misc: fastrpc: reject new invocations during device removal

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The channel's rpmsg object allows new invocations to be made. After old
invocations are already interrupted, the driver shouldn't try to invoke
anymore. Invalidating the rpmsg at the end of the driver removal
function makes it easy to cause a race condition in userspace. Even
closing a file descriptor before the driver finishes its cleanup can
cause an invocation via fastrpc_release_current_dsp_process() and
subsequent timeout.

Invalidate the channel before the invocations are interrupted to make
sure that no invocations can be created to hang after the device closes.

Fixes: c68cfb718c8f ("misc: fastrpc: Add support for context Invoke method")
Cc: stable <stable@kernel.org>
Signed-off-by: Richard Acayan <mailingradian@gmail.com>
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Link: https://lore.kernel.org/r/20230523152550.438363-5-srinivas.kandagatla@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

authored by

Richard Acayan and committed by

Greg Kroah-Hartman 3 years ago 46248400 b6a06285

+2 -1

1 changed file

expand all

drivers

misc

fastrpc.c

+2 -1

drivers/misc/fastrpc.c

··· 2363 2363 struct fastrpc_user *user; 2364 2364 unsigned long flags; 2365 2365 2366 + /* No invocations past this point */ 2366 2367 spin_lock_irqsave(&cctx->lock, flags); 2368 + cctx->rpdev = NULL; 2367 2369 list_for_each_entry(user, &cctx->users, user) 2368 2370 fastrpc_notify_users(user); 2369 2371 spin_unlock_irqrestore(&cctx->lock, flags); ··· 2384 2382 2385 2383 of_platform_depopulate(&rpdev->dev); 2386 2384 2387 - cctx->rpdev = NULL; 2388 2385 fastrpc_channel_ctx_put(cctx); 2389 2386 } 2390 2387

Configure Feed

Configure Feed