Since resources can be removed, locking should ensure that the resource
is not removed while accessing it. However, find_next_iomem_res() does
not hold the lock while copying the data of the resource.
Keep holding the lock while the data is copied. While at it, change the
return value to a more informative value. It is disregarded by the
callers.
Fixes: ff3cc952d3f00 ("resource: Add remove_resource interface")
Cc: [email protected]
Cc: Borislav Petkov <[email protected]>
Cc: Toshi Kani <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Dave Hansen <[email protected]>
Cc: Dan Williams <[email protected]>
Cc: Bjorn Helgaas <[email protected]>
Cc: Ingo Molnar <[email protected]>
Signed-off-by: Nadav Amit <[email protected]>
---
kernel/resource.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/kernel/resource.c b/kernel/resource.c
index 158f04ec1d4f..c0f7ba0ece52 100644
--- a/kernel/resource.c
+++ b/kernel/resource.c
@@ -365,16 +365,16 @@ static int find_next_iomem_res(resource_size_t start, resource_size_t end,
break;
}
+ if (p) {
+ /* copy data */
+ res->start = max(start, p->start);
+ res->end = min(end, p->end);
+ res->flags = p->flags;
+ res->desc = p->desc;
+ }
+
read_unlock(&resource_lock);
- if (!p)
- return -1;
-
- /* copy data */
- res->start = max(start, p->start);
- res->end = min(end, p->end);
- res->flags = p->flags;
- res->desc = p->desc;
- return 0;
+ return p ? 0 : -ENODEV;
}
static int __walk_iomem_res_desc(resource_size_t start, resource_size_t end,
--
2.20.1
> On Jun 15, 2019, at 3:15 PM, Sasha Levin <[email protected]> wrote:
>
> Hi,
>
> [This is an automated email]
>
> This commit has been processed because it contains a "Fixes:" tag,
> fixing commit: ff3cc952d3f0 resource: Add remove_resource interface.
>
> The bot has tested the following trees: v5.1.9, v4.19.50, v4.14.125, v4.9.181.
>
> v5.1.9: Build OK!
> v4.19.50: Failed to apply! Possible dependencies:
> 010a93bf97c7 ("resource: Fix find_next_iomem_res() iteration issue")
> a98959fdbda1 ("resource: Include resource end in walk_*() interfaces")
>
> v4.14.125: Failed to apply! Possible dependencies:
> 010a93bf97c7 ("resource: Fix find_next_iomem_res() iteration issue")
> 0e4c12b45aa8 ("x86/mm, resource: Use PAGE_KERNEL protection for ioremap of memory pages")
> 1d2e733b13b4 ("resource: Provide resource struct in resource walk callback")
> 4ac2aed837cb ("resource: Consolidate resource walking code")
> a98959fdbda1 ("resource: Include resource end in walk_*() interfaces")
>
> v4.9.181: Failed to apply! Possible dependencies:
> 010a93bf97c7 ("resource: Fix find_next_iomem_res() iteration issue")
> 0e4c12b45aa8 ("x86/mm, resource: Use PAGE_KERNEL protection for ioremap of memory pages")
> 1d2e733b13b4 ("resource: Provide resource struct in resource walk callback")
> 4ac2aed837cb ("resource: Consolidate resource walking code")
> 60fe3910bb02 ("kexec_file: Allow arch-specific memory walking for kexec_add_buffer")
> a0458284f062 ("powerpc: Add support code for kexec_file_load()")
> a98959fdbda1 ("resource: Include resource end in walk_*() interfaces")
> da6658859b9c ("powerpc: Change places using CONFIG_KEXEC to use CONFIG_KEXEC_CORE instead.")
> ec2b9bfaac44 ("kexec_file: Change kexec_add_buffer to take kexec_buf as argument.")
Is there a reason 010a93bf97c7 ("resource: Fix find_next_iomem_res()
iteration issue”) was not backported?
For 4.19 the following passes compilation.
-- >8 --
From: Nadav Amit <[email protected]>
Subject: [PATCH] resource: Fix locking in find_next_iomem_res()
Since resources can be removed, locking should ensure that the resource
is not removed while accessing it. However, find_next_iomem_res() does
not hold the lock while copying the data of the resource. Keep holding
the lock while the data is copied.
Fixes: ff3cc952d3f00 ("resource: Add remove_resource interface")
Cc: [email protected]
Cc: Borislav Petkov <[email protected]>
Cc: Toshi Kani <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Dave Hansen <[email protected]>
Cc: Dan Williams <[email protected]>
Cc: Bjorn Helgaas <[email protected]>
Cc: Ingo Molnar <[email protected]>
Signed-off-by: Nadav Amit <[email protected]>
---
kernel/resource.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/kernel/resource.c b/kernel/resource.c
index 30e1bc68503b..0201feade7d5 100644
--- a/kernel/resource.c
+++ b/kernel/resource.c
@@ -331,6 +331,7 @@ static int find_next_iomem_res(struct resource *res, unsigned long desc,
resource_size_t start, end;
struct resource *p;
bool sibling_only = false;
+ int r = 0;
BUG_ON(!res);
@@ -356,9 +357,11 @@ static int find_next_iomem_res(struct resource *res, unsigned long desc,
break;
}
- read_unlock(&resource_lock);
- if (!p)
- return -1;
+ if (!p) {
+ r = -1;
+ goto out;
+ }
+
/* copy data */
if (res->start < p->start)
res->start = p->start;
@@ -366,7 +369,9 @@ static int find_next_iomem_res(struct resource *res, unsigned long desc,
res->end = p->end;
res->flags = p->flags;
res->desc = p->desc;
- return 0;
+out:
+ read_unlock(&resource_lock);
+ return r;
}
static int __walk_iomem_res_desc(struct resource *res, unsigned long desc,
--
2.17.1
On Mon, Jun 17, 2019 at 07:14:53PM +0000, Nadav Amit wrote:
>> On Jun 15, 2019, at 3:15 PM, Sasha Levin <[email protected]> wrote:
>>
>> Hi,
>>
>> [This is an automated email]
>>
>> This commit has been processed because it contains a "Fixes:" tag,
>> fixing commit: ff3cc952d3f0 resource: Add remove_resource interface.
>>
>> The bot has tested the following trees: v5.1.9, v4.19.50, v4.14.125, v4.9.181.
>>
>> v5.1.9: Build OK!
>> v4.19.50: Failed to apply! Possible dependencies:
>> 010a93bf97c7 ("resource: Fix find_next_iomem_res() iteration issue")
>> a98959fdbda1 ("resource: Include resource end in walk_*() interfaces")
>>
>> v4.14.125: Failed to apply! Possible dependencies:
>> 010a93bf97c7 ("resource: Fix find_next_iomem_res() iteration issue")
>> 0e4c12b45aa8 ("x86/mm, resource: Use PAGE_KERNEL protection for ioremap of memory pages")
>> 1d2e733b13b4 ("resource: Provide resource struct in resource walk callback")
>> 4ac2aed837cb ("resource: Consolidate resource walking code")
>> a98959fdbda1 ("resource: Include resource end in walk_*() interfaces")
>>
>> v4.9.181: Failed to apply! Possible dependencies:
>> 010a93bf97c7 ("resource: Fix find_next_iomem_res() iteration issue")
>> 0e4c12b45aa8 ("x86/mm, resource: Use PAGE_KERNEL protection for ioremap of memory pages")
>> 1d2e733b13b4 ("resource: Provide resource struct in resource walk callback")
>> 4ac2aed837cb ("resource: Consolidate resource walking code")
>> 60fe3910bb02 ("kexec_file: Allow arch-specific memory walking for kexec_add_buffer")
>> a0458284f062 ("powerpc: Add support code for kexec_file_load()")
>> a98959fdbda1 ("resource: Include resource end in walk_*() interfaces")
>> da6658859b9c ("powerpc: Change places using CONFIG_KEXEC to use CONFIG_KEXEC_CORE instead.")
>> ec2b9bfaac44 ("kexec_file: Change kexec_add_buffer to take kexec_buf as argument.")
>
>Is there a reason 010a93bf97c7 ("resource: Fix find_next_iomem_res()
>iteration issue”) was not backported?
Mostly because it's not tagged for stable :)
--
Thanks,
Sasha
> On Jun 17, 2019, at 5:55 PM, Sasha Levin <[email protected]> wrote:
>
> On Mon, Jun 17, 2019 at 07:14:53PM +0000, Nadav Amit wrote:
>>> On Jun 15, 2019, at 3:15 PM, Sasha Levin <[email protected]> wrote:
>>>
>>> Hi,
>>>
>>> [This is an automated email]
>>>
>>> This commit has been processed because it contains a "Fixes:" tag,
>>> fixing commit: ff3cc952d3f0 resource: Add remove_resource interface.
>>>
>>> The bot has tested the following trees: v5.1.9, v4.19.50, v4.14.125, v4.9.181.
>>>
>>> v5.1.9: Build OK!
>>> v4.19.50: Failed to apply! Possible dependencies:
>>> 010a93bf97c7 ("resource: Fix find_next_iomem_res() iteration issue")
>>> a98959fdbda1 ("resource: Include resource end in walk_*() interfaces")
>>>
>>> v4.14.125: Failed to apply! Possible dependencies:
>>> 010a93bf97c7 ("resource: Fix find_next_iomem_res() iteration issue")
>>> 0e4c12b45aa8 ("x86/mm, resource: Use PAGE_KERNEL protection for ioremap of memory pages")
>>> 1d2e733b13b4 ("resource: Provide resource struct in resource walk callback")
>>> 4ac2aed837cb ("resource: Consolidate resource walking code")
>>> a98959fdbda1 ("resource: Include resource end in walk_*() interfaces")
>>>
>>> v4.9.181: Failed to apply! Possible dependencies:
>>> 010a93bf97c7 ("resource: Fix find_next_iomem_res() iteration issue")
>>> 0e4c12b45aa8 ("x86/mm, resource: Use PAGE_KERNEL protection for ioremap of memory pages")
>>> 1d2e733b13b4 ("resource: Provide resource struct in resource walk callback")
>>> 4ac2aed837cb ("resource: Consolidate resource walking code")
>>> 60fe3910bb02 ("kexec_file: Allow arch-specific memory walking for kexec_add_buffer")
>>> a0458284f062 ("powerpc: Add support code for kexec_file_load()")
>>> a98959fdbda1 ("resource: Include resource end in walk_*() interfaces")
>>> da6658859b9c ("powerpc: Change places using CONFIG_KEXEC to use CONFIG_KEXEC_CORE instead.")
>>> ec2b9bfaac44 ("kexec_file: Change kexec_add_buffer to take kexec_buf as argument.")
>>
>> Is there a reason 010a93bf97c7 ("resource: Fix find_next_iomem_res()
>> iteration issue”) was not backported?
>
> Mostly because it's not tagged for stable :)
Good point. Unfortunately, 010a93bf97c7 does not apply cleanly either.
Bjorn, do you think your patch should be backported?
If not, I can create a version of the patch that I sent for 4.14/4.9.
On Wed, 12 Jun 2019 21:59:01 -0700 Nadav Amit <[email protected]> wrote:
> Since resources can be removed, locking should ensure that the resource
> is not removed while accessing it. However, find_next_iomem_res() does
> not hold the lock while copying the data of the resource.
Looks right to me.
> Keep holding the lock while the data is copied. While at it, change the
> return value to a more informative value. It is disregarded by the
> callers.
The kerneldoc needs a resync:
--- a/kernel/resource.c~resource-fix-locking-in-find_next_iomem_res-fix
+++ a/kernel/resource.c
@@ -326,7 +326,7 @@ EXPORT_SYMBOL(release_resource);
*
* If a resource is found, returns 0 and @*res is overwritten with the part
* of the resource that's within [@start..@end]; if none is found, returns
- * -1 or -EINVAL for other invalid parameters.
+ * -ENODEV. Returns -EINVAL for invalid parameters.
*
* This function walks the whole tree and not just first level children
* unless @first_lvl is true.
_