lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <33471742-634b-8fcb-dd56-e396c4e788f5@foss.st.com>
Date:   Wed, 14 Sep 2022 09:55:35 +0200
From:   Arnaud POULIQUEN <arnaud.pouliquen@...s.st.com>
To:     Deepak Kumar Singh <quic_deesin@...cinc.com>,
        <bjorn.andersson@...aro.org>, <swboyd@...omium.org>,
        <quic_clew@...cinc.com>, <mathieu.poirier@...aro.org>
CC:     <linux-kernel@...r.kernel.org>, <linux-arm-msm@...r.kernel.org>,
        <linux-remoteproc@...r.kernel.org>
Subject: Re: [PATCH V3 1/2] rpmsg: glink: Add lock to avoid race when rpmsg
 device is released

The commit subject should start with  "rpmsg: char:"
no glink driver update...

Regards,
Arnaud

On 9/12/22 19:05, Deepak Kumar Singh wrote:
> When remote host goes down glink char device channel is freed and
> associated rpdev is destroyed through rpmsg_chrdev_eptdev_destroy(),
> At the same time user space apps can still try to open/poll rpmsg
> char device which will result in calling rpmsg_create_ept()/rpmsg_poll().
> These functions will try to reference rpdev which has already been freed
> through rpmsg_chrdev_eptdev_destroy().
> 
> File operation functions and device removal function must be protected
> with lock. This patch adds existing ept lock in remove function as well.
> 
> Signed-off-by: Deepak Kumar Singh <quic_deesin@...cinc.com>
> ---
>  drivers/rpmsg/rpmsg_char.c | 8 ++++++++
>  1 file changed, 8 insertions(+)
> 
> diff --git a/drivers/rpmsg/rpmsg_char.c b/drivers/rpmsg/rpmsg_char.c
> index 4f21891..5500dc0 100644
> --- a/drivers/rpmsg/rpmsg_char.c
> +++ b/drivers/rpmsg/rpmsg_char.c
> @@ -75,6 +75,7 @@ int rpmsg_chrdev_eptdev_destroy(struct device *dev, void *data)
>  	struct rpmsg_eptdev *eptdev = dev_to_eptdev(dev);
>  
>  	mutex_lock(&eptdev->ept_lock);
> +	eptdev->rpdev = NULL;
>  	if (eptdev->ept) {
>  		rpmsg_destroy_ept(eptdev->ept);
>  		eptdev->ept = NULL;
> @@ -126,6 +127,11 @@ static int rpmsg_eptdev_open(struct inode *inode, struct file *filp)
>  		return -EBUSY;
>  	}
>  
> +	if (!eptdev->rpdev) {
> +		mutex_unlock(&eptdev->ept_lock);
> +		return -ENETRESET;
> +	}
> +
>  	get_device(dev);
>  
>  	/*
> @@ -277,7 +283,9 @@ static __poll_t rpmsg_eptdev_poll(struct file *filp, poll_table *wait)
>  	if (!skb_queue_empty(&eptdev->queue))
>  		mask |= EPOLLIN | EPOLLRDNORM;
>  
> +	mutex_lock(&eptdev->ept_lock);
>  	mask |= rpmsg_poll(eptdev->ept, filp, wait);
> +	mutex_unlock(&eptdev->ept_lock);
>  
>  	return mask;
>  }

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ