From patchwork Thu Aug 29 09:29:22 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Srinivas Kandagatla X-Patchwork-Id: 11120803 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 15C2018EC for ; Thu, 29 Aug 2019 09:30:03 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id E96B52342A for ; Thu, 29 Aug 2019 09:30:02 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="y2Jad9If" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727066AbfH2J3j (ORCPT ); Thu, 29 Aug 2019 05:29:39 -0400 Received: from mail-wm1-f66.google.com ([209.85.128.66]:37182 "EHLO mail-wm1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725853AbfH2J3i (ORCPT ); Thu, 29 Aug 2019 05:29:38 -0400 Received: by mail-wm1-f66.google.com with SMTP id d16so3057117wme.2 for ; Thu, 29 Aug 2019 02:29:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=XU8VavFbVq1P6J4BGT7bqqCvGA+gvD1YtYfU7w8Ui4Y=; b=y2Jad9If07L8NkCkwNdv8YZMdg76iweYq5gnyqU7ZDpAiemuWRrJjbuu5BLDeQUdNp ZPFbRWLdHenEAhkH9KAB4roQxHkuuhxayo9pCXmARueqQY7W1aLx41028c5b967Ih7H2 AbB11KjZHaaeJ4xTfjIhr3tFxpGTl4v6E0DJNc7N11Zf/8b7w1SXYelXiZ3nK7FdyqBm uCJjAeeobnr9UxrtXj7GJYMLGbG/Z6f40SIjgckg7xwUL9jFsAA4qGd2YKOskcCD//AG R3LIqRDSknSJvQGfk5Z3TL7kUjgA4D7Fw/ZYMH/+pN4KfAZCucq8iLiaSUFlWGf/Z/14 Q4eg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=XU8VavFbVq1P6J4BGT7bqqCvGA+gvD1YtYfU7w8Ui4Y=; b=ZhPl/EA42KnJBuUdI7TrAZE5Zj6OqJp8yJ5zO0xeuqnOCTtOes91KyoyY6vnq2Ap4y eMA722KHtEcE/HtOXQk39G1jdvl2xD88HX3/N/6xfsazXSeX0Dh8WS3OC1tyPQIswmBw ZuJ3HqfU5SSvUIAp9R84D5SFNq79nKzytSWpMbTyVE/JTmNe1a58gfWX53axA3tt32+o LitGDNSiy36Sj3xTvmPYYDKTFlMHq32wMG4MwDWzYDK5ENjaJOfklRlC8NQXKsSpgq8q 5ONldZMg7lYbEkseRi083HZyBXM4qNo73XGpwXq5Q7Tumro7+eNDtWCdHXErWZwWYgxl bvKw== X-Gm-Message-State: APjAAAUldHc7dZj+3QlzW64+gdzcD0XkpG4W5yZs342O6h3K7oEdbgvb 1QR/HgG7RLF15L0NMCK7jQ8h2A== X-Google-Smtp-Source: APXvYqzJDfOY6Qbp5b9Q/YKvcCDzXuA4QObZ1qVqjsB+kWph1VLp+AANlxduNUWoDl0dc6cSgg1IgA== X-Received: by 2002:a1c:658a:: with SMTP id z132mr10210355wmb.98.1567070975588; Thu, 29 Aug 2019 02:29:35 -0700 (PDT) Received: from srini-hackbox.lan (cpc89974-aztw32-2-0-cust43.18-1.cable.virginm.net. [86.30.250.44]) by smtp.gmail.com with ESMTPSA id f197sm3609512wme.22.2019.08.29.02.29.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 29 Aug 2019 02:29:35 -0700 (PDT) From: Srinivas Kandagatla To: gregkh@linuxfoundation.org Cc: arnd@arndb.de, linux-arm-msm@vger.kernel.org, linux-kernel@vger.kernel.org, Bjorn Andersson , Mayank Chopra , Abhinav Asati , Vamsi Singamsetty , Srinivas Kandagatla Subject: [PATCH v2 1/5] misc: fastrpc: Reference count channel context Date: Thu, 29 Aug 2019 10:29:22 +0100 Message-Id: <20190829092926.12037-2-srinivas.kandagatla@linaro.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190829092926.12037-1-srinivas.kandagatla@linaro.org> References: <20190829092926.12037-1-srinivas.kandagatla@linaro.org> MIME-Version: 1.0 Sender: linux-arm-msm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-arm-msm@vger.kernel.org From: Bjorn Andersson The channel context is referenced from the fastrpc user and might as user space holds the file descriptor open outlive the fastrpc device, which is removed when the remote processor is shutting down. Reference count the channel context in order to retain this object until all references has been relinquished. Signed-off-by: Bjorn Andersson Signed-off-by: Mayank Chopra Signed-off-by: Abhinav Asati Signed-off-by: Vamsi Singamsetty Signed-off-by: Srinivas Kandagatla --- drivers/misc/fastrpc.c | 43 +++++++++++++++++++++++++++++++++++++----- 1 file changed, 38 insertions(+), 5 deletions(-) diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c index c790585da14c..c019e867e7fa 100644 --- a/drivers/misc/fastrpc.c +++ b/drivers/misc/fastrpc.c @@ -186,6 +186,7 @@ struct fastrpc_channel_ctx { struct idr ctx_idr; struct list_head users; struct miscdevice miscdev; + struct kref refcount; }; struct fastrpc_user { @@ -293,6 +294,25 @@ static int fastrpc_buf_alloc(struct fastrpc_user *fl, struct device *dev, return 0; } +static void fastrpc_channel_ctx_free(struct kref *ref) +{ + struct fastrpc_channel_ctx *cctx; + + cctx = container_of(ref, struct fastrpc_channel_ctx, refcount); + + kfree(cctx); +} + +static void fastrpc_channel_ctx_get(struct fastrpc_channel_ctx *cctx) +{ + kref_get(&cctx->refcount); +} + +static void fastrpc_channel_ctx_put(struct fastrpc_channel_ctx *cctx) +{ + kref_put(&cctx->refcount, fastrpc_channel_ctx_free); +} + static void fastrpc_context_free(struct kref *ref) { struct fastrpc_invoke_ctx *ctx; @@ -316,6 +336,8 @@ static void fastrpc_context_free(struct kref *ref) kfree(ctx->maps); kfree(ctx->olaps); kfree(ctx); + + fastrpc_channel_ctx_put(cctx); } static void fastrpc_context_get(struct fastrpc_invoke_ctx *ctx) @@ -422,6 +444,9 @@ static struct fastrpc_invoke_ctx *fastrpc_context_alloc( fastrpc_get_buff_overlaps(ctx); } + /* Released in fastrpc_context_put() */ + fastrpc_channel_ctx_get(cctx); + ctx->sc = sc; ctx->retval = -1; ctx->pid = current->pid; @@ -451,6 +476,7 @@ static struct fastrpc_invoke_ctx *fastrpc_context_alloc( spin_lock(&user->lock); list_del(&ctx->node); spin_unlock(&user->lock); + fastrpc_channel_ctx_put(cctx); kfree(ctx->maps); kfree(ctx->olaps); kfree(ctx); @@ -1123,6 +1149,7 @@ static int fastrpc_device_release(struct inode *inode, struct file *file) } fastrpc_session_free(cctx, fl->sctx); + fastrpc_channel_ctx_put(cctx); mutex_destroy(&fl->mutex); kfree(fl); @@ -1141,6 +1168,9 @@ static int fastrpc_device_open(struct inode *inode, struct file *filp) if (!fl) return -ENOMEM; + /* Released in fastrpc_device_release() */ + fastrpc_channel_ctx_get(cctx); + filp->private_data = fl; spin_lock_init(&fl->lock); mutex_init(&fl->mutex); @@ -1398,10 +1428,6 @@ static int fastrpc_rpmsg_probe(struct rpmsg_device *rpdev) int i, err, domain_id = -1; const char *domain; - data = devm_kzalloc(rdev, sizeof(*data), GFP_KERNEL); - if (!data) - return -ENOMEM; - err = of_property_read_string(rdev->of_node, "label", &domain); if (err) { dev_info(rdev, "FastRPC Domain not specified in DT\n"); @@ -1420,6 +1446,10 @@ static int fastrpc_rpmsg_probe(struct rpmsg_device *rpdev) return -EINVAL; } + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + data->miscdev.minor = MISC_DYNAMIC_MINOR; data->miscdev.name = kasprintf(GFP_KERNEL, "fastrpc-%s", domains[domain_id]); @@ -1428,6 +1458,8 @@ static int fastrpc_rpmsg_probe(struct rpmsg_device *rpdev) if (err) return err; + kref_init(&data->refcount); + dev_set_drvdata(&rpdev->dev, data); dma_set_mask_and_coherent(rdev, DMA_BIT_MASK(32)); INIT_LIST_HEAD(&data->users); @@ -1462,7 +1494,8 @@ static void fastrpc_rpmsg_remove(struct rpmsg_device *rpdev) misc_deregister(&cctx->miscdev); of_platform_depopulate(&rpdev->dev); - kfree(cctx); + + fastrpc_channel_ctx_put(cctx); } static int fastrpc_rpmsg_callback(struct rpmsg_device *rpdev, void *data, From patchwork Thu Aug 29 09:29:23 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Srinivas Kandagatla X-Patchwork-Id: 11120795 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8569C1399 for ; Thu, 29 Aug 2019 09:29:41 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 61C38233FF for ; Thu, 29 Aug 2019 09:29:41 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="PtDj5xCz" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727073AbfH2J3j (ORCPT ); Thu, 29 Aug 2019 05:29:39 -0400 Received: from mail-wm1-f67.google.com ([209.85.128.67]:52699 "EHLO mail-wm1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725782AbfH2J3i (ORCPT ); Thu, 29 Aug 2019 05:29:38 -0400 Received: by mail-wm1-f67.google.com with SMTP id t17so2945265wmi.2 for ; Thu, 29 Aug 2019 02:29:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=8gReQ7CjJRAhm4L6Tiz8Y9x8ZLQilV94lsV5veC3IIc=; b=PtDj5xCzFk2wfuU6zYpS9GCEDFNAdkqEJTun597to8/wlUXA2ovkmt2++lgNbddgWj nghCcmSOy88teYBBZJklqSkpkrGk0u7G46HXOPF8zXasJG7NYAM4xbl+IrqiDHsa4a0t Us1d9idE5Oe+d+yY46bKYHNlylT6HBA1I4f9ZwezXwkD49LPzyQsGAN7eAW+RkSJIfrX oFM8uxkVTyFTRc9rtET54Bn2IAabx2x7VgSIL6F2u1KCjd6gCSJJ11GQ/KNwG/jIsSzh Zlf6IL+bUikvtRslDtQAgaYAJGHhijvgZ0U1TiJIxLjlZ0DTgAmlBZZXglO3NV/qtQoq 2AEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=8gReQ7CjJRAhm4L6Tiz8Y9x8ZLQilV94lsV5veC3IIc=; b=QPSk37819q+fTxJjt4KDfOsQEJlA6wABnDn+ogvKTG867qxHS47K2Ik344mIOS4mpw 1lakuUgrXisxFXAyHQApuJyZHN3gWyaTj+lxvSJrRKxbg/dKyJNMMh7X1TsD0nbM3rO7 CvQMhW99wEffjzmmIm6EcpMJypR5UdGLFwja8/0A/AvRyNETihATkG8tPq/odd2hB485 8ZHThLK+7CIEinMQ5zaK/WhnS5ifSdX/95ngS/46Q+ltaQhnqQG+W21XeP79Rep3gj2h ODNTZfoLGdhjtrH+yuUkl0XRxPSb15bJ/+DBHvkxVNnA5q02A011xN84Sjzs+Cz+gvR8 n+5g== X-Gm-Message-State: APjAAAUjJZNGeV3eCgkZq2nZNX/sWJyGryAiemuxOSEJvNKpAfRSS1an hZxxPFpOpIPW4P7+NGetzLoqLQ== X-Google-Smtp-Source: APXvYqzOYofeicG26OGoFyHrHuKzsT2ky6ZgtQ05RxJCwCRhZ+vIGCCRk1RVQrAARSynZ2t5y03Taw== X-Received: by 2002:a7b:cc0f:: with SMTP id f15mr10002879wmh.39.1567070976668; Thu, 29 Aug 2019 02:29:36 -0700 (PDT) Received: from srini-hackbox.lan (cpc89974-aztw32-2-0-cust43.18-1.cable.virginm.net. [86.30.250.44]) by smtp.gmail.com with ESMTPSA id f197sm3609512wme.22.2019.08.29.02.29.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 29 Aug 2019 02:29:36 -0700 (PDT) From: Srinivas Kandagatla To: gregkh@linuxfoundation.org Cc: arnd@arndb.de, linux-arm-msm@vger.kernel.org, linux-kernel@vger.kernel.org, Bjorn Andersson , Mayank Chopra , Abhinav Asati , Vamsi Singamsetty , Srinivas Kandagatla Subject: [PATCH v2 2/5] misc: fastrpc: Don't reference rpmsg_device after remove Date: Thu, 29 Aug 2019 10:29:23 +0100 Message-Id: <20190829092926.12037-3-srinivas.kandagatla@linaro.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190829092926.12037-1-srinivas.kandagatla@linaro.org> References: <20190829092926.12037-1-srinivas.kandagatla@linaro.org> MIME-Version: 1.0 Sender: linux-arm-msm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-arm-msm@vger.kernel.org From: Bjorn Andersson As fastrpc_rpmsg_remove() returns the rpdev of the channel context is no longer a valid object, so ensure to update the channel context to no longer reference the old object and guard in the invoke code path against dereferencing it. Signed-off-by: Bjorn Andersson Signed-off-by: Mayank Chopra Signed-off-by: Abhinav Asati Signed-off-by: Vamsi Singamsetty Signed-off-by: Srinivas Kandagatla --- drivers/misc/fastrpc.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c index c019e867e7fa..59ee6de26229 100644 --- a/drivers/misc/fastrpc.c +++ b/drivers/misc/fastrpc.c @@ -913,6 +913,9 @@ static int fastrpc_internal_invoke(struct fastrpc_user *fl, u32 kernel, if (!fl->sctx) return -EINVAL; + if (!fl->cctx->rpdev) + return -EPIPE; + ctx = fastrpc_context_alloc(fl, kernel, sc, args); if (IS_ERR(ctx)) return PTR_ERR(ctx); @@ -1495,6 +1498,7 @@ static void fastrpc_rpmsg_remove(struct rpmsg_device *rpdev) misc_deregister(&cctx->miscdev); of_platform_depopulate(&rpdev->dev); + cctx->rpdev = NULL; fastrpc_channel_ctx_put(cctx); } From patchwork Thu Aug 29 09:29:24 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Srinivas Kandagatla X-Patchwork-Id: 11120799 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 47A0814D5 for ; Thu, 29 Aug 2019 09:29:58 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 2641D2189D for ; Thu, 29 Aug 2019 09:29:58 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="KdOAkYx4" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727097AbfH2J3k (ORCPT ); Thu, 29 Aug 2019 05:29:40 -0400 Received: from mail-wm1-f66.google.com ([209.85.128.66]:54309 "EHLO mail-wm1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727045AbfH2J3k (ORCPT ); Thu, 29 Aug 2019 05:29:40 -0400 Received: by mail-wm1-f66.google.com with SMTP id k2so1505520wmj.4 for ; Thu, 29 Aug 2019 02:29:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=v2Fx0Pb0mc0UlpujkGqHHioGa7pg7ML7uA9l5iVY0Do=; b=KdOAkYx4mUlEdOHRKmFg/Ohrw/cqTc8SxCG5fhUGBqFGvGPkr0MsZW1RTy99SSeksl DNDorcOie2Sf0FP5HI46t83xZtN20WwtU66qUQz2B+4y+zGoh9G745lhiJ7MxTJAlArB aRt2FRFjKd04Eu9HEfSgIrOnSTG6WlSqhL3TOsl8Ulm4d57y+cCTFmzDWkyG9igZVwHz I7n51NEHrGNiUH53mxrK4p+B2aNdN7xobvVCyWBSg5KNr076w2JuiLJ5/SEyvXNMMjs2 GkbqqSyP2HV2TltnILXR9Rvg8fizFYt5C2gChLXRARQKW02NK95+iY0cFNBqXbDv18Mp CbqA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=v2Fx0Pb0mc0UlpujkGqHHioGa7pg7ML7uA9l5iVY0Do=; b=Zi44Ajy8LZAQyKBOVD8T+7eKBqBXlpm2PbJzKJ5yO4UTH58ajeAti3ZtZIT2ZKWPFz f6q0BOd5roMw5+/rlbWMIxrpswoztCMdsMLrHYfxqagf4frJrA1jXGqVNWjPzxbMgwnq c8wPQlmNDZEHFuUeu9jwEe0saJ6fnulkDzhNa9Is1emmjPcawZl8dF7WtZg+ZHp2344z dNjmMk1dg7KUN9hct9FJcH65vU/9Pltc+OPZJrn0irqvxn6mbtqPSorBHM/nmGJu3QWx r/15DvBPjemqApMNKFfdB7fSuNPgTHd3zII2vcVLTU5a9Sy0WFQ8Kgd9REpyuRDNds3U Kw6Q== X-Gm-Message-State: APjAAAXbG+B8G03rYi4Yjn+5BP0jlsd26enI4CKUILPmWYD6Pr9jHaaN GWCEf6YVBEjl7+vrCRbwXWNvhQ== X-Google-Smtp-Source: APXvYqyu0QQoJV7ZRy9TThXqikuqUKf8hLMAyzYv+K80I5bIT4qhqGE/sAIKKMP5yPM72AF7eLZLNA== X-Received: by 2002:a1c:356:: with SMTP id 83mr10609179wmd.40.1567070977941; Thu, 29 Aug 2019 02:29:37 -0700 (PDT) Received: from srini-hackbox.lan (cpc89974-aztw32-2-0-cust43.18-1.cable.virginm.net. [86.30.250.44]) by smtp.gmail.com with ESMTPSA id f197sm3609512wme.22.2019.08.29.02.29.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 29 Aug 2019 02:29:37 -0700 (PDT) From: Srinivas Kandagatla To: gregkh@linuxfoundation.org Cc: arnd@arndb.de, linux-arm-msm@vger.kernel.org, linux-kernel@vger.kernel.org, Jorge Ramirez-Ortiz , Abhinav Asati , Vamsi Singamsetty , Srinivas Kandagatla Subject: [PATCH v2 3/5] misc: fastrpc: remove unused definition Date: Thu, 29 Aug 2019 10:29:24 +0100 Message-Id: <20190829092926.12037-4-srinivas.kandagatla@linaro.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190829092926.12037-1-srinivas.kandagatla@linaro.org> References: <20190829092926.12037-1-srinivas.kandagatla@linaro.org> MIME-Version: 1.0 Sender: linux-arm-msm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-arm-msm@vger.kernel.org From: Jorge Ramirez-Ortiz Remove unused INIT_MEMLEN_MAX define. Signed-off-by: Jorge Ramirez-Ortiz Signed-off-by: Abhinav Asati Signed-off-by: Vamsi Singamsetty Signed-off-by: Srinivas Kandagatla --- drivers/misc/fastrpc.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c index 59ee6de26229..38829fa74f28 100644 --- a/drivers/misc/fastrpc.c +++ b/drivers/misc/fastrpc.c @@ -33,7 +33,6 @@ #define FASTRPC_INIT_HANDLE 1 #define FASTRPC_CTXID_MASK (0xFF0) #define INIT_FILELEN_MAX (64 * 1024 * 1024) -#define INIT_MEMLEN_MAX (8 * 1024 * 1024) #define FASTRPC_DEVICE_NAME "fastrpc" /* Retrives number of input buffers from the scalars parameter */ From patchwork Thu Aug 29 09:29:25 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Srinivas Kandagatla X-Patchwork-Id: 11120801 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id DE9811395 for ; Thu, 29 Aug 2019 09:30:02 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id BE1872342A for ; Thu, 29 Aug 2019 09:30:02 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="oiVT9zLm" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727040AbfH2J36 (ORCPT ); Thu, 29 Aug 2019 05:29:58 -0400 Received: from mail-wr1-f65.google.com ([209.85.221.65]:40375 "EHLO mail-wr1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727072AbfH2J3k (ORCPT ); Thu, 29 Aug 2019 05:29:40 -0400 Received: by mail-wr1-f65.google.com with SMTP id c3so2670596wrd.7 for ; Thu, 29 Aug 2019 02:29:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=7K2iZxOhWYqdpgu+ftGX/anH+28e+S9dJx0eG5WBrFs=; b=oiVT9zLmf1h4t60P+I9CdvSij40tIxqhF78DG2hIgxWZ5HKvR0HrJISlbt6lpEsCG5 fC+esGCCHY34XbPFe1pyBtp+Tvn2h3uf4qdcm0cUCom7AxdwXYpYD/zDkq3x6lLo5YU5 5YXxHItF+lOOR2mqLSIeA7402VJFl250EKAhM9Wo4iuNf5Z54WKxqAEbuyQzQjAdEOx3 GEXbr6w6bfk6hOFmFZ9klwRBzqw9EIFHZyMVzW7O+COGimlsjq1L5u2mdXfkzu6/p85M nadOZG8Dvj7AwH+BDwuyFr9TdmBsDlnc7Ct4okKhHKUiW+c2L4sq7Ks+SkPhHPN7asUz fPqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=7K2iZxOhWYqdpgu+ftGX/anH+28e+S9dJx0eG5WBrFs=; b=p10hfDuUvPaz6y3e5nF8QcbX8Am9OifEOU5p2HjR23dVyvMfex4l6vfcv6Up9z80qd FybWOWyoym4mN95cjhNZjvoUMO69Ku4qeDhL0JDe3MUnhhcBi9xIg84UHxg7cXV7JjUC ELoR/OS4mZ9cCRX2tGXGVmqs5+8xF+lmxSHvcjLdjaWODvkwlMFI0K8Zh81q12nJrig0 S/wjKIcu8sXpom0aJDaA7AEZEFB33LEDLafmwD//qv7FkTJ6XpX0BrT7cxJu1H6+SF+y bOUYpawtO9p8nA2SuhlnwX5MILhOzqGsDr+Bu+uz1xXJqVPXnSz/Jf5rC0WAF0cfv0zN 3Nyw== X-Gm-Message-State: APjAAAXKauw130BHXzu4kATIWUI1d7QjiQSTNR8b5raumPyJXZCb9YgI ughjSVHP1oEGkX7k5cT9Md6+8g== X-Google-Smtp-Source: APXvYqznwpsrQltLkUtPFiJRDC7Xelm8Yr3Kqqj9ti4s9kus+fNVdkfvo7yIAh0QBXcij46RIIfw1A== X-Received: by 2002:adf:ecc3:: with SMTP id s3mr10359603wro.302.1567070978988; Thu, 29 Aug 2019 02:29:38 -0700 (PDT) Received: from srini-hackbox.lan (cpc89974-aztw32-2-0-cust43.18-1.cable.virginm.net. [86.30.250.44]) by smtp.gmail.com with ESMTPSA id f197sm3609512wme.22.2019.08.29.02.29.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 29 Aug 2019 02:29:38 -0700 (PDT) From: Srinivas Kandagatla To: gregkh@linuxfoundation.org Cc: arnd@arndb.de, linux-arm-msm@vger.kernel.org, linux-kernel@vger.kernel.org, Srinivas Kandagatla , Mayank Chopra , Jorge Ramirez-Ortiz Subject: [PATCH v2 4/5] misc: fastrpc: fix double refcounting on dmabuf Date: Thu, 29 Aug 2019 10:29:25 +0100 Message-Id: <20190829092926.12037-5-srinivas.kandagatla@linaro.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190829092926.12037-1-srinivas.kandagatla@linaro.org> References: <20190829092926.12037-1-srinivas.kandagatla@linaro.org> MIME-Version: 1.0 Sender: linux-arm-msm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-arm-msm@vger.kernel.org dma buf refcount has to be done by the driver which is going to use the fd. This driver already does refcount on the dmabuf fd if its actively using it but also does an additional refcounting via extra ioctl. This additional refcount can lead to memory leak in cases where the applications fail to call the ioctl to decrement the refcount. So remove this extra refcount in the ioctl More info of dma buf usage at drivers/dma-buf/dma-buf.c Reported-by: Mayank Chopra Reported-by: Jorge Ramirez-Ortiz Tested-by: Jorge Ramirez-Ortiz Signed-off-by: Srinivas Kandagatla --- drivers/misc/fastrpc.c | 25 ------------------------- 1 file changed, 25 deletions(-) diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c index 38829fa74f28..eee2bb398947 100644 --- a/drivers/misc/fastrpc.c +++ b/drivers/misc/fastrpc.c @@ -1198,26 +1198,6 @@ static int fastrpc_device_open(struct inode *inode, struct file *filp) return 0; } -static int fastrpc_dmabuf_free(struct fastrpc_user *fl, char __user *argp) -{ - struct dma_buf *buf; - int info; - - if (copy_from_user(&info, argp, sizeof(info))) - return -EFAULT; - - buf = dma_buf_get(info); - if (IS_ERR_OR_NULL(buf)) - return -EINVAL; - /* - * one for the last get and other for the ALLOC_DMA_BUFF ioctl - */ - dma_buf_put(buf); - dma_buf_put(buf); - - return 0; -} - static int fastrpc_dmabuf_alloc(struct fastrpc_user *fl, char __user *argp) { struct fastrpc_alloc_dma_buf bp; @@ -1253,8 +1233,6 @@ static int fastrpc_dmabuf_alloc(struct fastrpc_user *fl, char __user *argp) return -EFAULT; } - get_dma_buf(buf->dmabuf); - return 0; } @@ -1322,9 +1300,6 @@ static long fastrpc_device_ioctl(struct file *file, unsigned int cmd, case FASTRPC_IOCTL_INIT_CREATE: err = fastrpc_init_create_process(fl, argp); break; - case FASTRPC_IOCTL_FREE_DMA_BUFF: - err = fastrpc_dmabuf_free(fl, argp); - break; case FASTRPC_IOCTL_ALLOC_DMA_BUFF: err = fastrpc_dmabuf_alloc(fl, argp); break; From patchwork Thu Aug 29 09:29:26 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Srinivas Kandagatla X-Patchwork-Id: 11120797 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2C46B14D5 for ; Thu, 29 Aug 2019 09:29:53 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 0B05F2189D for ; Thu, 29 Aug 2019 09:29:53 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="xRwJYrUX" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727176AbfH2J3o (ORCPT ); Thu, 29 Aug 2019 05:29:44 -0400 Received: from mail-wr1-f68.google.com ([209.85.221.68]:43806 "EHLO mail-wr1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727101AbfH2J3m (ORCPT ); Thu, 29 Aug 2019 05:29:42 -0400 Received: by mail-wr1-f68.google.com with SMTP id y8so2636382wrn.10 for ; Thu, 29 Aug 2019 02:29:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=txsHPtmH/4H2/WnX6EiFrXzeHkL+qrKcHt+2DoU5kzQ=; b=xRwJYrUXbrpjGAWB4+R5fH7G0mRDkrSB5nnGWG4+zYs587hY8Cesq2JqG0vUTu0shm 5pkphlWZMXlMveg2S4oPS4BdCQp2Mnchh4Ih0wV4GdImugyPNv/ZM0MA3she+V9WXGWU BIretLX6+0BXSa3pOq9OZv9oxXVx8pLDf9VNglZBXBTOuIjqJQ63fAQnH8yB/WoV8lxJ Q7aWiOA/e79K4dnGQJ0uBooFrp4oD2jiMo/YosYL+IqpZRMk9m18+GjoTP70snfB5NND zZadvljCyol2fsr5UIoZl+vVT1xk+csmPx3MmyUoosgeuNBmiciKo4MlvIDgOc+ntJ54 g+HA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=txsHPtmH/4H2/WnX6EiFrXzeHkL+qrKcHt+2DoU5kzQ=; b=nPPqZjk22ZLKxHaOeCRE9/Fz36aLnwJEf7t8sz9ZHSf9v/8eXTsSWy/lMuCmav8PXL WLpzr280XE5lnDaibh97AXnwqFd6GIbCCN57Daa1Kil9CV/t52fE9GuNASBdKTiA2UmE 11u8tXN809Y6aOTvRbBzN0FSQJrlzBupAxy0GQqC/0Vj158UZS5gO22umK5HSt7uloMM oP6V3KsLrDtnGLrCPs6NjzvYI7WHBj0U39FrrEw+SyzudsgICcJyYBawdNyumhMgzacl j8+I/9rSzri4H0fokB1mHqTbjqlaTU2niGTPgwEoiM1yU49IEagWIOBGoC28aKMYncg8 YVTQ== X-Gm-Message-State: APjAAAWtwLJIjStyKNwV/f0ODzafsRyvQigQUaLIkPJcMNe3fTi/9+1r tOBZHbwMd4EiuZvIdYuLN+zW2w== X-Google-Smtp-Source: APXvYqwa7mal8tlwEcN4Id08ifjWX6FoVuVJXnw0+CZOqbxdmTAIG4v5DwpyXEOi1YCHISMEsJCWnw== X-Received: by 2002:adf:a55d:: with SMTP id j29mr9662074wrb.275.1567070980206; Thu, 29 Aug 2019 02:29:40 -0700 (PDT) Received: from srini-hackbox.lan (cpc89974-aztw32-2-0-cust43.18-1.cable.virginm.net. [86.30.250.44]) by smtp.gmail.com with ESMTPSA id f197sm3609512wme.22.2019.08.29.02.29.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 29 Aug 2019 02:29:39 -0700 (PDT) From: Srinivas Kandagatla To: gregkh@linuxfoundation.org Cc: arnd@arndb.de, linux-arm-msm@vger.kernel.org, linux-kernel@vger.kernel.org, Srinivas Kandagatla , Mayank Chopra Subject: [PATCH v2 5/5] misc: fastrpc: free dma buf scatter list Date: Thu, 29 Aug 2019 10:29:26 +0100 Message-Id: <20190829092926.12037-6-srinivas.kandagatla@linaro.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190829092926.12037-1-srinivas.kandagatla@linaro.org> References: <20190829092926.12037-1-srinivas.kandagatla@linaro.org> MIME-Version: 1.0 Sender: linux-arm-msm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-arm-msm@vger.kernel.org dma buf scatter list is never freed, free it! Orignally detected by kmemleak: backtrace: [] kmemleak_alloc+0x50/0x84 [] sg_kmalloc+0x38/0x60 [] __sg_alloc_table+0x60/0x110 [] sg_alloc_table+0x28/0x58 [] __sg_alloc_table_from_pages+0xc0/0x1ac [] sg_alloc_table_from_pages+0x14/0x1c [] __iommu_get_sgtable+0x5c/0x8c [] fastrpc_dma_buf_attach+0x84/0xf8 [] dma_buf_attach+0x70/0xc8 [] fastrpc_map_create+0xf8/0x1e8 [] fastrpc_device_ioctl+0x508/0x900 [] compat_SyS_ioctl+0x128/0x200 [] el0_svc_naked+0x34/0x38 [] 0xffffffffffffffff Reported-by: Mayank Chopra Signed-off-by: Srinivas Kandagatla --- drivers/misc/fastrpc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c index eee2bb398947..47ae84afac2e 100644 --- a/drivers/misc/fastrpc.c +++ b/drivers/misc/fastrpc.c @@ -550,6 +550,7 @@ static void fastrpc_dma_buf_detatch(struct dma_buf *dmabuf, mutex_lock(&buffer->lock); list_del(&a->node); mutex_unlock(&buffer->lock); + sg_free_table(&a->sgt); kfree(a); }