[094/107] drivers/misc/lkdtm.c: fix race when crashpoint is hit multiple times before checking count

From: Greg KH
Date: Fri Jul 08 2011 - 01:05:48 EST

Next message: Greg KH: "[096/107] Fix CPU spinlock lockups on secondary CPU bringup"
Previous message: Greg KH: "[093/107] iwlagn: fix change_interface for P2P types"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

2.6.39-stable review patch. If anyone has any objections, please let us know.

------------------

From: Josh Hunt <johunt@xxxxxxxxxx>

commit aa2c96d6f329e66cc59352b0f12e8f04e6a9593b upstream.

We observed the crash point count going negative in cases where the
crash point is hit multiple times before the check of "count == 0" is
done. Because of this we never call lkdtm_do_action(). This patch just
adds a spinlock to protect count.

Reported-by: Tapan Dhimant <tdhimant@xxxxxxxxxx>
Signed-off-by: Josh Hunt <johunt@xxxxxxxxxx>
Acked-by: Ankita Garg <ankita@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>

---
drivers/misc/lkdtm.c | 8 ++++++++
1 file changed, 8 insertions(+)

--- a/drivers/misc/lkdtm.c
+++ b/drivers/misc/lkdtm.c
@@ -120,6 +120,7 @@ static int recur_count = REC_NUM_DEFAULT
static enum cname cpoint = CN_INVALID;
static enum ctype cptype = CT_NONE;
static int count = DEFAULT_COUNT;
+static DEFINE_SPINLOCK(count_lock);

module_param(recur_count, int, 0644);
MODULE_PARM_DESC(recur_count, " Recursion level for the stack overflow test, "\
@@ -230,11 +231,14 @@ static const char *cp_name_to_str(enum c
static int lkdtm_parse_commandline(void)
{
int i;
+ unsigned long flags;

if (cpoint_count < 1 || recur_count < 1)
return -EINVAL;

+ spin_lock_irqsave(&count_lock, flags);
count = cpoint_count;
+ spin_unlock_irqrestore(&count_lock, flags);

/* No special parameters */
if (!cpoint_type && !cpoint_name)
@@ -349,6 +353,9 @@ static void lkdtm_do_action(enum ctype w

static void lkdtm_handler(void)
{
+ unsigned long flags;
+
+ spin_lock_irqsave(&count_lock, flags);
count--;
printk(KERN_INFO "lkdtm: Crash point %s of type %s hit, trigger in %d rounds\n",
cp_name_to_str(cpoint), cp_type_to_str(cptype), count);
@@ -357,6 +364,7 @@ static void lkdtm_handler(void)
lkdtm_do_action(cptype);
count = cpoint_count;
}
+ spin_unlock_irqrestore(&count_lock, flags);
}

static int lkdtm_register_cpoint(enum cname which)

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg KH: "[096/107] Fix CPU spinlock lockups on secondary CPU bringup"
Previous message: Greg KH: "[093/107] iwlagn: fix change_interface for P2P types"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]