UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenCloudOS-Kernel/drivers
History
Yoshihiro YUNOMAE 2b4fbf029d virtio/console: Add pipe_lock/unlock for splice_write 
Add pipe_lock/unlock for splice_write to avoid oops by following competition:

(1) An application gets fds of a trace buffer, virtio-serial, pipe.
(2) The application does fork()
(3) The processes execute splice_read(trace buffer) and
    splice_write(virtio-serial) via same pipe.

        <parent>                   <child>
  get fds of a trace buffer,
         virtio-serial, pipe
          |
        fork()----------create--------+
          |                           |
      splice(read)                    |           ---+
      splice(write)                   |              +-- no competition
          |                       splice(read)       |
          |                       splice(write)   ---+
          |                           |
      splice(read)                    |
      splice(write)               splice(read)    ------ competition
          |                       splice(write)

Two processes share a pipe_inode_info structure. If the child execute
splice(read) when the parent tries to execute splice(write), the
structure can be broken. Existing virtio-serial driver does not get
lock for the structure in splice_write, so this competition will induce
oops.

<oops messages>
 BUG: unable to handle kernel NULL pointer dereference at 0000000000000018
 IP: [<ffffffff811a6b5f>] splice_from_pipe_feed+0x6f/0x130
 PGD 7223e067 PUD 72391067 PMD 0
 Oops: 0000 [#1] SMP
 Modules linked in: lockd bnep bluetooth rfkill sunrpc ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_page_alloc snd_timer snd soundcore pcspkr virtio_net virtio_balloon i2c_piix4 i2c_core microcode uinput floppy
 CPU: 0 PID: 1072 Comm: compete-test Not tainted 3.10.0ws+ #55
 Hardware name: Bochs Bochs, BIOS Bochs 01/01/2007
 task: ffff880071b98000 ti: ffff88007b55e000 task.ti: ffff88007b55e000
 RIP: 0010:[<ffffffff811a6b5f>]  [<ffffffff811a6b5f>] splice_from_pipe_feed+0x6f/0x130
 RSP: 0018:ffff88007b55fd78  EFLAGS: 00010287
 RAX: 0000000000000000 RBX: ffff88007b55fe20 RCX: 0000000000000000
 RDX: 0000000000001000 RSI: ffff88007a95ba30 RDI: ffff880036f9e6c0
 RBP: ffff88007b55fda8 R08: 00000000000006ec R09: ffff880077626708
 R10: 0000000000000003 R11: ffffffff8139ca59 R12: ffff88007a95ba30
 R13: 0000000000000000 R14: ffffffff8139dd00 R15: ffff880036f9e6c0
 FS:  00007f2e2e3a0740(0000) GS:ffff88007fc00000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
 CR2: 0000000000000018 CR3: 0000000071bd1000 CR4: 00000000000006f0
 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
 Stack:
  ffffffff8139ca59 ffff88007b55fe20 ffff880036f9e6c0 ffffffff8139dd00
  ffff8800776266c0 ffff880077626708 ffff88007b55fde8 ffffffff811a6e8e
  ffff88007b55fde8 ffffffff8139ca59 ffff880036f9e6c0 ffff88007b55fe20
 Call Trace:
  [<ffffffff8139ca59>] ? alloc_buf.isra.13+0x39/0xb0
  [<ffffffff8139dd00>] ? virtcons_restore+0x100/0x100
  [<ffffffff811a6e8e>] __splice_from_pipe+0x7e/0x90
  [<ffffffff8139ca59>] ? alloc_buf.isra.13+0x39/0xb0
  [<ffffffff8139d739>] port_fops_splice_write+0xe9/0x140
  [<ffffffff8127a3f4>] ? selinux_file_permission+0xc4/0x120
  [<ffffffff8139d650>] ? wait_port_writable+0x1b0/0x1b0
  [<ffffffff811a6fe0>] do_splice_from+0xa0/0x110
  [<ffffffff811a951f>] SyS_splice+0x5ff/0x6b0
  [<ffffffff8161facf>] tracesys+0xdd/0xe2
 Code: 49 8b 87 80 00 00 00 4c 8d 24 d0 8b 53 04 41 8b 44 24 0c 4d 8b 6c 24 10 39 d0 89 03 76 02 89 13 49 8b 44 24 10 4c 89 e6 4c 89 ff <ff> 50 18 85 c0 0f 85 aa 00 00 00 48 89 da 4c 89 e6 4c 89 ff 41
 RIP  [<ffffffff811a6b5f>] splice_from_pipe_feed+0x6f/0x130
  RSP <ffff88007b55fd78>
 CR2: 0000000000000018
 ---[ end trace 24572beb7764de59 ]---

V2: Fix a locking problem for error
V3: Add Reviewed-by lines and stable@ line in sign-off area

Signed-off-by: Yoshihiro YUNOMAE <yoshihiro.yunomae.ez@hitachi.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
Cc: Amit Shah <amit.shah@redhat.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: stable@vger.kernel.org
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
 		2013-07-23 12:15:26 +09:30
..
accessibility
acpi ACPI video support fixes for 3.11 2013-07-21 10:11:04 -07:00
amba
ata Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2013-07-13 14:52:21 -07:00
atm
auxdisplay
base Driver core patches for 3.11-rc2 2013-07-18 12:48:40 -07:00
bcma
block Merge branch 'next' of git://git.monstr.eu/linux-2.6-microblaze 2013-07-10 10:16:07 -07:00
bluetooth
bus ARM SoC device tree changes 2013-07-02 14:23:01 -07:00
cdrom drivers/cdrom/cdrom.c: use kzalloc() for failing hardware 2013-07-03 16:07:25 -07:00
char virtio/console: Add pipe_lock/unlock for splice_write 2013-07-23 12:15:26 +09:30
clk Power management and ACPI updates for 3.11-rc1 2013-07-03 14:35:40 -07:00
clocksource clocksource+irqchip: delete __cpuinit usage from all related files 2013-07-14 19:36:57 -04:00
connector
cpufreq Power management and ACPI fixes for 3.11-rc2 2013-07-19 09:59:06 -07:00
cpuidle Power management and ACPI updates for 3.11-rc1 2013-07-03 14:35:40 -07:00
crypto crypto: talitos: use sg_pcopy_to_buffer() 2013-07-09 10:33:30 -07:00
dca
devfreq Merge branch 'akpm' (updates from Andrew Morton) 2013-07-03 17:12:13 -07:00
dio
dma drivers/dma/iop-adma.c: fix new warnings 2013-07-09 10:33:19 -07:00
edac Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2013-07-13 14:52:21 -07:00
eisa
extcon drivers: avoid format string in dev_set_name 2013-07-03 16:07:41 -07:00
firewire
firmware efivars: check for EFI_RUNTIME_SERVICES 2013-07-11 11:00:31 +01:00
fmc
gpio Power management and ACPI updates for 3.11-rc1 2013-07-03 14:35:40 -07:00
gpu ACPI video support fixes for 3.11 2013-07-21 10:11:04 -07:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2013-07-04 15:35:08 -07:00
hsi drivers: avoid format string in dev_set_name 2013-07-03 16:07:41 -07:00
hv
hwmon Single patch to staticize a local variable 2013-07-18 11:32:36 -07:00
hwspinlock
i2c Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2013-07-13 14:52:21 -07:00
ide Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide 2013-07-10 18:15:41 -07:00
idle
iio The first round of IIO fixes for the 3.11 cycle. 2013-07-16 22:41:38 -07:00
infiniband Main batch of InfiniBand/RDMA changes for 3.11 merge window: 2013-07-13 12:57:21 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2013-07-13 18:05:13 -07:00
iommu IOMMU Updates for Linux 3.11 2013-07-10 14:46:40 -07:00
ipack
irqchip clocksource+irqchip: delete __cpuinit usage from all related files 2013-07-14 19:36:57 -04:00
isdn Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2013-07-09 18:24:39 -07:00
leds leds: mc13783: Fix "uninitialized variable" warning 2013-07-02 08:44:02 -07:00
lguest Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-07-04 11:40:58 -07:00
macintosh
mailbox
md md/raid1: fix bio handling problems in process_checks() 2013-07-18 14:18:04 +10:00
media [media] saa7134: Fix unlocked snd_pcm_stop() call 2013-07-15 21:25:14 +02:00
memory
memstick drivers/memstick/host/r592.c: convert to module_pci_driver 2013-07-03 16:08:06 -07:00
message drivers: avoid format strings in names passed to alloc_workqueue() 2013-07-03 16:07:41 -07:00
mfd For the 3.11 merge we only have one new MFD driver for the Kontron PLD. 2013-07-10 11:10:27 -07:00
misc Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-07-04 11:40:58 -07:00
mmc MMC highlights for 3.11: 2013-07-10 11:16:00 -07:00
mtd A couple of fixes and clean-ups, allow for assigning user-defined 2013-07-05 12:09:48 -07:00
net macvtap: do not zerocopy if iov needs more pages than MAX_SKB_FRAGS 2013-07-18 13:04:25 -07:00
nfc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2013-07-09 18:24:39 -07:00
ntb
nubus
of Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2013-07-09 18:24:39 -07:00
oprofile drivers: delete __cpuinit usage from all remaining drivers files 2013-07-14 19:36:59 -04:00
parisc parisc: fix LMMIO mismatch between PAT length and MASK register 2013-07-09 22:09:16 +02:00
parport Merge branch 'akpm' (updates from Andrew Morton) 2013-07-03 17:12:13 -07:00
pci Merge branch 'akpm' (updates from Andrew Morton) 2013-07-03 17:12:13 -07:00
pcmcia Driver core patches for 3.11-rc1 2013-07-02 11:44:19 -07:00
pinctrl Pin control changes for the v3.11 kernel cycle: 2013-07-03 11:48:03 -07:00
platform x86 platform drivers: fix gpio leak 2013-07-10 15:42:51 -04:00
pnp PNP / ACPI: avoid garbage in resource name 2013-07-18 01:38:59 +02:00
power Nothing exciting this time, just assorted fixes and cleanups. 2013-07-10 11:13:00 -07:00
pps pps-gpio: add device-tree binding and support 2013-07-03 16:08:06 -07:00
ps3
ptp
pwm
rapidio Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2013-07-13 14:52:21 -07:00
regulator For the 3.11 merge we only have one new MFD driver for the Kontron PLD. 2013-07-10 11:10:27 -07:00
remoteproc Trivial remoteproc fixes by Suman Anna, Wei Yongjun and Thomas Meyer. 2013-07-11 12:35:09 -07:00
reset
rpmsg
rtc For the 3.11 merge we only have one new MFD driver for the Kontron PLD. 2013-07-10 11:10:27 -07:00
s390 s390/zcrypt: Alias for new zcrypt device driver base module 2013-07-19 08:37:39 +02:00
sbus
scsi SCSI for-linus on 20130713 2013-07-13 17:41:21 -07:00
sfi
sh
sn
spi Merge remote-tracking branch 'spi/fix/xilinx' into spi-linus 2013-07-15 11:46:16 +01:00
ssb Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2013-07-13 14:52:21 -07:00
staging Staging tree fixes for 3.11-rc2 2013-07-20 15:42:38 -07:00
target Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2013-07-11 12:57:19 -07:00
tc
thermal Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux 2013-07-11 12:26:08 -07:00
tty Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2013-07-13 14:52:21 -07:00
uio uio: use vma_pages() to replace (vm_end - vm_start) >> PAGE_SHIFT 2013-07-03 16:07:26 -07:00
usb Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2013-07-13 14:52:21 -07:00
uwb drivers: avoid format string in dev_set_name 2013-07-03 16:07:41 -07:00
vfio vfio Updates for v3.11 2013-07-10 14:50:08 -07:00
vhost Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2013-07-11 12:57:19 -07:00
video uvesafb: Really allow mtrr being 0, as documented and warn()ed 2013-07-16 10:24:28 +10:00
virt
virtio No real surprises. 2013-07-10 14:50:58 -07:00
vlynq
vme
w1 drivers/w1/slaves/w1_ds2408.c: add magic sequence to disable P0 test mode 2013-07-03 16:08:06 -07:00
watchdog Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2013-07-13 14:52:21 -07:00
xen drivers: delete __cpuinit usage from all remaining drivers files 2013-07-14 19:36:59 -04:00
zorro
Kconfig For the 3.11 merge we only have one new MFD driver for the Kontron PLD. 2013-07-10 11:10:27 -07:00
Makefile For the 3.11 merge we only have one new MFD driver for the Kontron PLD. 2013-07-10 11:10:27 -07:00