diff options
| author | Josh Hunt <johunt@akamai.com> | 2011-06-27 19:18:08 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2011-06-27 21:00:13 -0400 |
| commit | aa2c96d6f329e66cc59352b0f12e8f04e6a9593b (patch) | |
| tree | 0d7db978da167df605b14d4880969b39caf5e0f4 | |
| parent | 507c5f1224014f9956e604ee8703b3bbea7da4a4 (diff) | |
drivers/misc/lkdtm.c: fix race when crashpoint is hit multiple times before checking count
We observed the crash point count going negative in cases where the
crash point is hit multiple times before the check of "count == 0" is
done. Because of this we never call lkdtm_do_action(). This patch just
adds a spinlock to protect count.
Reported-by: Tapan Dhimant <tdhimant@akamai.com>
Signed-off-by: Josh Hunt <johunt@akamai.com>
Acked-by: Ankita Garg <ankita@in.ibm.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| -rw-r--r-- | drivers/misc/lkdtm.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/drivers/misc/lkdtm.c b/drivers/misc/lkdtm.c index 81d7fa4ec0db..150cd7061b80 100644 --- a/drivers/misc/lkdtm.c +++ b/drivers/misc/lkdtm.c | |||
| @@ -120,6 +120,7 @@ static int recur_count = REC_NUM_DEFAULT; | |||
| 120 | static enum cname cpoint = CN_INVALID; | 120 | static enum cname cpoint = CN_INVALID; |
| 121 | static enum ctype cptype = CT_NONE; | 121 | static enum ctype cptype = CT_NONE; |
| 122 | static int count = DEFAULT_COUNT; | 122 | static int count = DEFAULT_COUNT; |
| 123 | static DEFINE_SPINLOCK(count_lock); | ||
| 123 | 124 | ||
| 124 | module_param(recur_count, int, 0644); | 125 | module_param(recur_count, int, 0644); |
| 125 | MODULE_PARM_DESC(recur_count, " Recursion level for the stack overflow test, "\ | 126 | MODULE_PARM_DESC(recur_count, " Recursion level for the stack overflow test, "\ |
| @@ -230,11 +231,14 @@ static const char *cp_name_to_str(enum cname name) | |||
| 230 | static int lkdtm_parse_commandline(void) | 231 | static int lkdtm_parse_commandline(void) |
| 231 | { | 232 | { |
| 232 | int i; | 233 | int i; |
| 234 | unsigned long flags; | ||
| 233 | 235 | ||
| 234 | if (cpoint_count < 1 || recur_count < 1) | 236 | if (cpoint_count < 1 || recur_count < 1) |
| 235 | return -EINVAL; | 237 | return -EINVAL; |
| 236 | 238 | ||
| 239 | spin_lock_irqsave(&count_lock, flags); | ||
| 237 | count = cpoint_count; | 240 | count = cpoint_count; |
| 241 | spin_unlock_irqrestore(&count_lock, flags); | ||
| 238 | 242 | ||
| 239 | /* No special parameters */ | 243 | /* No special parameters */ |
| 240 | if (!cpoint_type && !cpoint_name) | 244 | if (!cpoint_type && !cpoint_name) |
| @@ -349,6 +353,9 @@ static void lkdtm_do_action(enum ctype which) | |||
| 349 | 353 | ||
| 350 | static void lkdtm_handler(void) | 354 | static void lkdtm_handler(void) |
| 351 | { | 355 | { |
| 356 | unsigned long flags; | ||
| 357 | |||
| 358 | spin_lock_irqsave(&count_lock, flags); | ||
| 352 | count--; | 359 | count--; |
| 353 | printk(KERN_INFO "lkdtm: Crash point %s of type %s hit, trigger in %d rounds\n", | 360 | printk(KERN_INFO "lkdtm: Crash point %s of type %s hit, trigger in %d rounds\n", |
| 354 | cp_name_to_str(cpoint), cp_type_to_str(cptype), count); | 361 | cp_name_to_str(cpoint), cp_type_to_str(cptype), count); |
| @@ -357,6 +364,7 @@ static void lkdtm_handler(void) | |||
| 357 | lkdtm_do_action(cptype); | 364 | lkdtm_do_action(cptype); |
| 358 | count = cpoint_count; | 365 | count = cpoint_count; |
| 359 | } | 366 | } |
| 367 | spin_unlock_irqrestore(&count_lock, flags); | ||
| 360 | } | 368 | } |
| 361 | 369 | ||
| 362 | static int lkdtm_register_cpoint(enum cname which) | 370 | static int lkdtm_register_cpoint(enum cname which) |