lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <a71b5f36-8a81-3aa6-6aee-655878b5d4af@linaro.org>
Date:   Fri, 16 Sep 2022 13:58:35 +0100
From:   Srinivas Kandagatla <srinivas.kandagatla@...aro.org>
To:     Abel Vesa <abel.vesa@...aro.org>,
        Amol Maheshwari <amahesh@....qualcomm.com>,
        Andy Gross <agross@...nel.org>,
        Bjorn Andersson <andersson@...nel.org>,
        Konrad Dybcio <konrad.dybcio@...ainline.org>,
        Rob Herring <robh@...nel.org>,
        Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>,
        Ekansh Gupta <ekangupt@....qualcomm.com>,
        Bharath Kumar <bkumar@....qualcomm.com>,
        Himateja Reddy <hmreddy@...cinc.com>,
        Anirudh Raghavendra <araghave@...cinc.com>
Cc:     Arnd Bergmann <arnd@...db.de>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        linux-arm-msm@...r.kernel.org,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        devicetree@...r.kernel.org
Subject: Re: [PATCH v3 08/10] misc: fastrpc: Safekeep mmaps on interrupted
 invoke



On 09/09/2022 14:39, Abel Vesa wrote:
> If the userspace daemon is killed in the middle of an invoke (e.g.
> audiopd listerner invoke), we need to skip the unmapping on device
> release, otherwise the DSP will crash. So lets safekeep all the maps
> only if there is in invoke interrupted, by attaching them to the channel
> context (which is resident until RPMSG driver is removed), and free them
> on RPMSG driver remove.
> 
> Signed-off-by: Abel Vesa <abel.vesa@...aro.org>
> ---
>   drivers/misc/fastrpc.c | 15 +++++++++++++++
>   1 file changed, 15 insertions(+)
> 
> diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c
> index 6b2a552dbdba..bc1e8f003d7a 100644
> --- a/drivers/misc/fastrpc.c
> +++ b/drivers/misc/fastrpc.c
> @@ -275,6 +275,7 @@ struct fastrpc_channel_ctx {
>   	struct fastrpc_device *secure_fdevice;
>   	struct fastrpc_device *fdevice;
>   	struct fastrpc_buf *remote_heap;
> +	struct list_head invoke_interrupted_mmaps;
>   	bool secure;
>   	bool unsigned_support;
>   };
> @@ -1119,6 +1120,8 @@ static int fastrpc_internal_invoke(struct fastrpc_user *fl,  u32 kernel,
>   				   struct fastrpc_invoke_args *args)
>   {
>   	struct fastrpc_invoke_ctx *ctx = NULL;
> +	struct fastrpc_buf *buf, *b;
> +
>   	int err = 0;
>   
>   	if (!fl->sctx)
> @@ -1182,6 +1185,13 @@ static int fastrpc_internal_invoke(struct fastrpc_user *fl,  u32 kernel,
>   		fastrpc_context_put(ctx);
>   	}
>   
> +	if (err == -ERESTARTSYS) {
> +		list_for_each_entry_safe(buf, b, &fl->mmaps, node) {
> +			list_del(&buf->node);
> +			list_add_tail(&buf->node, &fl->cctx->invoke_interrupted_mmaps);
> +		}
> +	}
> +
>   	if (err)
>   		dev_dbg(fl->sctx->dev, "Error: Invoke Failed %d\n", err);
>   
> @@ -2277,6 +2287,7 @@ static int fastrpc_rpmsg_probe(struct rpmsg_device *rpdev)
>   	dev_set_drvdata(&rpdev->dev, data);
>   	dma_set_mask_and_coherent(rdev, DMA_BIT_MASK(32));
>   	INIT_LIST_HEAD(&data->users);
> +	INIT_LIST_HEAD(&data->invoke_interrupted_mmaps);
>   	spin_lock_init(&data->lock);
>   	idr_init(&data->ctx_idr);
>   	data->domain_id = domain_id;
> @@ -2301,6 +2312,7 @@ static void fastrpc_notify_users(struct fastrpc_user *user)
>   static void fastrpc_rpmsg_remove(struct rpmsg_device *rpdev)
>   {
>   	struct fastrpc_channel_ctx *cctx = dev_get_drvdata(&rpdev->dev);
> +	struct fastrpc_buf *buf, *b;
>   	struct fastrpc_user *user;
>   	unsigned long flags;
>   
> @@ -2315,6 +2327,9 @@ static void fastrpc_rpmsg_remove(struct rpmsg_device *rpdev)
>   	if (cctx->secure_fdevice)
>   		misc_deregister(&cctx->secure_fdevice->miscdev);
>   
> +	list_for_each_entry_safe(buf, b, &cctx->invoke_interrupted_mmaps, node)
> +		list_del(&buf->node);
> +
When would you free these?
looks like we are leaking even after dsp is down..
Should we not do fastrpc_buf_free() here?



--srini

>   	if (cctx->remote_heap)
>   		fastrpc_buf_free(cctx->remote_heap);
>   

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ