tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

drivers/misc/lkdtm.c: fix race when crashpoint is hit multiple times before checking count

We observed the crash point count going negative in cases where the
crash point is hit multiple times before the check of "count == 0" is
done. Because of this we never call lkdtm_do_action(). This patch just
adds a spinlock to protect count.

Reported-by: Tapan Dhimant <tdhimant@akamai.com>
Signed-off-by: Josh Hunt <johunt@akamai.com>
Acked-by: Ankita Garg <ankita@in.ibm.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

authored by

Josh Hunt and committed by
Linus Torvalds aa2c96d6 507c5f12

+8
+8
drivers/misc/lkdtm.c
··· 120 120 static enum cname cpoint = CN_INVALID; 121 121 static enum ctype cptype = CT_NONE; 122 122 static int count = DEFAULT_COUNT; 123 + static DEFINE_SPINLOCK(count_lock); 123 124 124 125 module_param(recur_count, int, 0644); 125 126 MODULE_PARM_DESC(recur_count, " Recursion level for the stack overflow test, "\ ··· 231 230 static int lkdtm_parse_commandline(void) 232 231 { 233 232 int i; 233 + unsigned long flags; 234 234 235 235 if (cpoint_count < 1 || recur_count < 1) 236 236 return -EINVAL; 237 237 238 + spin_lock_irqsave(&count_lock, flags); 238 239 count = cpoint_count; 240 + spin_unlock_irqrestore(&count_lock, flags); 239 241 240 242 /* No special parameters */ 241 243 if (!cpoint_type && !cpoint_name) ··· 353 349 354 350 static void lkdtm_handler(void) 355 351 { 352 + unsigned long flags; 353 + 354 + spin_lock_irqsave(&count_lock, flags); 356 355 count--; 357 356 printk(KERN_INFO "lkdtm: Crash point %s of type %s hit, trigger in %d rounds\n", 358 357 cp_name_to_str(cpoint), cp_type_to_str(cptype), count); ··· 364 357 lkdtm_do_action(cptype); 365 358 count = cpoint_count; 366 359 } 360 + spin_unlock_irqrestore(&count_lock, flags); 367 361 } 368 362 369 363 static int lkdtm_register_cpoint(enum cname which)