From: Bartosz Golaszewski <brgl@bgdev.pl>
To: Wolfram Sang <wsa@kernel.org>
Cc: linux-i2c@vger.kernel.org, linux-kernel@vger.kernel.org,
Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Subject: [PATCH 0/2] i2c: fortify the subsystem against user-space induced deadlocks
Date: Thu, 8 Dec 2022 19:21:40 +0100 [thread overview]
Message-ID: <20221208182142.250084-1-brgl@bgdev.pl> (raw)
From: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Several subsystems in the kernel that export device files to user-space
suffer from a bug where keeping an open file descriptor associated with
this device file, unbinding the device from its driver and then calling
any of the supported system calls on that file descriptor will result in
either a crash or - as is the case with i2c - a deadlock.
This behavior has been blamed on extensive usage of device resource
management interfaces but it seems that devres has nothing to do with it,
the problem would be the same whether using devres or freeing resources
in .remove() that should survive the driver detach.
Many subsystems already deal with this by implementing some kind of flags
in the character device data together with locking preventing the
user-space from dropping the subsystem data from under the open device.
In i2c the deadlock comes from the fact that the function unregistering
the adapter waits for a completion which will not be passed until all
references to the character device are dropped.
The first patch in this series is just a tweak of return values of the
notifier callback. The second addresses the deadlock problem in a way
similar to how we fixed this issue in the GPIO subystem. Details are in
the commit message.
Bartosz Golaszewski (2):
i2c: dev: fix notifier return values
i2c: dev: don't allow user-space to deadlock the kernel
drivers/i2c/i2c-core-base.c | 18 ------
drivers/i2c/i2c-dev.c | 112 +++++++++++++++++++++++++++++-------
include/linux/i2c.h | 2 -
3 files changed, 91 insertions(+), 41 deletions(-)
--
2.37.2
next reply other threads:[~2022-12-08 18:21 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-08 18:21 Bartosz Golaszewski [this message]
2022-12-08 18:21 ` [PATCH 1/2] i2c: dev: fix notifier return values Bartosz Golaszewski
2022-12-08 18:21 ` [PATCH 2/2] i2c: dev: don't allow user-space to deadlock the kernel Bartosz Golaszewski
2022-12-11 16:30 ` kernel test robot
2022-12-11 22:15 ` Bartosz Golaszewski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221208182142.250084-1-brgl@bgdev.pl \
--to=brgl@bgdev.pl \
--cc=bartosz.golaszewski@linaro.org \
--cc=linux-i2c@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=wsa@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox