This is a note to let you know that I've just added the patch titled
dma-buf: balance refcount inbalance
to the 5.2-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
The filename of the patch is:
dma-buf-balance-refcount-inbalance.patch
and it can be found in the queue-5.2 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable(a)vger.kernel.org> know about it.
>From 5e383a9798990c69fc759a4930de224bb497e62c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Glisse?= <jglisse(a)redhat.com>
Date: Thu, 6 Dec 2018 11:18:40 -0500
Subject: dma-buf: balance refcount inbalance
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
From: Jérôme Glisse <jglisse(a)redhat.com>
commit 5e383a9798990c69fc759a4930de224bb497e62c upstream.
The debugfs take reference on fence without dropping them.
Signed-off-by: Jérôme Glisse <jglisse(a)redhat.com>
Cc: Christian König <christian.koenig(a)amd.com>
Cc: Daniel Vetter <daniel.vetter(a)ffwll.ch>
Cc: Sumit Semwal <sumit.semwal(a)linaro.org>
Cc: linux-media(a)vger.kernel.org
Cc: dri-devel(a)lists.freedesktop.org
Cc: linaro-mm-sig(a)lists.linaro.org
Cc: Stéphane Marchesin <marcheu(a)chromium.org>
Cc: stable(a)vger.kernel.org
Reviewed-by: Christian König <christian.koenig(a)amd.com>
Signed-off-by: Sumit Semwal <sumit.semwal(a)linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20181206161840.6578-1-jglisse…
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
drivers/dma-buf/dma-buf.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/dma-buf/dma-buf.c
+++ b/drivers/dma-buf/dma-buf.c
@@ -1057,6 +1057,7 @@ static int dma_buf_debug_show(struct seq
fence->ops->get_driver_name(fence),
fence->ops->get_timeline_name(fence),
dma_fence_is_signaled(fence) ? "" : "un");
+ dma_fence_put(fence);
}
rcu_read_unlock();
Patches currently in stable-queue which might be from jglisse(a)redhat.com are
queue-5.2/dma-buf-balance-refcount-inbalance.patch
This is a note to let you know that I've just added the patch titled
dma-buf: balance refcount inbalance
to the 5.1-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
The filename of the patch is:
dma-buf-balance-refcount-inbalance.patch
and it can be found in the queue-5.1 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable(a)vger.kernel.org> know about it.
>From 5e383a9798990c69fc759a4930de224bb497e62c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Glisse?= <jglisse(a)redhat.com>
Date: Thu, 6 Dec 2018 11:18:40 -0500
Subject: dma-buf: balance refcount inbalance
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
From: Jérôme Glisse <jglisse(a)redhat.com>
commit 5e383a9798990c69fc759a4930de224bb497e62c upstream.
The debugfs take reference on fence without dropping them.
Signed-off-by: Jérôme Glisse <jglisse(a)redhat.com>
Cc: Christian König <christian.koenig(a)amd.com>
Cc: Daniel Vetter <daniel.vetter(a)ffwll.ch>
Cc: Sumit Semwal <sumit.semwal(a)linaro.org>
Cc: linux-media(a)vger.kernel.org
Cc: dri-devel(a)lists.freedesktop.org
Cc: linaro-mm-sig(a)lists.linaro.org
Cc: Stéphane Marchesin <marcheu(a)chromium.org>
Cc: stable(a)vger.kernel.org
Reviewed-by: Christian König <christian.koenig(a)amd.com>
Signed-off-by: Sumit Semwal <sumit.semwal(a)linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20181206161840.6578-1-jglisse…
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
drivers/dma-buf/dma-buf.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/dma-buf/dma-buf.c
+++ b/drivers/dma-buf/dma-buf.c
@@ -1068,6 +1068,7 @@ static int dma_buf_debug_show(struct seq
fence->ops->get_driver_name(fence),
fence->ops->get_timeline_name(fence),
dma_fence_is_signaled(fence) ? "" : "un");
+ dma_fence_put(fence);
}
rcu_read_unlock();
Patches currently in stable-queue which might be from jglisse(a)redhat.com are
queue-5.1/dma-buf-balance-refcount-inbalance.patch
This is a note to let you know that I've just added the patch titled
dma-buf: balance refcount inbalance
to the 4.19-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
The filename of the patch is:
dma-buf-balance-refcount-inbalance.patch
and it can be found in the queue-4.19 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable(a)vger.kernel.org> know about it.
>From 5e383a9798990c69fc759a4930de224bb497e62c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Glisse?= <jglisse(a)redhat.com>
Date: Thu, 6 Dec 2018 11:18:40 -0500
Subject: dma-buf: balance refcount inbalance
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
From: Jérôme Glisse <jglisse(a)redhat.com>
commit 5e383a9798990c69fc759a4930de224bb497e62c upstream.
The debugfs take reference on fence without dropping them.
Signed-off-by: Jérôme Glisse <jglisse(a)redhat.com>
Cc: Christian König <christian.koenig(a)amd.com>
Cc: Daniel Vetter <daniel.vetter(a)ffwll.ch>
Cc: Sumit Semwal <sumit.semwal(a)linaro.org>
Cc: linux-media(a)vger.kernel.org
Cc: dri-devel(a)lists.freedesktop.org
Cc: linaro-mm-sig(a)lists.linaro.org
Cc: Stéphane Marchesin <marcheu(a)chromium.org>
Cc: stable(a)vger.kernel.org
Reviewed-by: Christian König <christian.koenig(a)amd.com>
Signed-off-by: Sumit Semwal <sumit.semwal(a)linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20181206161840.6578-1-jglisse…
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
drivers/dma-buf/dma-buf.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/dma-buf/dma-buf.c
+++ b/drivers/dma-buf/dma-buf.c
@@ -1069,6 +1069,7 @@ static int dma_buf_debug_show(struct seq
fence->ops->get_driver_name(fence),
fence->ops->get_timeline_name(fence),
dma_fence_is_signaled(fence) ? "" : "un");
+ dma_fence_put(fence);
}
rcu_read_unlock();
Patches currently in stable-queue which might be from jglisse(a)redhat.com are
queue-4.19/dma-buf-balance-refcount-inbalance.patch
This is a note to let you know that I've just added the patch titled
dma-buf: balance refcount inbalance
to the 4.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
The filename of the patch is:
dma-buf-balance-refcount-inbalance.patch
and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable(a)vger.kernel.org> know about it.
>From 5e383a9798990c69fc759a4930de224bb497e62c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Glisse?= <jglisse(a)redhat.com>
Date: Thu, 6 Dec 2018 11:18:40 -0500
Subject: dma-buf: balance refcount inbalance
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
From: Jérôme Glisse <jglisse(a)redhat.com>
commit 5e383a9798990c69fc759a4930de224bb497e62c upstream.
The debugfs take reference on fence without dropping them.
Signed-off-by: Jérôme Glisse <jglisse(a)redhat.com>
Cc: Christian König <christian.koenig(a)amd.com>
Cc: Daniel Vetter <daniel.vetter(a)ffwll.ch>
Cc: Sumit Semwal <sumit.semwal(a)linaro.org>
Cc: linux-media(a)vger.kernel.org
Cc: dri-devel(a)lists.freedesktop.org
Cc: linaro-mm-sig(a)lists.linaro.org
Cc: Stéphane Marchesin <marcheu(a)chromium.org>
Cc: stable(a)vger.kernel.org
Reviewed-by: Christian König <christian.koenig(a)amd.com>
Signed-off-by: Sumit Semwal <sumit.semwal(a)linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20181206161840.6578-1-jglisse…
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
drivers/dma-buf/dma-buf.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/dma-buf/dma-buf.c
+++ b/drivers/dma-buf/dma-buf.c
@@ -1115,6 +1115,7 @@ static int dma_buf_debug_show(struct seq
fence->ops->get_driver_name(fence),
fence->ops->get_timeline_name(fence),
dma_fence_is_signaled(fence) ? "" : "un");
+ dma_fence_put(fence);
}
rcu_read_unlock();
Patches currently in stable-queue which might be from jglisse(a)redhat.com are
queue-4.14/dma-buf-balance-refcount-inbalance.patch
queue-4.14/libnvdimm-pfn-fix-fsdax-mode-namespace-info-block-zero-fields.patch
On 7/17/19 12:31 PM, Alexander Popov wrote:
> Hello!
>
> The syzkaller [1] has a trouble with fuzzing the Linux kernel with ION Memory
> Allocator.
>
> Syzkaller uses several methods [2] to limit memory consumption of the userspace
> processes calling the syscalls for testing the kernel:
> - setrlimit(),
> - cgroups,
> - various sysctl.
> But these methods don't work for ION Memory Allocator, so any userspace process
> that has access to /dev/ion can bring the system to the out-of-memory state.
>
> An example of a program doing that:
>
>
> #include <sys/types.h>
> #include <sys/stat.h>
> #include <fcntl.h>
> #include <stdio.h>
> #include <linux/types.h>
> #include <sys/ioctl.h>
>
> #define ION_IOC_MAGIC 'I'
> #define ION_IOC_ALLOC _IOWR(ION_IOC_MAGIC, 0, \
> struct ion_allocation_data)
>
> struct ion_allocation_data {
> __u64 len;
> __u32 heap_id_mask;
> __u32 flags;
> __u32 fd;
> __u32 unused;
> };
>
> int main(void)
> {
> unsigned long i = 0;
> int fd = -1;
> struct ion_allocation_data data = {
> .len = 0x13f65d8c,
> .heap_id_mask = 1,
> .flags = 0,
> .fd = -1,
> .unused = 0
> };
>
> fd = open("/dev/ion", 0);
> if (fd == -1) {
> perror("[-] open /dev/ion");
> return 1;
> }
>
> while (1) {
> printf("iter %lu\n", i);
> ioctl(fd, ION_IOC_ALLOC, &data);
> i++;
> }
>
> return 0;
> }
>
>
> I looked through the code of ion_alloc() and didn't find any limit checks.
> Is it currently possible to limit ION kernel allocations for some process?
>
> If not, is it a right idea to do that?
> Thanks!
>
Yes, I do think that's the right approach. We're working on moving Ion
out of staging and this is something I mentioned to John Stultz. I don't
think we've thought too hard about how to do the actual limiting so
suggestions are welcome.
Thanks,
Laura
> Best regards,
> Alexander
>
>
> [1]: https://github.com/google/syzkaller
> [2]: https://github.com/google/syzkaller/blob/master/executor/common_linux.h
>
On Wed, Jul 03, 2019 at 01:48:41PM +0530, Nishka Dasgupta wrote:
> Remove file ion_carveout_heap.c as its functions and definitions are not
> used anywhere.
> Issue found with Coccinelle.
>
> Signed-off-by: Nishka Dasgupta <nishkadg.linux(a)gmail.com>
> ---
> drivers/staging/android/ion/Kconfig | 9 --
> drivers/staging/android/ion/Makefile | 1 -
> .../staging/android/ion/ion_carveout_heap.c | 133 ------------------
I keep trying to do this, but others point out that the ion code is
"going to be fixed up soon" and that people rely on this interface now.
Well, "code outside of the kernel tree" relies on this, which is not ok,
but the "soon" people keep insisting on it...
Odds are I should just delete all of ION, as there hasn't been any
forward progress on it in a long time.
Hopefully that wakes some people up...
thanks,
greg k-h