github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-13 09:17:53 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
cea23cb745
linux/include
History
Martin Liu cea23cb745 ANDROID: GKI: dma-buf: use spinlock to protect set/get name operation 
We introduced setname ioctl in commit bb2bb90304 ("dma-buf:
add DMA_BUF_SET_NAME ioctls") that provides userpsace
to attach a free-form name for tracking and counting shared
buffers. However the d_dname callback could be called in atomic
context. This call path comes from selinux that verifies all
inherited open files from exec call. To verify all inherited
open files, kernel would iterate all fds which need to hold
spin_lock to get denty name by calling d_dname operation.
In dma-buf d_dname callback, we use mutex lock to prevent the
race from setname causing this issue.

This commit adds a spinlock to protect set/get name operation
to fix this issue.

[  165.617090] Call trace:
[  165.620504]  ___might_sleep+0x114/0x118
[  165.625344]  __might_sleep+0x50/0x84
[  165.629928]  __mutex_lock_common+0x5c/0x10b0
[  165.635215]  mutex_lock_nested+0x40/0x50
[  165.640157]  dmabuffs_dname+0x48/0xdc
[  165.644821]  d_path+0x78/0x1e4
[  165.648870]  audit_log_d_path+0x68/0x134
[  165.653807]  common_lsm_audit+0x33c/0x6f4
[  165.658832]  slow_avc_audit+0xb4/0xf0
[  165.663503]  avc_has_perm+0xdc/0x1a4
[  165.668081]  file_has_perm+0x70/0x154
[  165.672750]  match_file+0x54/0x6c
[  165.677064]  iterate_fd+0x74/0xac
[  165.681369]  selinux_bprm_committing_creds+0xfc/0x210
[  165.687459]  security_bprm_committing_creds+0x2c/0x40
[  165.693546]  install_exec_creds+0x1c/0x68
[  165.698569]  load_elf_binary+0x3a0/0x13c8
[  165.703590]  search_binary_handler+0xb8/0x1e4
[  165.708964]  __do_execve_file+0x6e4/0x9c8
[  165.713984]  __arm64_sys_execve+0x44/0x54
[  165.719008]  el0_svc_common+0xa8/0x168
[  165.723765]  el0_svc_handler+0x78/0x94
[  165.728522]  el0_svc+0x8/0xc

Signed-off-by: Martin Liu <liumartin@google.com>

[surenb: cherry-picked and backported from:
https://lkml.org/lkml/2020/1/14/799

Conflicts:
        drivers/dma-buf/dma-buf.c

1. Resolved diffs between 4.19 and upstream by replacing dma_resv_lock
with dmabuf->lock
]

Bug: 150611569
Test: build
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: Ia0b20a40d491eb41b8844d05dc86dfd6039de07f
2020-03-16 18:12:28 +00:00
..
acpi ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro 2020-03-05 16:42:17 +01:00
asm-generic
clocksource
crypto UPSTREAM: crypto: skcipher - Introduce crypto_sync_skcipher 2020-03-12 10:46:18 -07:00
drm This is the 4.19.99 stable release 2020-01-27 15:55:44 +01:00
dt-bindings dt-bindings: reset: meson8b: fix duplicate reset IDs 2020-01-23 08:21:26 +01:00
keys
kvm
linux ANDROID: GKI: dma-buf: use spinlock to protect set/get name operation 2020-03-16 18:12:28 +00:00
math-emu math-emu/soft-fp.h: (_FP_ROUND_ZERO) cast 0 to void to fix warning 2019-12-13 08:51:34 +01:00
media media: v4l2-device.h: Explicitly compare grp{id,mask} to zero in v4l2_device macros 2020-02-24 08:34:41 +01:00
memory
misc
net ANDROID: GKI: cfg80211: Add AP stopped interface 2020-03-12 10:46:18 -07:00
pcmcia
ras
rdma RDMA/uverbs: Verify MR access flags 2020-02-14 16:33:23 -05:00
scsi This is the 4.19.107 stable release 2020-03-03 07:33:01 +01:00
soc soc/tegra: pmc: Fix pad voltage configuration for Tegra186 2019-11-20 18:45:24 +01:00
sound This is the 4.19.107 stable release 2020-03-03 07:33:01 +01:00
target
trace ANDROID: GKI: Add devm_thermal_of_virtual_sensor_register API. 2020-03-12 10:46:18 -07:00
uapi This is the 4.19.108 stable release 2020-03-05 17:40:55 +01:00
video
xen