Re: [PATCH 2/4] ARM: amba: Fix race condition with driver_override
Hi Todd, On Fri, Mar 2, 2018 at 7:23 PM, Todd Kjoswrote: > +stable > > what is the status of this patch? We'd like to get it into the android > common branches to fix possible double free. Thanks for your interest! So far this patch (and the 3 others in the series) haven't received any comments. If someone sends a Acked-by or Reviewed-by, I can submit them to RMK's patch system. Thanks! > On Fri, Jan 19, 2018 at 7:24 AM, Geert Uytterhoeven > wrote: >> The driver_override implementation is susceptible to a race condition >> when different threads are reading vs storing a different driver >> override. Add locking to avoid this race condition. >> >> Cfr. commits 6265539776a0810b ("driver core: platform: fix race >> condition with driver_override") and 9561475db680f714 ("PCI: Fix race >> condition with driver_override"). >> >> Fixes: 3cf385713460eb2b ("ARM: 8256/1: driver coamba: add device binding >> path 'driver_override'") >> Signed-off-by: Geert Uytterhoeven Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- ge...@linux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds
Re: [PATCH 2/4] ARM: amba: Fix race condition with driver_override
Hi Todd, On Fri, Mar 2, 2018 at 7:23 PM, Todd Kjos wrote: > +stable > > what is the status of this patch? We'd like to get it into the android > common branches to fix possible double free. Thanks for your interest! So far this patch (and the 3 others in the series) haven't received any comments. If someone sends a Acked-by or Reviewed-by, I can submit them to RMK's patch system. Thanks! > On Fri, Jan 19, 2018 at 7:24 AM, Geert Uytterhoeven > wrote: >> The driver_override implementation is susceptible to a race condition >> when different threads are reading vs storing a different driver >> override. Add locking to avoid this race condition. >> >> Cfr. commits 6265539776a0810b ("driver core: platform: fix race >> condition with driver_override") and 9561475db680f714 ("PCI: Fix race >> condition with driver_override"). >> >> Fixes: 3cf385713460eb2b ("ARM: 8256/1: driver coamba: add device binding >> path 'driver_override'") >> Signed-off-by: Geert Uytterhoeven Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- ge...@linux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds
Re: [PATCH 2/4] ARM: amba: Fix race condition with driver_override
+stable what is the status of this patch? We'd like to get it into the android common branches to fix possible double free. On Fri, Jan 19, 2018 at 7:24 AM, Geert Uytterhoevenwrote: > The driver_override implementation is susceptible to a race condition > when different threads are reading vs storing a different driver > override. Add locking to avoid this race condition. > > Cfr. commits 6265539776a0810b ("driver core: platform: fix race > condition with driver_override") and 9561475db680f714 ("PCI: Fix race > condition with driver_override"). > > Fixes: 3cf385713460eb2b ("ARM: 8256/1: driver coamba: add device binding path > 'driver_override'") > Signed-off-by: Geert Uytterhoeven > --- > drivers/amba/bus.c | 11 +-- > 1 file changed, 9 insertions(+), 2 deletions(-) > > diff --git a/drivers/amba/bus.c b/drivers/amba/bus.c > index 6ffd778352e6d953..36c5653ced5742b7 100644 > --- a/drivers/amba/bus.c > +++ b/drivers/amba/bus.c > @@ -69,8 +69,12 @@ static ssize_t driver_override_show(struct device *_dev, > struct device_attribute *attr, char *buf) > { > struct amba_device *dev = to_amba_device(_dev); > + ssize_t len; > > - return sprintf(buf, "%s\n", dev->driver_override); > + device_lock(_dev); > + len = sprintf(buf, "%s\n", dev->driver_override); > + device_unlock(_dev); > + return len; > } > > static ssize_t driver_override_store(struct device *_dev, > @@ -78,7 +82,7 @@ static ssize_t driver_override_store(struct device *_dev, > const char *buf, size_t count) > { > struct amba_device *dev = to_amba_device(_dev); > - char *driver_override, *old = dev->driver_override, *cp; > + char *driver_override, *old, *cp; > > if (count > PATH_MAX) > return -EINVAL; > @@ -91,12 +95,15 @@ static ssize_t driver_override_store(struct device *_dev, > if (cp) > *cp = '\0'; > > + device_lock(_dev); > + old = dev->driver_override; > if (strlen(driver_override)) { > dev->driver_override = driver_override; > } else { >kfree(driver_override); >dev->driver_override = NULL; > } > + device_unlock(_dev); > > kfree(old); > > -- > 2.7.4 >
Re: [PATCH 2/4] ARM: amba: Fix race condition with driver_override
+stable what is the status of this patch? We'd like to get it into the android common branches to fix possible double free. On Fri, Jan 19, 2018 at 7:24 AM, Geert Uytterhoeven wrote: > The driver_override implementation is susceptible to a race condition > when different threads are reading vs storing a different driver > override. Add locking to avoid this race condition. > > Cfr. commits 6265539776a0810b ("driver core: platform: fix race > condition with driver_override") and 9561475db680f714 ("PCI: Fix race > condition with driver_override"). > > Fixes: 3cf385713460eb2b ("ARM: 8256/1: driver coamba: add device binding path > 'driver_override'") > Signed-off-by: Geert Uytterhoeven > --- > drivers/amba/bus.c | 11 +-- > 1 file changed, 9 insertions(+), 2 deletions(-) > > diff --git a/drivers/amba/bus.c b/drivers/amba/bus.c > index 6ffd778352e6d953..36c5653ced5742b7 100644 > --- a/drivers/amba/bus.c > +++ b/drivers/amba/bus.c > @@ -69,8 +69,12 @@ static ssize_t driver_override_show(struct device *_dev, > struct device_attribute *attr, char *buf) > { > struct amba_device *dev = to_amba_device(_dev); > + ssize_t len; > > - return sprintf(buf, "%s\n", dev->driver_override); > + device_lock(_dev); > + len = sprintf(buf, "%s\n", dev->driver_override); > + device_unlock(_dev); > + return len; > } > > static ssize_t driver_override_store(struct device *_dev, > @@ -78,7 +82,7 @@ static ssize_t driver_override_store(struct device *_dev, > const char *buf, size_t count) > { > struct amba_device *dev = to_amba_device(_dev); > - char *driver_override, *old = dev->driver_override, *cp; > + char *driver_override, *old, *cp; > > if (count > PATH_MAX) > return -EINVAL; > @@ -91,12 +95,15 @@ static ssize_t driver_override_store(struct device *_dev, > if (cp) > *cp = '\0'; > > + device_lock(_dev); > + old = dev->driver_override; > if (strlen(driver_override)) { > dev->driver_override = driver_override; > } else { >kfree(driver_override); >dev->driver_override = NULL; > } > + device_unlock(_dev); > > kfree(old); > > -- > 2.7.4 >