Received: by 10.223.185.116 with SMTP id b49csp5549959wrg; Wed, 7 Mar 2018 13:49:46 -0800 (PST) X-Google-Smtp-Source: AG47ELtQTUFG3t8x24wz8dNPnJRAeXLvgr5vxyZ52fsMMFAQNilaZ9kQbG/k1SBXJoh5cczNml08 X-Received: by 10.167.129.24 with SMTP id b24mr23912804pfi.183.1520459386822; Wed, 07 Mar 2018 13:49:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1520459386; cv=none; d=google.com; s=arc-20160816; b=hMJTnzaPRCbya/+jHCXiOoowPeJANy02JK6m17WvKJMuLd/50rSfAaQscH4dq2yqdq 2i8tZsNNFHBvnLCwLt8IvP9ma0okf9BIMoR2ML/xa6GPOCDiEJIHnsQNS3O6QRhJmgmy Eb8fCxQMDuLVlGj/f/UlW1nq7i+r24V4k4bCImPU9A8jK7dR4BRGzdoEOUziLBdT3P1b skSZmnbDnJiHFBTbNvNnFMkKw77wnNRn0TtEau6O0OtQvSmZ+6niayFnpUDFMhSkInsE EAXGBS8tDKUBpbGQv51b18wGbRZJe20Ja7tRPHilxAehjun7EO/UD7w9e0IGb7nxfJit ZQmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=CYhyqNJqpkCg/+y9HKfpmy6b8a0heO16vxDUe/rIBx8=; b=oT9rRgJBqZGjs93pyvogfsckcsXtx5N2eHaSSHqJcD4yeLt8rQQEdaXtSS2X+lF9wY EFxm0eXDQUSuBn/0efObwN76lqF0J4+ZxtlHZuUhXc+6qWMG819jjRBAq8rJIFYfFy1N 4BBRCryVxzTHhRwaavkqZvcQ8IEhKmOSGwM/CcIRR6kDUfXlE6AK3PVniwsW1+XDTxxF Dq/5Crm7BLwWnpVVD3g0Hcr3cA3mMHwZoTknACSNEqvM0Pcmar0VBpZzScoGbMRkvLuu yRQLkuBKKVffStqdePmCeJI/n7S/pkEUOdLEcyFwpiVhJq/QrBEb0Q+ZiBdU9QzGpW+c 1+4g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=DoR3yrFx; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s22si14234855pfh.340.2018.03.07.13.49.32; Wed, 07 Mar 2018 13:49:46 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=DoR3yrFx; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933922AbeCGVsf (ORCPT + 99 others); Wed, 7 Mar 2018 16:48:35 -0500 Received: from mail-wr0-f194.google.com ([209.85.128.194]:33804 "EHLO mail-wr0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933674AbeCGVse (ORCPT ); Wed, 7 Mar 2018 16:48:34 -0500 Received: by mail-wr0-f194.google.com with SMTP id o8so3696612wra.1; Wed, 07 Mar 2018 13:48:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=CYhyqNJqpkCg/+y9HKfpmy6b8a0heO16vxDUe/rIBx8=; b=DoR3yrFxv3iD8Q+hLr6grAc1WKxkcfQ+TljA0IRUlrbLPXe1Ns/A1C5NUp/hu6yVKo xzYmhhZxzOrvupyr4K47zxu5H88RW9/XHgtfoPor6E+fvHGVVan9ZZpw4gLlhwsNUtFo kDovjka2hL5YSHH0hMD/IbEF1T1QIsOscOHrV1wXztU1tsESMlgowVsS7jz55Fo+xH1i VKGXYTPvEQGUMoEjwiWpuACRfAyGxvyKLg5BTXdwmHnR9lf8+5SPKlNUU+WlwQKRdEse MAsnqHdx9hXTNJGZE8nRO9FIdcmTotSdZ+GKXeHUbi8fS3pmVx6qROpCA4x8Wfvf/TKt rpmw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=CYhyqNJqpkCg/+y9HKfpmy6b8a0heO16vxDUe/rIBx8=; b=W4cZjs4bbxI4RmimXRynb/FU4sMv/Kf+Dw6Kez15dHtFE6TqJKzCjgYBA9Bsi/EDAm 4uPlU3B5a1kyd8malCPreQmyR/PcRDeS9gY+mHQiDz3nF7ifNcgjhC9OcpKiXM7EMgdq QYmhao/XKRP6pvet6ud4M2a03ciq2LFT6x4iOSXF2z6kwujNgJ+nInNjtzmPxRFxzCAq 5/5nJ3S4yuM0vxPrPmkmOr5pP07GkkFjYKPj2KpsCsRtbFS8ct0N38HK4mDG4YJ3btN4 9hWzNQLMUmcOJn7i/J+nQURsJ0QazmX2DPMvtrvqq1WHNnLE/bW4APTj2wf753J8ODxK 8SJA== X-Gm-Message-State: APf1xPDgi+Zx18ceTlWuDbp0/VNVlVtECR2rRUXVOfDMQKgGiXq0Piua ck7vaim4qQuuHyTrJTCzJ+U= X-Received: by 10.223.177.138 with SMTP id q10mr19071529wra.132.1520459312165; Wed, 07 Mar 2018 13:48:32 -0800 (PST) Received: from flashbox ([2a01:4f8:10b:24a5::2]) by smtp.gmail.com with ESMTPSA id 56sm22583220wrx.39.2018.03.07.13.48.30 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 07 Mar 2018 13:48:31 -0800 (PST) Date: Wed, 7 Mar 2018 14:48:29 -0700 From: Nathan Chancellor To: Paul Lawrence Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org, Ben Hutchings , Greg Kroah-Hartman , Arve =?iso-8859-1?B?SGr4bm5lduVn?= , Todd Kjos , Martijn Coenen , devel@driverdev.osuosl.org Subject: Re: [PATCH] staging: android: ashmem: Remove deadlock Message-ID: <20180307214829.GA15587@flashbox> References: <20180307214042.135109-1-paullawrence@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180307214042.135109-1-paullawrence@google.com> User-Agent: Mutt/1.9.3 (2018-01-21) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Mar 07, 2018 at 01:40:30PM -0800, Paul Lawrence wrote: > Regression introduced in commit ce8a3a9e76d0193e2e8d74a06d275b3c324ca652 > ("staging: android: ashmem: Fix a race condition in pin ioctls") > causing deadlock. > > No need to hold ashmem_mutex while copying from user > > Stacks are: > > ashmem_mmap+0x53/0x400 drivers/staging/android/ashmem.c:379 > mmap_region+0x7dd/0xfd0 mm/mmap.c:1694 > do_mmap+0x57b/0xbe0 mm/mmap.c:1473 > > and > > lock_acquire+0x12e/0x410 kernel/locking/lockdep.c:3756 > __might_fault+0x14a/0x1d0 mm/memory.c:4014 > copy_from_user arch/x86/include/asm/uaccess.h:705 [inline] > ashmem_pin_unpin drivers/staging/android/ashmem.c:719 [inline] > > Signed-off-by: Paul Lawrence > Cc: # 4.9.x > Cc: # 4.4.x > Cc: # 3.18.x: ce8a3a9e76d01 > Cc: # 3.18.x > Cc: Ben Hutchings > --- > drivers/staging/android/ashmem.c | 8 +++----- > 1 file changed, 3 insertions(+), 5 deletions(-) > > diff --git a/drivers/staging/android/ashmem.c b/drivers/staging/android/ashmem.c > index 6dbba5aff191..8c55706c2cfa 100644 > --- a/drivers/staging/android/ashmem.c > +++ b/drivers/staging/android/ashmem.c > @@ -702,16 +702,14 @@ static int ashmem_pin_unpin(struct ashmem_area *asma, unsigned long cmd, > size_t pgstart, pgend; > int ret = -EINVAL; > > + if (unlikely(copy_from_user(&pin, p, sizeof(pin)))) > + return -EFAULT; > + > mutex_lock(&ashmem_mutex); > > if (unlikely(!asma->file)) > goto out_unlock; > > - if (unlikely(copy_from_user(&pin, p, sizeof(pin)))) { > - ret = -EFAULT; > - goto out_unlock; > - } > - > /* per custom, you can pass zero for len to mean "everything onward" */ > if (!pin.len) > pin.len = PAGE_ALIGN(asma->size) - pin.offset; > -- > 2.16.2.395.g2e18187dfd-goog > Hey Paul, Looks like this same patch is already in Greg's tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git/commit/?id=740a5759bf222332fbb5eda42f89aa25ba38f9b2 Cheers! Nathan Chancellor