From: Dan Carpenter <dan.carpenter@oracle.com>
To: William Breathitt Gray <vilhelm.gray@gmail.com>
Cc: jic23@kernel.org, linux-stm32@st-md-mailman.stormreply.com,
kernel@pengutronix.de, a.fatoum@pengutronix.de,
kamel.bouhara@bootlin.com, gwendal@chromium.org,
alexandre.belloni@bootlin.com, david@lechnology.com,
linux-iio@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, syednwaris@gmail.com,
patrick.havelange@essensium.com, fabrice.gasnier@st.com,
mcoquelin.stm32@gmail.com, alexandre.torgue@st.com,
o.rempel@pengutronix.de, jarkko.nikula@linux.intel.com
Subject: Re: [PATCH v11 26/33] counter: Add character device interface
Date: Wed, 9 Jun 2021 11:59:38 +0300 [thread overview]
Message-ID: <20210609085938.GM10983@kadam> (raw)
In-Reply-To: <YMB7mq0LHqmyAAzb@shinobu>
On Wed, Jun 09, 2021 at 05:28:10PM +0900, William Breathitt Gray wrote:
> On Wed, Jun 09, 2021 at 11:07:08AM +0300, Dan Carpenter wrote:
> > On Wed, Jun 09, 2021 at 10:31:29AM +0900, William Breathitt Gray wrote:
> > > +static int counter_set_event_node(struct counter_device *const counter,
> > > + struct counter_watch *const watch,
> > > + const struct counter_comp_node *const cfg)
> > > +{
> > > + struct counter_event_node *event_node;
> > > + struct counter_comp_node *comp_node;
> > > +
> >
> > The caller should be holding the counter->events_list_lock lock but it's
> > not.
>
> Hi Dan,
>
> The counter_set_event_node() function doesn't access or modify
> counter->events_list (it works on counter->next_events_list) so holding
> the counter->events_list_lock here isn't necessary.
>
There needs to be some sort of locking or this function can race with
itself. (Two threads add the same event at exactly the same time). It
looks like it can also race with counter_disable_events() leading to a
use after free.
> > > + /* Search for event in the list */
> > > + list_for_each_entry(event_node, &counter->next_events_list, l)
> > > + if (event_node->event == watch->event &&
> > > + event_node->channel == watch->channel)
> > > + break;
> > > +
> > > + /* If event is not already in the list */
> > > + if (&event_node->l == &counter->next_events_list) {
> > > + /* Allocate new event node */
> > > + event_node = kmalloc(sizeof(*event_node), GFP_ATOMIC);
Btw, say we decided that we can add/remove events locklessly, then these
GFP_ATOMICs can be changed to GFP_KERNEL.
> > > + if (!event_node)
> > > + return -ENOMEM;
> > > +
> > > + /* Configure event node and add to the list */
> > > + event_node->event = watch->event;
> > > + event_node->channel = watch->channel;
> > > + INIT_LIST_HEAD(&event_node->comp_list);
> > > + list_add(&event_node->l, &counter->next_events_list);
> > > + }
> > > +
> > > + /* Check if component watch has already been set before */
> > > + list_for_each_entry(comp_node, &event_node->comp_list, l)
> > > + if (comp_node->parent == cfg->parent &&
> > > + comp_node->comp.count_u8_read == cfg->comp.count_u8_read)
> > > + return -EINVAL;
> > > +
> > > + /* Allocate component node */
> > > + comp_node = kmalloc(sizeof(*comp_node), GFP_ATOMIC);
^^^^^^^^^^
> > > + if (!comp_node) {
> > > + /* Free event node if no one else is watching */
> > > + if (list_empty(&event_node->comp_list)) {
> > > + list_del(&event_node->l);
> > > + kfree(event_node);
> > > + }
> > > + return -ENOMEM;
> > > + }
> > > + *comp_node = *cfg;
> > > +
> > > + /* Add component node to event node */
> > > + list_add_tail(&comp_node->l, &event_node->comp_list);
> > > +
> > > + return 0;
> > > +}
regards,
dan carpenter
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-06-09 9:32 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-09 1:31 [PATCH v11 00/33] Introduce the Counter character device interface William Breathitt Gray
2021-06-09 1:31 ` [PATCH v11 01/33] docs: counter: Consolidate Counter sysfs attributes documentation William Breathitt Gray
2021-06-09 14:55 ` Jonathan Cameron
2021-06-09 1:31 ` [PATCH v11 02/33] docs: counter: Fix spelling William Breathitt Gray
2021-06-09 15:02 ` Jonathan Cameron
2021-06-09 1:31 ` [PATCH v11 03/33] counter: 104-quad-8: Remove pointless comment William Breathitt Gray
2021-06-09 15:02 ` Jonathan Cameron
2021-06-09 1:31 ` [PATCH v11 04/33] counter: 104-quad-8: Return error when invalid mode during ceiling_write William Breathitt Gray
2021-06-09 15:12 ` Jonathan Cameron
2021-06-09 15:48 ` William Breathitt Gray
2021-06-09 1:31 ` [PATCH v11 05/33] counter: 104-quad-8: Annotate hardware config module parameter William Breathitt Gray
2021-06-09 15:17 ` Jonathan Cameron
2021-06-09 1:31 ` [PATCH v11 06/33] counter: 104-quad-8: Add const qualifiers for quad8_preset_register_set William Breathitt Gray
2021-06-09 15:19 ` Jonathan Cameron
2021-06-09 1:31 ` [PATCH v11 07/33] counter: 104-quad-8: Add const qualifier for functions_list array William Breathitt Gray
2021-06-09 15:20 ` Jonathan Cameron
2021-06-09 1:31 ` [PATCH v11 08/33] counter: interrupt-cnt: " William Breathitt Gray
2021-06-09 15:21 ` Jonathan Cameron
2021-06-09 1:31 ` [PATCH v11 09/33] counter: microchip-tcb-capture: " William Breathitt Gray
2021-06-09 15:22 ` Jonathan Cameron
2021-06-09 1:31 ` [PATCH v11 10/33] counter: stm32-lptimer-cnt: " William Breathitt Gray
2021-06-09 15:25 ` Jonathan Cameron
2021-06-09 1:31 ` [PATCH v11 11/33] counter: stm32-timer-cnt: " William Breathitt Gray
2021-06-09 15:25 ` Jonathan Cameron
2021-06-09 1:31 ` [PATCH v11 12/33] counter: 104-quad-8: Add const qualifier for actions_list array William Breathitt Gray
2021-06-09 15:27 ` Jonathan Cameron
2021-06-09 1:31 ` [PATCH v11 13/33] counter: ftm-quaddec: " William Breathitt Gray
2021-06-09 15:28 ` Jonathan Cameron
2021-06-09 1:31 ` [PATCH v11 14/33] counter: interrupt-cnt: " William Breathitt Gray
2021-06-09 15:29 ` Jonathan Cameron
2021-06-09 15:36 ` William Breathitt Gray
2021-06-09 1:31 ` [PATCH v11 15/33] counter: microchip-tcb-capture: " William Breathitt Gray
2021-06-09 15:30 ` Jonathan Cameron
2021-06-09 1:31 ` [PATCH v11 16/33] counter: stm32-lptimer-cnt: " William Breathitt Gray
2021-06-09 15:32 ` Jonathan Cameron
2021-06-09 1:31 ` [PATCH v11 17/33] counter: stm32-timer-cnt: " William Breathitt Gray
2021-06-09 15:33 ` Jonathan Cameron
2021-06-09 1:31 ` [PATCH v11 18/33] counter: Return error code on invalid modes William Breathitt Gray
2021-06-09 15:47 ` Jonathan Cameron
2021-07-03 10:41 ` William Breathitt Gray
2021-06-09 1:31 ` [PATCH v11 19/33] counter: Standardize to ERANGE for limit exceeded errors William Breathitt Gray
2021-06-09 1:31 ` [PATCH v11 20/33] counter: Rename counter_signal_value to counter_signal_level William Breathitt Gray
2021-06-09 1:31 ` [PATCH v11 21/33] counter: Rename counter_count_function to counter_function William Breathitt Gray
2021-06-09 1:31 ` [PATCH v11 23/33] counter: Update counter.h comments to reflect sysfs internalization William Breathitt Gray
2021-06-09 16:55 ` Jonathan Cameron
2021-06-09 1:31 ` [PATCH v11 24/33] docs: counter: Update " William Breathitt Gray
2021-06-09 1:31 ` [PATCH v11 25/33] counter: Move counter enums to uapi header William Breathitt Gray
2021-06-09 1:31 ` [PATCH v11 26/33] counter: Add character device interface William Breathitt Gray
2021-06-09 8:07 ` Dan Carpenter
2021-06-09 8:28 ` William Breathitt Gray
2021-06-09 8:59 ` Dan Carpenter [this message]
2021-06-09 14:16 ` William Breathitt Gray
2021-06-09 1:31 ` [PATCH v11 27/33] docs: counter: Document " William Breathitt Gray
2021-06-09 1:31 ` [PATCH v11 28/33] tools/counter: Create Counter tools William Breathitt Gray
2021-06-09 1:31 ` [PATCH v11 29/33] counter: Implement signalZ_action_component_id sysfs attribute William Breathitt Gray
2021-06-09 1:31 ` [PATCH v11 30/33] counter: Implement *_component_id sysfs attributes William Breathitt Gray
2021-06-09 1:31 ` [PATCH v11 31/33] counter: Implement events_queue_size sysfs attribute William Breathitt Gray
2021-06-09 1:31 ` [PATCH v11 32/33] counter: 104-quad-8: Replace mutex with spinlock William Breathitt Gray
2021-06-09 1:31 ` [PATCH v11 33/33] counter: 104-quad-8: Add IRQ support for the ACCES 104-QUAD-8 William Breathitt Gray
2021-06-09 17:27 ` Jonathan Cameron
2021-06-09 13:59 ` [PATCH v11 00/33] Introduce the Counter character device interface Jonathan Cameron
2021-06-09 14:26 ` William Breathitt Gray
[not found] ` <87dec6c889e40068ed27cbb3e66a6376856e2267.1623201082.git.vilhelm.gray@gmail.com>
2021-06-09 16:51 ` [RESEND PATCH v11 22/33] counter: Internalize sysfs interface code Jonathan Cameron
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210609085938.GM10983@kadam \
--to=dan.carpenter@oracle.com \
--cc=a.fatoum@pengutronix.de \
--cc=alexandre.belloni@bootlin.com \
--cc=alexandre.torgue@st.com \
--cc=david@lechnology.com \
--cc=fabrice.gasnier@st.com \
--cc=gwendal@chromium.org \
--cc=jarkko.nikula@linux.intel.com \
--cc=jic23@kernel.org \
--cc=kamel.bouhara@bootlin.com \
--cc=kernel@pengutronix.de \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-iio@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-stm32@st-md-mailman.stormreply.com \
--cc=mcoquelin.stm32@gmail.com \
--cc=o.rempel@pengutronix.de \
--cc=patrick.havelange@essensium.com \
--cc=syednwaris@gmail.com \
--cc=vilhelm.gray@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).