public-mirrors/linux
1
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-08-05 16:54:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/drivers/misc
History
Frederic Barrat a58d37bce0 ocxl: Fix concurrent AFU open and device removal 
If an ocxl device is unbound through sysfs at the same time its AFU is
being opened by a user process, the open code may dereference freed
stuctures, which can lead to kernel oops messages. You'd have to hit a
tiny time window, but it's possible. It's fairly easy to test by
making the time window bigger artificially.

Fix it with a combination of 2 changes:
  - when an AFU device is found in the IDR by looking for the device
    minor number, we should hold a reference on the device until after
    the context is allocated. A reference on the AFU structure is kept
    when the context is allocated, so we can release the reference on
    the device after the context allocation.
  - with the fix above, there's still another even tinier window,
    between the time the AFU device is found in the IDR and the
    reference on the device is taken. We can fix this one by removing
    the IDR entry earlier, when the device setup is removed, instead
    of waiting for the 'release' device callback. With proper locking
    around the IDR.

Fixes: 75ca758adb ("ocxl: Create a clear delineation between ocxl backend & frontend")
Cc: stable@vger.kernel.org # v5.2+
Signed-off-by: Frederic Barrat <fbarrat@linux.ibm.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20190624144148.32022-1-fbarrat@linux.ibm.com
2019-12-10 20:34:23 +11:00
..
altera-stapl
c2port treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
cardreader misc: rtsx: Add support for RTS5261 2019-11-14 13:07:48 +08:00
cb710 treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
cxl compat_ioctl: use correct compat_ptr() translation in drivers 2019-10-23 17:23:44 +02:00
echo
eeprom Merge branch 'i2c/for-5.5' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2019-12-01 18:29:36 -08:00
genwqe compat_ioctl: use correct compat_ptr() translation in drivers 2019-10-23 17:23:44 +02:00
habanalabs habanalabs: add more protection of device during reset 2019-11-21 11:35:47 +02:00
ibmasm Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 10:42:02 -07:00
lis3lv02d lis3lv02d: switch to using input device polling mode 2019-10-10 15:24:19 +02:00
lkdtm Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-12-01 19:05:07 -08:00
mei compat_ioctl: remove most of fs/compat_ioctl.c 2019-12-01 13:46:15 -08:00
mic misc: MIC: drop all 'comment' lines from its Kconfig 2019-10-10 15:24:20 +02:00
ocxl ocxl: Fix concurrent AFU open and device removal 2019-12-10 20:34:23 +11:00
sgi-gru sgi-gru: simplify procfs code some more 2019-10-10 15:24:19 +02:00
sgi-xp Char/Misc driver patches for 5.4-rc1 2019-09-18 11:14:31 -07:00
ti-st drivers/misc: ti-st: Remove unneeded variable in st_tty_open 2019-10-04 15:14:37 +02:00
vmw_vmci compat_ioctl: remove most of fs/compat_ioctl.c 2019-12-01 13:46:15 -08:00
ad525x_dpot-i2c.c
ad525x_dpot-spi.c
ad525x_dpot.c
ad525x_dpot.h
apds990x.c
apds9802als.c
atmel-ssc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
atmel_tclib.c misc: atmel_tclib: use devm_platform_ioremap_resource() to simplify code 2019-10-10 15:24:19 +02:00
bh1770glc.c
cs5535-mfgpt.c
ds1682.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
dummy-irq.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
enclosure.c
fastrpc.c Merge 5.4-rc3 into char-misc-next 2019-10-14 07:36:49 +02:00
hmc6352.c
hpilo.c
hpilo.h misc: Use the correct style for SPDX License Identifier 2019-10-10 15:34:40 +02:00
ibmvmc.c
ibmvmc.h misc: Use the correct style for SPDX License Identifier 2019-10-10 15:34:40 +02:00
ics932s401.c
isl29003.c
isl29020.c
Kconfig misc: Fix Kconfig indentation 2019-11-20 15:09:49 +01:00
kgdbts.c
lattice-ecp3-config.c
Makefile Char/Misc driver patches for 5.4-rc1 2019-09-18 11:14:31 -07:00
pch_phub.c
pci_endpoint_test.c PCI: Add PCI_STD_NUM_BARS for the number of standard BARs 2019-10-14 10:22:26 -05:00
phantom.c
pti.c
pvpanic.c
qcom-coincell.c
sram-exec.c lib/genalloc.c: rename addr_in_gen_pool to gen_pool_has_addr 2019-12-04 19:44:13 -08:00
sram.c misc: sram: use devm_platform_ioremap_resource_wc() 2019-11-05 18:32:47 +01:00
sram.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
tifm_7xx1.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
tifm_core.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
tsl2550.c
vexpress-syscfg.c
vmw_balloon.c vmw_balloon: Fix offline page marking with compaction 2019-08-28 22:57:07 +02:00
xilinx_sdfec.c misc: xilinx_sdfec: fix spelling mistake: "Schdule" -> "Schedule" 2019-08-22 14:28:10 -07:00