by blists - more mailing lists