Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp2276508ybl; Sun, 18 Aug 2019 22:40:45 -0700 (PDT) X-Google-Smtp-Source: APXvYqwQuCObEQEmd09yWkVn+mmA5D6Tk0n9qBUYAWgqLSL9eUVYOj7R1j+SwNkSIK+neP1JA1tf X-Received: by 2002:a17:902:e38b:: with SMTP id ch11mr19408381plb.275.1566193244952; Sun, 18 Aug 2019 22:40:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1566193244; cv=none; d=google.com; s=arc-20160816; b=g03sEL37w1g/oqqS7+3PMJQiEtAxPIqRqm87fEMpy+2H27d1XrSdarUjXpBO/JmV+I eDP7FpgMVnjXClgfCR/Ipbb9IybFUyF6+UEp69zb8CE9N1L94bLtnMpQuWn/vSKUsv5s 9sHbyVj18uW9AWwOinPlJpfafzckshHs7jMVrIK9zxhbGkjh9by5w1GktCeyj+HJpscB +Y0wxCMy1EsmVTcZqn9wqhfZ4UaOauIZU5sNKC+F9uVBcyUepEHAHGDZngN9ASt6HTPs wy+XnQUiIHQQTOekm4tEtejWzR5h3T2rUCmg2lKcKDyAJgXdbGObKG7c3gFPnn7DW98c AVUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=yhdD4nGoQvU5n/1LnS+74dxquQ0QLgV1hJecRt6Zdes=; b=gSqBjGbZ0o+yGSMhz1HRWp35PzIKOIy7HjIJ6zkYPvzb8RyWd07lfP1z5CPJzJq6vX +s2O9OHIyKr8NB3Gw/LEUbNIpjA1zuuXixIxIiWxDlA/65vthmy25ylYROnziDOPdwt0 NabXWrWW6Z6r/Uo1DNyN3zRct9hujWrZ3zXH3bMa61IhB3dwcvxYmrnE7hg8PdUWo0F4 QVtKH1t+mQKOpfGAMOUxzLuhsP4uU3AeTsPt4c2dC+HfKm95Pew7eRwYJBg9ExVE8OFi 3ap2txal8duOfPzlCEDntvz0wD/oe5f1Rlla2CWnihjDoaaQh5CqN/2S+v29UyeYW9s8 iBXw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q145si9902322pfc.31.2019.08.18.22.40.29; Sun, 18 Aug 2019 22:40:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726481AbfHSFjl (ORCPT + 99 others); Mon, 19 Aug 2019 01:39:41 -0400 Received: from mail-pl1-f196.google.com ([209.85.214.196]:39589 "EHLO mail-pl1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725871AbfHSFjk (ORCPT ); Mon, 19 Aug 2019 01:39:40 -0400 Received: by mail-pl1-f196.google.com with SMTP id z3so414483pln.6; Sun, 18 Aug 2019 22:39:40 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=yhdD4nGoQvU5n/1LnS+74dxquQ0QLgV1hJecRt6Zdes=; b=DZXIhmTLcFvTmOOgTKQM8bDOFcP8VgXfdYFgxU5CVyle2qQBZaCeU5BharcXPQPEom IdpPakOS9tjMEyM/28gjEMUTCbKhjpwWTPATn2oYwI8Oodvo8LE5m9K+mvZfvZJKYmYY 9mrE4vmWLzoVYGgzA8QzOybZt0OszT6g5wJK0Qc/4Hr3HLp/YzZ/SRv1RBaz7NXCPoME mO5fr1LewGLaUgArpIBo56nCnge3ap7xvfHvPb4pUk/WsnnPLwrfDkH9fLvcPb01AUu9 01NTEEa6VU4KPcw7zqy0DDw/UK5IhezV6c1jfjBvKKF7GQqcO4p9NIIwROgNKX25vbwZ 5rQQ== X-Gm-Message-State: APjAAAVstweEKK4Z2YZya2VvLJcnxGyQowfpL5uVZwGY0VtF5YGJa5Y4 98nI2hDz7bmkoISJ5L25a1Y= X-Received: by 2002:a17:902:1e3:: with SMTP id b90mr20264552plb.82.1566193179760; Sun, 18 Aug 2019 22:39:39 -0700 (PDT) Received: from 42.do-not-panic.com (42.do-not-panic.com. [157.230.128.187]) by smtp.gmail.com with ESMTPSA id n128sm13832271pfn.46.2019.08.18.22.39.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 18 Aug 2019 22:39:38 -0700 (PDT) Received: by 42.do-not-panic.com (Postfix, from userid 1000) id EA62040605; Mon, 19 Aug 2019 05:39:37 +0000 (UTC) Date: Mon, 19 Aug 2019 05:39:37 +0000 From: Luis Chamberlain To: Scott Branden Cc: Greg Kroah-Hartman , Andy Gross , David Brown , Alexander Viro , Shuah Khan , bjorn.andersson@linaro.org, "Rafael J . Wysocki" , linux-kernel@vger.kernel.org, linux-arm-msm@vger.kernel.org, linux-fsdevel@vger.kernel.org, BCM Kernel Feedback , Olof Johansson , Andrew Morton , Dan Carpenter , Colin Ian King , Kees Cook , Takashi Iwai , linux-kselftest@vger.kernel.org Subject: Re: [PATCH 3/3] firmware: add mutex fw_lock_fallback for race condition Message-ID: <20190819053937.GR16384@42.do-not-panic.com> References: <20190816000945.29810-1-scott.branden@broadcom.com> <20190816000945.29810-4-scott.branden@broadcom.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190816000945.29810-4-scott.branden@broadcom.com> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Aug 15, 2019 at 05:09:45PM -0700, Scott Branden wrote: > A race condition exists between _request_firmware_prepare checking > if firmware is assigned and firmware_fallback_sysfs creating a sysfs > entry (kernel trace below). To avoid such condition add a mutex > fw_lock_fallback to protect against such condition. I am not buying this fix, and it seems sloppy. More below. > misc test_firmware: Falling back to sysfs fallback for: nope-test-firmware.bin So the fallback kicks in with the file that is not there. > sysfs: cannot create duplicate filename '/devices/virtual/misc/test_firmware/nope-test-firmware.bin' And we have a duplicate entry, for the *device* created to allow us to create a file entry to allow us to copy the file. Your tests had a loop, so there is actually a race between two entries being created while one one failed. > CPU: 4 PID: 2059 Comm: test_firmware-3 Not tainted 5.3.0-rc4 #1 > Hardware name: Dell Inc. OptiPlex 7010/0KRC95, BIOS A13 03/25/2013 > Call Trace: > dump_stack+0x67/0x90 > sysfs_warn_dup.cold+0x17/0x24 > sysfs_create_dir_ns+0xb3/0xd0 > kobject_add_internal+0xa6/0x2a0 > kobject_add+0x7e/0xb0 Note: kobject_add(). > ? _cond_resched+0x15/0x30 > device_add+0x121/0x670 > firmware_fallback_sysfs+0x15c/0x3c9 > _request_firmware+0x432/0x5a0 > ? devres_find+0x63/0xc0 > request_firmware_into_buf+0x63/0x80 > test_fw_run_batch_request+0x96/0xe0 > kthread+0xfb/0x130 > ? reset_store+0x30/0x30 > ? kthread_park+0x80/0x80 > ret_from_fork+0x3a/0x50 > kobject_add_internal failed for nope-test-firmware.bin with -EEXIST, don't try to register things with the same name in the same directory. So above it makes it even clearer, two kobjets with the same name. > Signed-off-by: Scott Branden > --- > drivers/base/firmware_loader/main.c | 15 +++++++++++++++ > 1 file changed, 15 insertions(+) > > diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c > index bf44c79beae9..ce9896e3b782 100644 > --- a/drivers/base/firmware_loader/main.c > +++ b/drivers/base/firmware_loader/main.c > @@ -88,6 +88,7 @@ static inline struct fw_priv *to_fw_priv(struct kref *ref) > /* fw_lock could be moved to 'struct fw_sysfs' but since it is just > * guarding for corner cases a global lock should be OK */ > DEFINE_MUTEX(fw_lock); > +DEFINE_MUTEX(fw_lock_fallback); The reason I don't like this fix is that this mutex is named after ther fallback interface... but... > > static struct firmware_cache fw_cache; > > @@ -758,6 +759,17 @@ _request_firmware(const struct firmware **firmware_p, const char *name, > if (!firmware_p) > return -EINVAL; > > + /* > + * There is a race condition between _request_firmware_prepare checking > + * if firmware is assigned and firmware_fallback_sysfs creating sysfs > + * entries with duplicate names. > + * Yet, with this lock the firmware_test locks up with cache enabled > + * and no event used during firmware test. > + * This points to some very racy code I don't know how to entirely fix. > + */ > + if (opt_flags & FW_OPT_NOCACHE) > + mutex_lock(&fw_lock_fallback); Whoa.. What does no-cache have anything to do with the fallback interface other than the fact we enable this feature for the fallback interface? We don't need to penalize non-fallback users who *also* may want to enable the no-cache feature. So, the fix should be within the boundaries of the creation / deletion of the kobject, not this nocache feature. Can you please re-evaluate this code and look for a more compartamentalized solution to the fallback code only? Luis