From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Aaron Hill <aa1ronham@gmail.com>, Zhang Rui <rui.zhang@intel.com>,
Sasha Levin <sashal@kernel.org>,
linux-pm@vger.kernel.org
Subject: [PATCH AUTOSEL 4.14 16/40] drivers: thermal: int340x_thermal: Fix sysfs race condition
Date: Thu, 14 Feb 2019 21:12:49 -0500 [thread overview]
Message-ID: <20190215021313.178476-16-sashal@kernel.org> (raw)
In-Reply-To: <20190215021313.178476-1-sashal@kernel.org>
From: Aaron Hill <aa1ronham@gmail.com>
[ Upstream commit 129699bb8c7572106b5bbb2407c2daee4727ccad ]
Changes since V1:
* Use dev_info instead of printk
* Use dev_warn instead of BUG_ON
Previously, sysfs_create_group was called before all initialization had
fully run - specifically, before pci_set_drvdata was called. Since the
sysctl group is visible to userspace as soon as sysfs_create_group
returns, a small window of time existed during which a process could read
from an uninitialized/partially-initialized device.
This commit moves the creation of the sysctl group to after all
initialized is completed. This ensures that it's impossible for
userspace to read from a sysctl file before initialization has fully
completed.
To catch any future regressions, I've added a check to ensure
that proc_thermal_emum_mode is never PROC_THERMAL_NONE when a process
tries to read from a sysctl file. Previously, the aforementioned race
condition could result in the 'else' branch
running while PROC_THERMAL_NONE was set,
leading to a null pointer deference.
Signed-off-by: Aaron Hill <aa1ronham@gmail.com>
Signed-off-by: Zhang Rui <rui.zhang@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../processor_thermal_device.c | 28 ++++++++++---------
1 file changed, 15 insertions(+), 13 deletions(-)
diff --git a/drivers/thermal/int340x_thermal/processor_thermal_device.c b/drivers/thermal/int340x_thermal/processor_thermal_device.c
index c6ab7db8c8e2..c344a3783625 100644
--- a/drivers/thermal/int340x_thermal/processor_thermal_device.c
+++ b/drivers/thermal/int340x_thermal/processor_thermal_device.c
@@ -77,7 +77,12 @@ static ssize_t power_limit_##index##_##suffix##_show(struct device *dev, \
struct pci_dev *pci_dev; \
struct platform_device *pdev; \
struct proc_thermal_device *proc_dev; \
-\
+ \
+ if (proc_thermal_emum_mode == PROC_THERMAL_NONE) { \
+ dev_warn(dev, "Attempted to get power limit before device was initialized!\n"); \
+ return 0; \
+ } \
+ \
if (proc_thermal_emum_mode == PROC_THERMAL_PLATFORM_DEV) { \
pdev = to_platform_device(dev); \
proc_dev = platform_get_drvdata(pdev); \
@@ -291,11 +296,6 @@ static int proc_thermal_add(struct device *dev,
*priv = proc_priv;
ret = proc_thermal_read_ppcc(proc_priv);
- if (!ret) {
- ret = sysfs_create_group(&dev->kobj,
- &power_limit_attribute_group);
-
- }
if (ret)
return ret;
@@ -309,8 +309,7 @@ static int proc_thermal_add(struct device *dev,
proc_priv->int340x_zone = int340x_thermal_zone_add(adev, ops);
if (IS_ERR(proc_priv->int340x_zone)) {
- ret = PTR_ERR(proc_priv->int340x_zone);
- goto remove_group;
+ return PTR_ERR(proc_priv->int340x_zone);
} else
ret = 0;
@@ -324,9 +323,6 @@ static int proc_thermal_add(struct device *dev,
remove_zone:
int340x_thermal_zone_remove(proc_priv->int340x_zone);
-remove_group:
- sysfs_remove_group(&proc_priv->dev->kobj,
- &power_limit_attribute_group);
return ret;
}
@@ -357,7 +353,10 @@ static int int3401_add(struct platform_device *pdev)
platform_set_drvdata(pdev, proc_priv);
proc_thermal_emum_mode = PROC_THERMAL_PLATFORM_DEV;
- return 0;
+ dev_info(&pdev->dev, "Creating sysfs group for PROC_THERMAL_PLATFORM_DEV\n");
+
+ return sysfs_create_group(&pdev->dev.kobj,
+ &power_limit_attribute_group);
}
static int int3401_remove(struct platform_device *pdev)
@@ -434,7 +433,10 @@ static int proc_thermal_pci_probe(struct pci_dev *pdev,
dev_err(&pdev->dev, "No auxiliary DTSs enabled\n");
}
- return 0;
+ dev_info(&pdev->dev, "Creating sysfs group for PROC_THERMAL_PCI\n");
+
+ return sysfs_create_group(&pdev->dev.kobj,
+ &power_limit_attribute_group);
}
static void proc_thermal_pci_remove(struct pci_dev *pdev)
--
2.19.1
next prev parent reply other threads:[~2019-02-15 2:12 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-15 2:12 [PATCH AUTOSEL 4.14 01/40] drm/msm: Unblock writer if reader closes file Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 02/40] ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 03/40] ALSA: compress: prevent potential divide by zero bugs Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 04/40] ASoC: Variable "val" in function rt274_i2c_probe() could be uninitialized Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 05/40] clk: vc5: Abort clock configuration without upstream clock Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 06/40] thermal: int340x_thermal: Fix a NULL vs IS_ERR() check Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 07/40] usb: dwc3: gadget: synchronize_irq dwc irq in suspend Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 08/40] usb: dwc3: gadget: Fix the uninitialized link_state when udc starts Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 09/40] usb: gadget: Potential NULL dereference on allocation error Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 10/40] genirq: Make sure the initial affinity is not empty Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 11/40] ASoC: dapm: change snprintf to scnprintf for possible overflow Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 12/40] ASoC: imx-audmux: " Sasha Levin
2019-02-15 2:12 ` Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 13/40] selftests: seccomp: use LDLIBS instead of LDFLAGS sashal
2019-02-15 2:12 ` Sasha Levin
2019-02-15 2:12 ` Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 14/40] selftests: gpio-mockup-chardev: Check asprintf() for error Sasha Levin
2019-02-15 2:12 ` Sasha Levin
2019-02-15 2:12 ` sashal
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 15/40] ARC: fix __ffs return value to avoid build warnings Sasha Levin
2019-02-15 2:12 ` Sasha Levin
2019-02-15 2:12 ` Sasha Levin [this message]
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 17/40] staging: rtl8723bs: Fix build error with Clang when inlining is disabled Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 18/40] mac80211: fix miscounting of ttl-dropped frames Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 19/40] sched/wait: Fix rcuwait_wake_up() ordering Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 20/40] futex: Fix (possible) missed wakeup Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 21/40] locking/rwsem: " Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 22/40] libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 23/40] drm/amd/powerplay: OD setting fix on Vega10 Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 24/40] serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 25/40] staging: android: ion: Support cpu access during dma_buf_detach Sasha Levin
2019-02-15 2:12 ` Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 26/40] direct-io: allow direct writes to empty inodes Sasha Levin
2019-02-15 2:13 ` [PATCH AUTOSEL 4.14 27/40] writeback: synchronize sync(2) against cgroup writeback membership switches Sasha Levin
2019-02-15 2:13 ` [PATCH AUTOSEL 4.14 28/40] scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state() Sasha Levin
2019-02-15 2:13 ` [PATCH AUTOSEL 4.14 29/40] net: altera_tse: fix connect_local_phy error path Sasha Levin
2019-02-15 2:13 ` [PATCH AUTOSEL 4.14 30/40] hv_netvsc: Fix ethtool change hash key error Sasha Levin
2019-02-15 2:13 ` [PATCH AUTOSEL 4.14 31/40] sfc: suppress duplicate nvmem partition types in efx_ef10_mtd_probe Sasha Levin
2019-02-15 2:13 ` [PATCH AUTOSEL 4.14 32/40] ax25: fix possible use-after-free Sasha Levin
2019-02-15 2:13 ` [PATCH AUTOSEL 4.14 33/40] net: usb: asix: ax88772_bind return error when hw_reset fail Sasha Levin
2019-02-15 2:13 ` [PATCH AUTOSEL 4.14 34/40] net: dev_is_mac_header_xmit() true for ARPHRD_RAWIP Sasha Levin
2019-02-15 2:13 ` [PATCH AUTOSEL 4.14 35/40] ibmveth: Do not process frames after calling napi_reschedule Sasha Levin
2019-02-15 2:13 ` Sasha Levin
2019-02-15 2:13 ` [PATCH AUTOSEL 4.14 36/40] mac80211: don't initiate TDLS connection if station is not associated to AP Sasha Levin
2019-02-15 2:13 ` [PATCH AUTOSEL 4.14 37/40] mac80211: Add attribute aligned(2) to struct 'action' Sasha Levin
2019-02-15 2:13 ` [PATCH AUTOSEL 4.14 38/40] cfg80211: extend range deviation for DMG Sasha Levin
2019-02-15 2:13 ` [PATCH AUTOSEL 4.14 39/40] svm: Fix AVIC incomplete IPI emulation Sasha Levin
2019-02-15 2:13 ` [PATCH AUTOSEL 4.14 40/40] KVM: nSVM: clear events pending from svm_complete_interrupts() when exiting to L1 Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190215021313.178476-16-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=aa1ronham@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=rui.zhang@intel.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.