Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit cea23cb7 authored by Martin Liu's avatar Martin Liu Committed by Suren Baghdasaryan
Browse files

ANDROID: GKI: dma-buf: use spinlock to protect set/get name operation 



We introduced setname ioctl in commit bb2bb9030425 ("dma-buf:
add DMA_BUF_SET_NAME ioctls") that provides userpsace
to attach a free-form name for tracking and counting shared
buffers. However the d_dname callback could be called in atomic
context. This call path comes from selinux that verifies all
inherited open files from exec call. To verify all inherited
open files, kernel would iterate all fds which need to hold
spin_lock to get denty name by calling d_dname operation.
In dma-buf d_dname callback, we use mutex lock to prevent the
race from setname causing this issue.

This commit adds a spinlock to protect set/get name operation
to fix this issue.

[  165.617090] Call trace:
[  165.620504]  ___might_sleep+0x114/0x118
[  165.625344]  __might_sleep+0x50/0x84
[  165.629928]  __mutex_lock_common+0x5c/0x10b0
[  165.635215]  mutex_lock_nested+0x40/0x50
[  165.640157]  dmabuffs_dname+0x48/0xdc
[  165.644821]  d_path+0x78/0x1e4
[  165.648870]  audit_log_d_path+0x68/0x134
[  165.653807]  common_lsm_audit+0x33c/0x6f4
[  165.658832]  slow_avc_audit+0xb4/0xf0
[  165.663503]  avc_has_perm+0xdc/0x1a4
[  165.668081]  file_has_perm+0x70/0x154
[  165.672750]  match_file+0x54/0x6c
[  165.677064]  iterate_fd+0x74/0xac
[  165.681369]  selinux_bprm_committing_creds+0xfc/0x210
[  165.687459]  security_bprm_committing_creds+0x2c/0x40
[  165.693546]  install_exec_creds+0x1c/0x68
[  165.698569]  load_elf_binary+0x3a0/0x13c8
[  165.703590]  search_binary_handler+0xb8/0x1e4
[  165.708964]  __do_execve_file+0x6e4/0x9c8
[  165.713984]  __arm64_sys_execve+0x44/0x54
[  165.719008]  el0_svc_common+0xa8/0x168
[  165.723765]  el0_svc_handler+0x78/0x94
[  165.728522]  el0_svc+0x8/0xc

Signed-off-by: default avatarMartin Liu <liumartin@google.com>

[surenb: cherry-picked and backported from:
https://lkml.org/lkml/2020/1/14/799



Conflicts:
        drivers/dma-buf/dma-buf.c

1. Resolved diffs between 4.19 and upstream by replacing dma_resv_lock
with dmabuf->lock
]

Bug: 150611569
Test: build
Signed-off-by: default avatarSuren Baghdasaryan <surenb@google.com>
Change-Id: Ia0b20a40d491eb41b8844d05dc86dfd6039de07f
parent e4237786
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment