Commit 319ba0a4 authored by Yonglong Liu's avatar Yonglong Liu Committed by Yang Yingliang
Browse files

net: hns3: fix race condition in debugfs 

driver inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4LD5U


CVE: NA

----------------------------

When multiple users access debugfs at the same time, the process
of alloc and release memory becomes disordered, causing the
kernel crash like this:

[763845.759089] PC is at kfree+0x19c/0x1a0
[763845.759100] LR is at kvfree+0x3c/0x58
[763845.759103] pc : [<ffff00000828878c>] lr : [<ffff00000823432c>] pstate: 60400009
[763845.759105] sp : ffff00003744fc90
[763845.759108] x29: ffff00003744fc90 x28: ffff8027dc87b800
[763845.759115] x27: ffff0000088a1000 x26: ffff000002970f48
[763845.759121] x25: ffff802502600000 x24: 00000000000000af
[763845.759127] x23: 0000000000010000 x22: 0000000013dc0000
[763845.759133] x21: ffff00000823432c x20: ffff802502600000
[763845.759139] x19: ffff802502600000 x18: 0000ffffdaa06b10
[763845.759145] x17: 00000000004201c8 x16: ffff0000082b2b10
[763845.759151] x15: 000000000003013f x14: 0000ffffa462ffe0
[763845.759157] x13: ffffffffffffffff x12: 0433526ae61f3300
[763845.759163] x11: ffff000009694b30 x10: 0000000000000001
[763845.759169] x9 : 000000000007b224 x8 : ffff000009719edc
[763845.759175] x7 : ffff7fe009409800 x6 : 00000045757af8cf
[763845.759181] x5 : ffff8027fced69f0 x4 : 0000000000000000
[763845.759187] x3 : 0000000000000000 x2 : 0433526ae61f3300
[763845.759192] x1 : 0000000000000000 x0 : dead000000000100
[763845.759200] Process cat (pid: 57988, stack limit = 0xffff000037440000)
[763845.759203] Call trace:
[763845.759207] Exception stack(0xffff00003744fb50 to 0xffff00003744fc90)
[763845.759211] fb40:                                   dead000000000100 0000000000000000
[768745.759215] fb60: 0433526ae61f3300 0000000000000000 0000000000000000 ffff8027fced69f0
[763845.759219] fb80: 00000045757af8cf ffff7fe009409800 ffff000009719edc 000000000007b224
[763845.759222] fba0: 0000000000000001 ffff000009694b30 0433526ae61f3300 ffffffffffffffff
[763845.759226] fbc0: 0000ffffa462ffe0 000000000003013f ffff0000082b2b10 00000000004201c8
[763845.759231] fbe0: 0000ffffdaa06b10 ffff802502600000 ffff802502600000 ffff00000823432c
[763845.759235] fc00: 0000000013dc0000 0000000000010000 00000000000000af ffff802502600000
[763845.759238] fc20: ffff000002970f48 ffff0000088a1000 ffff8027dc87b800 ffff00003744fc90
[763845.759243] fc40: ffff00000823432c ffff00003744fc90 ffff00000828878c 0000000060400009
[763845.759247] fc60: ffff00003744feb0 0000000013dc0000 0000ffffffffffff 0000000000000023
[763845.759250] fc80: ffff00003744fc90 ffff00000828878c
[763845.759259] [<ffff00000828878c>] kfree+0x19c/0x1a0
[763845.759263] [<ffff00000823432c>] kvfree+0x3c/0x58
[763845.759306] [<ffff00000295ab94>] hns3_dbg_read+0x94/0x240 [hns3]
[763845.759318] [<ffff000008359550>] full_proxy_read+0x60/0x90
[763845.759324] [<ffff0000082b22a4>] __vfs_read+0x58/0x178
[763845.759327] [<ffff0000082b2454>] vfs_read+0x90/0x14c
[763845.759332] [<ffff0000082b2b70>] SyS_read+0x60/0xc0

This patch adds a mutex lock to fix the race condition, and need
to call hns3_dbg_read_cmd() function when buffer is NULL to
avoid reading empty data.

Fixes: c91910ef ("net: hns3: refactor the debugfs process")
Signed-off-by: default avatarYonglong Liu <liuyonglong@huawei.com>
Reviewed-by: default avatarli yongxin <liyongxin1@huawei.com>
Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
parent a242606d
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment