public-mirrors/linux
1
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-08-05 16:54:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/drivers/hwtracing/coresight
History
Exact
Yeoreum Yun 408c97c4a5 coresight: prevent deactivate active config while enabling the config 
While enable active config via cscfg_csdev_enable_active_config(),
active config could be deactivated via configfs' sysfs interface.
This could make UAF issue in below scenario:

CPU0                                          CPU1
(sysfs enable)                                load module
                                              cscfg_load_config_sets()
                                              activate config. // sysfs
                                              (sys_active_cnt == 1)
...
cscfg_csdev_enable_active_config()
lock(csdev->cscfg_csdev_lock)
// here load config activate by CPU1
unlock(csdev->cscfg_csdev_lock)

                                              deactivate config // sysfs
                                              (sys_activec_cnt == 0)
                                              cscfg_unload_config_sets()
                                              unload module

// access to config_desc which freed
// while unloading module.
cscfg_csdev_enable_config

To address this, use cscfg_config_desc's active_cnt as a reference count
 which will be holded when
    - activate the config.
    - enable the activated config.
and put the module reference when config_active_cnt == 0.

Fixes: f8cce2ff3c ("coresight: syscfg: Add API to activate and enable configurations")
Suggested-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
Reviewed-by: Leo Yan <leo.yan@arm.com>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Link: https://lore.kernel.org/r/20250514161951.3427590-4-yeoreum.yun@arm.com
2025-05-20 16:38:54 +01:00
..
coresight-catu.c coresight: Remove inlines from static function definitions 2025-04-30 14:58:19 +01:00
coresight-catu.h coresight: catu: Introduce refcount and spinlock for enabling/disabling 2025-04-30 14:53:56 +01:00
coresight-cfg-afdo.c coresight: Fix undeclared variable warnings from sparse checker 2024-02-12 10:18:41 +00:00
coresight-cfg-preload.c coresight: config: Add preloaded configuration 2025-02-21 16:17:36 +00:00
coresight-cfg-preload.h coresight: config: Add preloaded configuration 2025-02-21 16:17:36 +00:00
coresight-cfg-pstop.c coresight: config: Add preloaded configuration 2025-02-21 16:17:36 +00:00
coresight-config.c coresight-etm4x: change etmv4_drvdata spinlock type to raw_spinlock_t 2025-03-10 10:40:25 +00:00
coresight-config.h coresight: prevent deactivate active config while enabling the config 2025-05-20 16:38:54 +01:00
coresight-core.c coresight: Introduce pause and resume APIs for source 2025-05-14 11:56:17 +01:00
coresight-cpu-debug.c coresight: Fixes device's owner field for registered using coresight_init_driver() 2025-04-29 18:47:37 +01:00
coresight-ctcu-core.c Coresight: Fix a NULL vs IS_ERR() bug in probe 2025-03-14 12:43:53 +00:00
coresight-ctcu.h Coresight: Add Coresight TMC Control Unit driver 2025-03-04 18:06:19 +00:00
coresight-cti-core.c coresight: Clear self hosted claim tag on probe 2025-04-30 14:58:19 +01:00
coresight-cti-platform.c coresight: cti: use device_* to iterate over device child nodes 2024-08-19 15:31:37 +01:00
coresight-cti-sysfs.c coresight-cti: change cti_drvdata spinlock's type to raw_spinlock_t 2025-03-10 10:40:26 +00:00
coresight-cti.h coresight: cti: Replace inclusion by struct fwnode_handle forward declaration 2025-05-08 14:31:15 +01:00
coresight-dummy.c Coresight: Change to read the trace ID from coresight_path 2025-03-04 18:06:18 +00:00
coresight-etb10.c coresight: Remove inlines from static function definitions 2025-04-30 14:58:19 +01:00
coresight-etm-cp14.c
coresight-etm-perf.c coresight: perf: Update buffer on AUX pause 2025-05-14 11:56:17 +01:00
coresight-etm-perf.h Coresight: Introduce a new struct coresight_path 2025-03-04 18:06:18 +00:00
coresight-etm.h coresight: etm3x: Convert raw base pointer to struct coresight access 2025-04-30 14:58:19 +01:00
coresight-etm3x-core.c coresight: Clear self hosted claim tag on probe 2025-04-30 14:58:19 +01:00
coresight-etm3x-sysfs.c coresight: etm3x: Convert raw base pointer to struct coresight access 2025-04-30 14:58:19 +01:00
coresight-etm4x-cfg.c coresight: Fix all W=1 build warnings 2023-07-26 18:01:52 +01:00
coresight-etm4x-cfg.h coresight: config: Add preloaded configurations 2021-08-18 22:33:28 +02:00
coresight-etm4x-core.c coresight/etm4: fix missing disable active config 2025-05-20 16:38:47 +01:00
coresight-etm4x-sysfs.c coresight: etm4x: Fix timestamp bit field handling 2025-05-20 16:16:15 +01:00
coresight-etm4x.h coresight: etm4x: Hook pause and resume callbacks 2025-05-14 11:56:17 +01:00
coresight-funnel.c coresight: Clear self hosted claim tag on probe 2025-04-30 14:58:19 +01:00
coresight-kunit-tests.c coresight: Add a KUnit test for coresight_find_default_sink() 2025-04-30 16:59:27 +01:00
coresight-platform.c coresight: Remove inlines from static function definitions 2025-04-30 14:58:19 +01:00
coresight-priv.h coresight: Introduce pause and resume APIs for source 2025-05-14 11:56:17 +01:00
coresight-replicator.c coresight: replicator: Fix panic for clearing claim tag 2025-05-07 09:47:55 +01:00
coresight-self-hosted-trace.h coresight: Pass guest TRFCR value to KVM 2025-01-12 12:50:11 +00:00
coresight-stm.c coresight: Remove inlines from static function definitions 2025-04-30 14:58:19 +01:00
coresight-syscfg-configfs.c coresight: Remove inlines from static function definitions 2025-04-30 14:58:19 +01:00
coresight-syscfg-configfs.h coresight: configfs: Allow configfs to activate configuration 2021-11-26 11:34:27 -07:00
coresight-syscfg.c coresight: prevent deactivate active config while enabling the config 2025-05-20 16:38:54 +01:00
coresight-syscfg.h coresight: syscfg: Update load and unload operations 2022-06-29 09:35:58 -06:00
coresight-sysfs.c Coresight: Change functions to accept the coresight_path 2025-03-04 18:06:18 +00:00
coresight-tmc-core.c coresight: Remove inlines from static function definitions 2025-04-30 14:58:19 +01:00
coresight-tmc-etf.c coresight: tmc: fix failure to disable/enable ETF after reading 2025-05-14 11:56:17 +01:00
coresight-tmc-etr.c coresight: tmc: Re-enable sink after buffer update 2025-05-14 11:56:17 +01:00
coresight-tmc.h coresight-tmc: change tmc_drvdata spinlock's type to raw_spinlock_t 2025-03-10 10:40:26 +00:00
coresight-tpda.c Coresight: Add trace_id function to retrieving the trace ID 2025-03-04 14:48:49 +00:00
coresight-tpda.h coresight-tpda: Change qcom,dsb-element-size to qcom,dsb-elem-bits 2024-02-27 11:26:45 +00:00
coresight-tpdm.c Coresight: Change to read the trace ID from coresight_path 2025-03-04 18:06:18 +00:00
coresight-tpdm.h coresight-tpdm: Add support to enable the lane for MCMB TPDM 2025-02-26 11:25:10 +00:00
coresight-tpiu.c coresight: Fixes device's owner field for registered using coresight_init_driver() 2025-04-29 18:47:37 +01:00
coresight-trace-id.c coresight: change coresight_trace_id_map's lock type to raw_spinlock_t 2025-03-10 10:40:25 +00:00
coresight-trace-id.h coresight: Add support to get static id for system trace sources 2024-12-11 10:15:37 +00:00
coresight-trbe.c coresight: Remove inlines from static function definitions 2025-04-30 14:58:19 +01:00
coresight-trbe.h coresight: trbe: Enable ACPI based TRBE devices 2023-11-16 11:34:59 +00:00
Kconfig coresight: Add a KUnit test for coresight_find_default_sink() 2025-04-30 16:59:27 +01:00
Makefile coresight: Disable MMIO logging for coresight stm driver 2025-05-07 09:48:19 +01:00
ultrasoc-smb.c coresight/ultrasoc: change smb_drv_data spinlock's type to raw_spinlock_t 2025-03-10 10:40:26 +00:00
ultrasoc-smb.h coresight/ultrasoc: change smb_drv_data spinlock's type to raw_spinlock_t 2025-03-10 10:40:26 +00:00