dmaengine Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH] dmaengine: idxd: fix cdev locking for open and release
@ 2020-06-15 20:54 Dave Jiang
  2020-06-22 11:59 ` Dan Carpenter
  0 siblings, 1 reply; 2+ messages in thread
From: Dave Jiang @ 2020-06-15 20:54 UTC (permalink / raw)
  To: vkoul; +Cc: Nikhil Rao, dmaengine

From: Nikhil Rao <nikhil.rao@intel.com>

add the wq lock in cdev open and release call. This fixes
race conditions observed in the open and close routines.

Fixes: 42d279f9137a ("dmaengine: idxd: add char driver to expose submission portal to userland")

Signed-off-by: Nikhil Rao <nikhil.rao@intel.com>
Signed-off-by: Dave Jiang <dave.jiang@intel.com>
---
 drivers/dma/idxd/cdev.c |   23 +++++++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/drivers/dma/idxd/cdev.c b/drivers/dma/idxd/cdev.c
index ff49847e37a8..207555296913 100644
--- a/drivers/dma/idxd/cdev.c
+++ b/drivers/dma/idxd/cdev.c
@@ -74,6 +74,7 @@ static int idxd_cdev_open(struct inode *inode, struct file *filp)
 	struct idxd_device *idxd;
 	struct idxd_wq *wq;
 	struct device *dev;
+	int rc;
 
 	wq = inode_wq(inode);
 	idxd = wq->idxd;
@@ -81,17 +82,29 @@ static int idxd_cdev_open(struct inode *inode, struct file *filp)
 
 	dev_dbg(dev, "%s called: %d\n", __func__, idxd_wq_refcount(wq));
 
-	if (idxd_wq_refcount(wq) > 0 && wq_dedicated(wq))
-		return -EBUSY;
+	mutex_lock(&wq->wq_lock);
+
+	if (idxd_wq_refcount(wq) > 0 && wq_dedicated(wq)) {
+		rc = -EBUSY;
+		goto failed;
+	}
 
 	ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
-	if (!ctx)
-		return -ENOMEM;
+	if (!ctx) {
+		rc = -ENOMEM;
+		goto failed;
+	}
 
 	ctx->wq = wq;
 	filp->private_data = ctx;
 	idxd_wq_get(wq);
+	mutex_unlock(&wq->wq_lock);
 	return 0;
+
+ failed:
+	mutex_unlock(&wq->wq_lock);
+	kfree(ctx);
+	return rc;
 }
 
 static int idxd_cdev_release(struct inode *node, struct file *filep)
@@ -105,7 +118,9 @@ static int idxd_cdev_release(struct inode *node, struct file *filep)
 	filep->private_data = NULL;
 
 	kfree(ctx);
+	mutex_lock(&wq->wq_lock);
 	idxd_wq_put(wq);
+	mutex_unlock(&wq->wq_lock);
 	return 0;
 }
 


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH] dmaengine: idxd: fix cdev locking for open and release
  2020-06-15 20:54 [PATCH] dmaengine: idxd: fix cdev locking for open and release Dave Jiang
@ 2020-06-22 11:59 ` Dan Carpenter
  0 siblings, 0 replies; 2+ messages in thread
From: Dan Carpenter @ 2020-06-22 11:59 UTC (permalink / raw)
  To: kbuild, Dave Jiang, vkoul; +Cc: lkp, kbuild-all, Nikhil Rao, dmaengine


[-- Attachment #1: Type: text/plain, Size: 3991 bytes --]

Hi Dave,

url:    https://github.com/0day-ci/linux/commits/Dave-Jiang/dmaengine-idxd-fix-cdev-locking-for-open-and-release/20200616-045722
base:   https://git.kernel.org/pub/scm/linux/kernel/git/vkoul/slave-dma.git next
config: x86_64-randconfig-m001-20200620 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-13) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>

smatch warnings:
drivers/dma/idxd/cdev.c:106 idxd_cdev_open() error: uninitialized symbol 'ctx'.

# https://github.com/0day-ci/linux/commit/26b4f2328e66ceefd1ef3be3bea9217d1b7cdda1
git remote add linux-review https://github.com/0day-ci/linux
git remote update linux-review
git checkout 26b4f2328e66ceefd1ef3be3bea9217d1b7cdda1
vim +/ctx +106 drivers/dma/idxd/cdev.c

42d279f9137ab7 Dave Jiang 2020-01-21   70  
42d279f9137ab7 Dave Jiang 2020-01-21   71  static int idxd_cdev_open(struct inode *inode, struct file *filp)
42d279f9137ab7 Dave Jiang 2020-01-21   72  {
42d279f9137ab7 Dave Jiang 2020-01-21   73  	struct idxd_user_context *ctx;
                                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

42d279f9137ab7 Dave Jiang 2020-01-21   74  	struct idxd_device *idxd;
42d279f9137ab7 Dave Jiang 2020-01-21   75  	struct idxd_wq *wq;
42d279f9137ab7 Dave Jiang 2020-01-21   76  	struct device *dev;
26b4f2328e66ce Nikhil Rao 2020-06-15   77  	int rc;
42d279f9137ab7 Dave Jiang 2020-01-21   78  
42d279f9137ab7 Dave Jiang 2020-01-21   79  	wq = inode_wq(inode);
42d279f9137ab7 Dave Jiang 2020-01-21   80  	idxd = wq->idxd;
42d279f9137ab7 Dave Jiang 2020-01-21   81  	dev = &idxd->pdev->dev;
42d279f9137ab7 Dave Jiang 2020-01-21   82  
988aad2f111c76 Dave Jiang 2020-03-12   83  	dev_dbg(dev, "%s called: %d\n", __func__, idxd_wq_refcount(wq));
42d279f9137ab7 Dave Jiang 2020-01-21   84  
26b4f2328e66ce Nikhil Rao 2020-06-15   85  	mutex_lock(&wq->wq_lock);
26b4f2328e66ce Nikhil Rao 2020-06-15   86  
26b4f2328e66ce Nikhil Rao 2020-06-15   87  	if (idxd_wq_refcount(wq) > 0 && wq_dedicated(wq)) {
26b4f2328e66ce Nikhil Rao 2020-06-15   88  		rc = -EBUSY;
26b4f2328e66ce Nikhil Rao 2020-06-15   89  		goto failed;
                                                        ^^^^^^^^^^^

26b4f2328e66ce Nikhil Rao 2020-06-15   90  	}
42d279f9137ab7 Dave Jiang 2020-01-21   91  
42d279f9137ab7 Dave Jiang 2020-01-21   92  	ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
                                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
It's probably better for performance to move this allocation outside the
lock anyway.

	int rc = 0;

	...

	ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
	if (!ctx)
		return -ENOMEM;

	mutex_lock(&wq->wq_lock);

	if (idxd_wq_refcount(wq) > 0 && wq_dedicated(wq)) {
		rc = -EBUSY;
		goto unlock;
	}

	...

unlock:
	mutex_unlock(&wq->wq_lock);
	return rc;

26b4f2328e66ce Nikhil Rao 2020-06-15   93  	if (!ctx) {
26b4f2328e66ce Nikhil Rao 2020-06-15   94  		rc = -ENOMEM;
26b4f2328e66ce Nikhil Rao 2020-06-15   95  		goto failed;
26b4f2328e66ce Nikhil Rao 2020-06-15   96  	}
42d279f9137ab7 Dave Jiang 2020-01-21   97  
42d279f9137ab7 Dave Jiang 2020-01-21   98  	ctx->wq = wq;
42d279f9137ab7 Dave Jiang 2020-01-21   99  	filp->private_data = ctx;
42d279f9137ab7 Dave Jiang 2020-01-21  100  	idxd_wq_get(wq);
26b4f2328e66ce Nikhil Rao 2020-06-15  101  	mutex_unlock(&wq->wq_lock);
42d279f9137ab7 Dave Jiang 2020-01-21  102  	return 0;
26b4f2328e66ce Nikhil Rao 2020-06-15  103  
26b4f2328e66ce Nikhil Rao 2020-06-15  104   failed:
26b4f2328e66ce Nikhil Rao 2020-06-15  105  	mutex_unlock(&wq->wq_lock);
26b4f2328e66ce Nikhil Rao 2020-06-15 @106  	kfree(ctx);
                                                ^^^^^^^^^
Uninitialized.

26b4f2328e66ce Nikhil Rao 2020-06-15  107  	return rc;
42d279f9137ab7 Dave Jiang 2020-01-21  108  }

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 32004 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, back to index

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-15 20:54 [PATCH] dmaengine: idxd: fix cdev locking for open and release Dave Jiang
2020-06-22 11:59 ` Dan Carpenter

dmaengine Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/dmaengine/0 dmaengine/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 dmaengine dmaengine/ https://lore.kernel.org/dmaengine \
		dmaengine@vger.kernel.org
	public-inbox-index dmaengine

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.dmaengine


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git