github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-13 09:17:53 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
cea23cb745
linux/drivers
History
Martin Liu cea23cb745 ANDROID: GKI: dma-buf: use spinlock to protect set/get name operation 
We introduced setname ioctl in commit bb2bb90304 ("dma-buf:
add DMA_BUF_SET_NAME ioctls") that provides userpsace
to attach a free-form name for tracking and counting shared
buffers. However the d_dname callback could be called in atomic
context. This call path comes from selinux that verifies all
inherited open files from exec call. To verify all inherited
open files, kernel would iterate all fds which need to hold
spin_lock to get denty name by calling d_dname operation.
In dma-buf d_dname callback, we use mutex lock to prevent the
race from setname causing this issue.

This commit adds a spinlock to protect set/get name operation
to fix this issue.

[  165.617090] Call trace:
[  165.620504]  ___might_sleep+0x114/0x118
[  165.625344]  __might_sleep+0x50/0x84
[  165.629928]  __mutex_lock_common+0x5c/0x10b0
[  165.635215]  mutex_lock_nested+0x40/0x50
[  165.640157]  dmabuffs_dname+0x48/0xdc
[  165.644821]  d_path+0x78/0x1e4
[  165.648870]  audit_log_d_path+0x68/0x134
[  165.653807]  common_lsm_audit+0x33c/0x6f4
[  165.658832]  slow_avc_audit+0xb4/0xf0
[  165.663503]  avc_has_perm+0xdc/0x1a4
[  165.668081]  file_has_perm+0x70/0x154
[  165.672750]  match_file+0x54/0x6c
[  165.677064]  iterate_fd+0x74/0xac
[  165.681369]  selinux_bprm_committing_creds+0xfc/0x210
[  165.687459]  security_bprm_committing_creds+0x2c/0x40
[  165.693546]  install_exec_creds+0x1c/0x68
[  165.698569]  load_elf_binary+0x3a0/0x13c8
[  165.703590]  search_binary_handler+0xb8/0x1e4
[  165.708964]  __do_execve_file+0x6e4/0x9c8
[  165.713984]  __arm64_sys_execve+0x44/0x54
[  165.719008]  el0_svc_common+0xa8/0x168
[  165.723765]  el0_svc_handler+0x78/0x94
[  165.728522]  el0_svc+0x8/0xc

Signed-off-by: Martin Liu <liumartin@google.com>

[surenb: cherry-picked and backported from:
https://lkml.org/lkml/2020/1/14/799

Conflicts:
        drivers/dma-buf/dma-buf.c

1. Resolved diffs between 4.19 and upstream by replacing dma_resv_lock
with dmabuf->lock
]

Bug: 150611569
Test: build
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: Ia0b20a40d491eb41b8844d05dc86dfd6039de07f
2020-03-16 18:12:28 +00:00
..
accessibility
acpi This is the 4.19.108 stable release 2020-03-05 17:40:55 +01:00
amba
android UPSTREAM: binder: prevent UAF for binderfs devices II 2020-03-09 19:48:21 +00:00
ata ata: ahci: Add shutdown to freeze hardware resources of ahci 2020-02-28 16:39:00 +01:00
atm fore200e: Fix incorrect checks of NULL pointer dereference 2020-02-24 08:34:42 +01:00
auxdisplay
base FROMGIT: driver core: Reevaluate dev->links.need_for_probe as suppliers are added 2020-03-10 00:31:34 +00:00
bcma bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA 2020-01-27 14:51:09 +01:00
block This is the 4.19.107 stable release 2020-03-03 07:33:01 +01:00
bluetooth Bluetooth: btusb: fix PM leak in error case of setup 2020-01-09 10:19:04 +01:00
bus bus: ti-sysc: Fix sysc_unprepare() when no clocks have been allocated 2020-01-27 14:50:36 +01:00
cdrom cdrom: respect device capabilities during opening action 2020-01-04 19:13:12 +01:00
char This is the 4.19.108 stable release 2020-03-05 17:40:55 +01:00
clk This is the 4.19.106 stable release 2020-02-24 09:13:25 +01:00
clocksource clocksource/drivers/bcm2835_timer: Fix memory leak of timer 2020-02-24 08:34:37 +01:00
connector
cpufreq This is the 4.19.99 stable release 2020-01-27 15:55:44 +01:00
cpuidle This is the 4.19.90 stable release 2019-12-18 09:03:30 +01:00
crypto ANDROID: Removed default m for virtual sw crypto device 2020-03-03 14:26:54 -08:00
dax
dca
devfreq Revert "PM / devfreq: Modify the device name as devfreq(X) for sysfs" 2020-03-05 16:42:18 +01:00
dio
dma dmaengine: coh901318: Fix a double lock bug in dma_tc_handle() 2020-03-11 14:15:12 +01:00
dma-buf ANDROID: GKI: dma-buf: use spinlock to protect set/get name operation 2020-03-16 18:12:28 +00:00
edac EDAC/amd64: Set grain per DIMM 2020-03-11 14:14:45 +01:00
eisa
energy_model
extcon extcon: sm5502: Reset registers during initialization 2019-12-31 16:35:11 +01:00
firewire net: add annotations on hh->hh_len lockless accesses 2020-01-09 10:19:09 +01:00
firmware This is the 4.19.99 stable release 2020-01-27 15:55:44 +01:00
fmc
fpga
fsi fsi: sbefifo: Don't fail operations when in SBE IPL state 2020-01-27 14:51:00 +01:00
gnss ANDROID: gnss: Add command line test driver 2019-12-19 22:51:54 +00:00
gpio ANDROID: Fix kernelci build-break for arm32 2020-03-10 11:07:35 -07:00
gpu This is the 4.19.109 stable release 2020-03-11 17:10:39 +01:00
hid This is the 4.19.108 stable release 2020-03-05 17:40:55 +01:00
hsi
hv hv_balloon: Balloon up according to request page number 2020-02-11 04:34:01 -08:00
hwmon hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT() 2020-03-11 14:15:12 +01:00
hwspinlock
hwtracing This is the 4.19.100 stable release 2020-01-29 17:10:45 +01:00
i2c This is the 4.19.108 stable release 2020-03-05 17:40:55 +01:00
ide ide: serverworks: potential overflow in svwks_set_pio_mode() 2020-02-24 08:34:49 +01:00
idle
iio This is the 4.19.101 stable release 2020-02-02 20:22:38 +00:00
infiniband This is the 4.19.109 stable release 2020-03-11 17:10:39 +01:00
input UPSTREAM: Input: reset device timestamp on sync 2020-03-12 10:46:18 -07:00
iommu This is the 4.19.107 stable release 2020-03-03 07:33:01 +01:00
ipack
irqchip This is the 4.19.108 stable release 2020-03-05 17:40:55 +01:00
isdn staging: gigaset: add endpoint-type sanity check 2019-12-17 20:34:33 +01:00
leds leds: pca963x: Fix open-drain initialization 2020-02-24 08:34:35 +01:00
lightnvm lightnvm: pblk: fix lock order in pblk_rb_tear_down_check 2020-01-27 14:50:45 +01:00
macintosh macintosh: therm_windtunnel: fix regression when instantiating devices 2020-03-05 16:42:18 +01:00
mailbox mailbox: qcom-apcs: fix max_register value 2020-01-27 14:51:14 +01:00
mcb
md This is the 4.19.109 stable release 2020-03-11 17:10:39 +01:00
media This is the 4.19.109 stable release 2020-03-11 17:10:39 +01:00
memory memory: tegra: Don't invoke Tegra30+ specific memory timing setup on Tegra20 2020-01-27 14:50:13 +01:00
memstick
message scsi: mptfusion: Fix double fetch bug in ioctl 2020-01-23 08:21:28 +01:00
mfd mfd: rn5t618: Mark ADC control register volatile 2020-02-11 04:34:14 -08:00
misc This is the 4.19.101 stable release 2020-02-02 20:22:38 +00:00
mmc This is the 4.19.103 stable release 2020-02-11 15:05:03 -08:00
mtd mtd: sharpslpart: Fix unsigned comparison to zero 2020-02-14 16:33:27 -05:00
mux
net This is the 4.19.109 stable release 2020-03-11 17:10:39 +01:00
nfc nfc: pn544: Fix occasional HW initialization failure 2020-03-05 16:42:16 +01:00
ntb ntb_hw_switchtec: potential shift wrapping bug in switchtec_ntb_init_sndev() 2020-01-27 14:50:55 +01:00
nubus
nvdimm UPSTREAM: virtio-pmem: Add virtio pmem driver 2020-01-26 19:04:57 +00:00
nvme nvme: Fix uninitialized-variable warning 2020-03-11 14:14:55 +01:00
nvmem BACKPORT: nvmem: core: fix regression in of_nvmem_cell_get() 2020-02-24 11:38:01 -08:00
of ANDROID: GKI: drivers: of: Add API to find ddr device type 2020-03-12 10:46:18 -07:00
opp This is the 4.19.99 stable release 2020-01-27 15:55:44 +01:00
oprofile
parisc
parport parport: load lowlevel driver if ports not found 2019-12-31 16:36:01 +01:00
pci ANDROID: GKI: pci: framework: disable auto suspend link 2020-03-09 11:32:05 -07:00
pcmcia
perf
phy phy: mapphone-mdm6600: Fix write timeouts with shorter GPIO toggle interval 2020-03-11 14:15:10 +01:00
pinctrl pinctrl: sh-pfc: sh7269: Fix CAN function GPIOs 2020-02-24 08:34:44 +01:00
platform UPSTREAM: usb: typec: Registering real device entries for the muxes 2020-03-12 14:22:55 -07:00
pnp
power power: supply: ltc2941-battery-gauge: fix use-after-free 2020-02-11 04:34:02 -08:00
powercap
pps
ps3
ptp ptp: free ptp device pin descriptors properly 2020-01-23 08:21:35 +01:00
pwm pwm: omap-dmtimer: put_device() after of_find_device_by_node() 2020-03-05 16:42:22 +01:00
rapidio drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() 2020-01-27 14:50:31 +01:00
ras
regulator UPSTREAM: regulator/of_get_regulator: add child path to find the regulator supplier 2020-02-28 20:57:51 +00:00
remoteproc remoteproc: Initialize rproc_class before use 2020-02-24 08:34:50 +01:00
reset reset: uniphier: Add SCSSI reset control for each channel 2020-02-24 08:34:44 +01:00
rpmsg rpmsg: glink: Free pending deferred work on remove 2019-12-21 10:57:30 +01:00
rtc ANDROID: rtc: class: support hctosys from modular RTC drivers 2020-02-20 15:30:22 -08:00
s390 s390/qdio: fill SL with absolute addresses 2020-03-11 14:14:54 +01:00
sbus
scsi This is the 4.19.109 stable release 2020-03-11 17:10:39 +01:00
sfi
sh
siox
slimbus slimbus: ngd: Fix build error on x86 2019-12-13 08:51:54 +01:00
sn
soc This is the 4.19.108 stable release 2020-03-05 17:40:55 +01:00
soundwire soundwire: intel: fix PDI/stream mapping for Bulk 2019-12-31 16:35:55 +01:00
spi This is the 4.19.109 stable release 2020-03-11 17:10:39 +01:00
spmi
ssb
staging This is the 4.19.107 stable release 2020-03-03 07:33:01 +01:00
target scsi: Revert "target: iscsi: Wait for all commands to finish before freeing a session" 2020-02-28 16:38:58 +01:00
tc
tee This is the 4.19.102 stable release 2020-02-05 19:20:26 +00:00
thermal ANDROID: GKI: Add devm_thermal_of_virtual_sensor_register API. 2020-03-12 10:46:18 -07:00
thunderbolt thunderbolt: Prevent crash if non-active NVMem file is read 2020-02-28 16:38:44 +01:00
tty Revert "ANDROID: tty: serdev: Fix broken serial console input" 2020-03-13 15:28:10 +00:00
uio uio: fix a sleep-in-atomic-context bug in uio_dmem_genirq_irqcontrol() 2020-02-24 08:34:37 +01:00
usb UPSTREAM: usb: typec: mux: Switch to use fwnode_property_count_uXX() 2020-03-12 14:22:55 -07:00
uwb
vfio This is the 4.19.99 stable release 2020-01-27 15:55:44 +01:00
vhost This is the 4.19.108 stable release 2020-03-05 17:40:55 +01:00
video vgacon: Fix a UAF in vgacon_invert_region 2020-03-11 14:15:00 +01:00
virt
virtio ANDROID: Re-add default y for VIRTIO_PCI_LEGACY 2020-03-03 23:28:01 +00:00
visorbus visorbus: fix uninitialized variable access 2020-02-24 08:34:47 +01:00
vlynq
vme vme: bridges: reduce stack usage 2020-02-24 08:34:47 +01:00
w1
watchdog watchdog: da9062: do not ping the hw during stop() 2020-03-11 14:14:53 +01:00
xen xen: Enable interrupts when calling _cond_resched() 2020-02-28 16:39:00 +01:00
zorro
Kconfig
Makefile