+stable
what is the status of this patch? We'd like to get it into the android common branches to fix possible double free.
On Fri, Jan 19, 2018 at 7:24 AM, Geert Uytterhoeven geert+renesas@glider.be wrote:
The driver_override implementation is susceptible to a race condition when different threads are reading vs storing a different driver override. Add locking to avoid this race condition.
Cfr. commits 6265539776a0810b ("driver core: platform: fix race condition with driver_override") and 9561475db680f714 ("PCI: Fix race condition with driver_override").
Fixes: 3cf385713460eb2b ("ARM: 8256/1: driver coamba: add device binding path 'driver_override'") Signed-off-by: Geert Uytterhoeven geert+renesas@glider.be
drivers/amba/bus.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/drivers/amba/bus.c b/drivers/amba/bus.c index 6ffd778352e6d953..36c5653ced5742b7 100644 --- a/drivers/amba/bus.c +++ b/drivers/amba/bus.c @@ -69,8 +69,12 @@ static ssize_t driver_override_show(struct device *_dev, struct device_attribute *attr, char *buf) { struct amba_device *dev = to_amba_device(_dev);
ssize_t len;
return sprintf(buf, "%s\n", dev->driver_override);
device_lock(_dev);len = sprintf(buf, "%s\n", dev->driver_override);device_unlock(_dev);return len;}
static ssize_t driver_override_store(struct device *_dev, @@ -78,7 +82,7 @@ static ssize_t driver_override_store(struct device *_dev, const char *buf, size_t count) { struct amba_device *dev = to_amba_device(_dev);
char *driver_override, *old = dev->driver_override, *cp;
char *driver_override, *old, *cp; if (count > PATH_MAX) return -EINVAL;@@ -91,12 +95,15 @@ static ssize_t driver_override_store(struct device *_dev, if (cp) *cp = '\0';
device_lock(_dev);old = dev->driver_override; if (strlen(driver_override)) { dev->driver_override = driver_override; } else { kfree(driver_override); dev->driver_override = NULL; }device_unlock(_dev); kfree(old);-- 2.7.4
Hi Todd,
On Fri, Mar 2, 2018 at 7:23 PM, Todd Kjos tkjos@android.com wrote:
+stable
what is the status of this patch? We'd like to get it into the android common branches to fix possible double free.
Thanks for your interest!
So far this patch (and the 3 others in the series) haven't received any comments. If someone sends a Acked-by or Reviewed-by, I can submit them to RMK's patch system.
Thanks!
On Fri, Jan 19, 2018 at 7:24 AM, Geert Uytterhoeven geert+renesas@glider.be wrote:
The driver_override implementation is susceptible to a race condition when different threads are reading vs storing a different driver override. Add locking to avoid this race condition.
Cfr. commits 6265539776a0810b ("driver core: platform: fix race condition with driver_override") and 9561475db680f714 ("PCI: Fix race condition with driver_override").
Fixes: 3cf385713460eb2b ("ARM: 8256/1: driver coamba: add device binding path 'driver_override'") Signed-off-by: Geert Uytterhoeven geert+renesas@glider.be
Gr{oetje,eeting}s,
Geert
-- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds
linux-stable-mirror@lists.linaro.org
-
Geert Uytterhoeven -
Todd Kjos