lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 3 May 2024 13:44:51 +1200
From: Barry Song <21cnbao@...il.com>
To: Fedor Pchelkin <pchelkin@...ras.ru>
Cc: Xiang Chen <chenxiang66@...ilicon.com>, Christoph Hellwig <hch@....de>, 
	Marek Szyprowski <m.szyprowski@...sung.com>, Robin Murphy <robin.murphy@....com>, 
	Barry Song <song.bao.hua@...ilicon.com>, iommu@...ts.linux.dev, 
	linux-kernel@...r.kernel.org, Alexey Khoroshilov <khoroshilov@...ras.ru>, 
	lvc-project@...uxtesting.org
Subject: Re: [PATCH 2/2] dma-mapping: benchmark: prevent potential kthread hang

On Fri, May 3, 2024 at 4:29 AM Fedor Pchelkin <pchelkin@...ras.ru> wrote:
>
> If some of kthreads executing map_benchmark_thread() return with an error
> code (e.g. due to a memory allocation failure), then the next kthreads in
> the array are not stopped and potentially loop for indefinite time.
>
> Call kthread_stop() for each started thread as map_benchmark_thread()
> expects that happening in order to exit.
>
> Found by Linux Verification Center (linuxtesting.org).
>
> Fixes: 65789daa8087 ("dma-mapping: add benchmark support for streaming DMA APIs")
> Signed-off-by: Fedor Pchelkin <pchelkin@...ras.ru>
> ---
>  kernel/dma/map_benchmark.c | 12 ++++++++----
>  1 file changed, 8 insertions(+), 4 deletions(-)
>
> diff --git a/kernel/dma/map_benchmark.c b/kernel/dma/map_benchmark.c
> index ea938bc6c7e3..7e39a4690331 100644
> --- a/kernel/dma/map_benchmark.c
> +++ b/kernel/dma/map_benchmark.c
> @@ -140,13 +140,17 @@ static int do_map_benchmark(struct map_benchmark_data *map)
>
>         msleep_interruptible(map->bparam.seconds * 1000);
>
> -       /* wait for the completion of benchmark threads */
> +       /* wait for the completion of all started benchmark threads */
>         for (i = 0; i < threads; i++) {
> -               ret = kthread_stop(tsk[i]);
> -               if (ret)
> -                       goto out;
> +               int kthread_ret = kthread_stop(tsk[i]);
> +
> +               if (kthread_ret)
> +                       ret = kthread_ret;
>         }
>
> +       if (ret)
> +               goto out;
> +

do we still need to do copy_to_user(argp, &map->bparam, sizeof(map->bparam)
after  do_map_benchmark(map) fails?
do we also need the below?
diff --git a/kernel/dma/map_benchmark.c b/kernel/dma/map_benchmark.c
index 02205ab53b7e..28ca165cb62c 100644
--- a/kernel/dma/map_benchmark.c
+++ b/kernel/dma/map_benchmark.c
@@ -252,6 +252,9 @@ static long map_benchmark_ioctl(struct file *file,
unsigned int cmd,
                 * dma_mask changed by benchmark
                 */
                dma_set_mask(map->dev, old_dma_mask);
+
+               if (ret)
+                       return ret;
                break;
        default:
                return -EINVAL;


>         loops = atomic64_read(&map->loops);
>         if (likely(loops > 0)) {
>                 u64 map_variance, unmap_variance;
> --
> 2.45.0
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ