mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-28 15:20:41 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers/rpmsg
History
Deepak Kumar Singh c23965b7f7 rpmsg: ctrl: Add lock to rpmsg_ctrldev_remove 
Call to rpmsg_ctrldev_ioctl() and rpmsg_ctrldev_remove() must be synchronized.
In present code rpmsg_ctrldev_remove() is not protected with lock, therefore
new char device creation can succeed through rpmsg_ctrldev_ioctl() call. At the
same time call to rpmsg_ctrldev_remove() function for ctrl device removal will
free associated rpdev device. As char device creation already succeeded, user
space is free to issue open() call which maps to rpmsg_create_ept() in kernel.
rpmsg_create_ept() function tries to reference rpdev which has already been
freed through rpmsg_ctrldev_remove(). Issue is predominantly seen in aggressive
reboot tests where rpmsg_ctrldev_ioctl() and rpmsg_ctrldev_remove() can race with
each other.

Adding lock in rpmsg_ctrldev_remove() avoids any new char device creation
through rpmsg_ctrldev_ioctl() while remove call is already in progress.

Signed-off-by: Deepak Kumar Singh <quic_deesin@quicinc.com>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/1663584840-15762-3-git-send-email-quic_deesin@quicinc.com
2022-12-28 09:54:03 -06:00
..
Kconfig rpmsg: Move the rpmsg control device from rpmsg_char to rpmsg_ctrl 2022-03-13 11:49:53 -05:00
Makefile rpmsg: Move the rpmsg control device from rpmsg_char to rpmsg_ctrl 2022-03-13 11:49:53 -05:00
mtk_rpmsg.c rpmsg: mtk_rpmsg: Fix circular locking dependency 2022-06-14 16:41:10 -06:00
qcom_glink_native.c rpmsg: convert sysfs snprintf to sysfs_emit 2022-07-16 23:08:47 -05:00
qcom_glink_native.h rpmsg: glink: Switch to SPDX license identifier 2018-06-03 17:37:15 -07:00
qcom_glink_rpm.c rpmsg: glink: Switch to SPDX license identifier 2018-06-03 17:37:15 -07:00
qcom_glink_smem.c rpmsg: glink: Set tail pointer to 0 at end of FIFO 2019-10-11 11:34:12 -07:00
qcom_glink_ssr.c rpmsg: move from strlcpy with unused retval to strscpy 2022-12-28 09:47:41 -06:00
qcom_smd.c rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge 2022-07-16 22:15:40 -05:00
rpmsg_char.c rpmsg: char: Add lock to avoid race when rpmsg device is released 2022-12-28 09:54:03 -06:00
rpmsg_char.h rpmsg: char: Export eptdev create and destroy functions 2022-03-13 11:49:53 -05:00
rpmsg_core.c rpmsg: Strcpy is not safe, use strscpy_pad() instead 2022-06-24 11:37:00 -06:00
rpmsg_ctrl.c rpmsg: ctrl: Add lock to rpmsg_ctrldev_remove 2022-12-28 09:54:03 -06:00
rpmsg_internal.h rpmsg: Fix parameter naming for announce_create/destroy ops 2022-06-24 10:58:12 -06:00
rpmsg_ns.c rpmsg: Fix calling device_lock() on non-initialized device 2022-05-06 09:51:33 +02:00
virtio_rpmsg_bus.c rpmsg: virtio: Fix the unregistration of the device rpmsg_ctrl 2022-04-26 09:27:15 -06:00