Re: [PATCH 1/3] resource: Fix locking in find_next_iomem_res()

[Nadav Amit]

> On Jun 15, 2019, at 3:15 PM, Sasha Levin <sashal@xxxxxxxxxx> wrote:
> 
> Hi,
> 
> [This is an automated email]
> 
> This commit has been processed because it contains a "Fixes:" tag,
> fixing commit: ff3cc952d3f0 resource: Add remove_resource interface.
> 
> The bot has tested the following trees: v5.1.9, v4.19.50, v4.14.125, v4.9.181.
> 
> v5.1.9: Build OK!
> v4.19.50: Failed to apply! Possible dependencies:
>    010a93bf97c7 ("resource: Fix find_next_iomem_res() iteration issue")
>    a98959fdbda1 ("resource: Include resource end in walk_*() interfaces")
> 
> v4.14.125: Failed to apply! Possible dependencies:
>    010a93bf97c7 ("resource: Fix find_next_iomem_res() iteration issue")
>    0e4c12b45aa8 ("x86/mm, resource: Use PAGE_KERNEL protection for ioremap of memory pages")
>    1d2e733b13b4 ("resource: Provide resource struct in resource walk callback")
>    4ac2aed837cb ("resource: Consolidate resource walking code")
>    a98959fdbda1 ("resource: Include resource end in walk_*() interfaces")
> 
> v4.9.181: Failed to apply! Possible dependencies:
>    010a93bf97c7 ("resource: Fix find_next_iomem_res() iteration issue")
>    0e4c12b45aa8 ("x86/mm, resource: Use PAGE_KERNEL protection for ioremap of memory pages")
>    1d2e733b13b4 ("resource: Provide resource struct in resource walk callback")
>    4ac2aed837cb ("resource: Consolidate resource walking code")
>    60fe3910bb02 ("kexec_file: Allow arch-specific memory walking for kexec_add_buffer")
>    a0458284f062 ("powerpc: Add support code for kexec_file_load()")
>    a98959fdbda1 ("resource: Include resource end in walk_*() interfaces")
>    da6658859b9c ("powerpc: Change places using CONFIG_KEXEC to use CONFIG_KEXEC_CORE instead.")
>    ec2b9bfaac44 ("kexec_file: Change kexec_add_buffer to take kexec_buf as argument.")

Is there a reason 010a93bf97c7 ("resource: Fix find_next_iomem_res()
iteration issueâ) was not backported?

For 4.19 the following passes compilation.

-- >8 --

From: Nadav Amit <namit@xxxxxxxxxx>
Subject: [PATCH] resource: Fix locking in find_next_iomem_res()

Since resources can be removed, locking should ensure that the resource
is not removed while accessing it. However, find_next_iomem_res() does
not hold the lock while copying the data of the resource. Keep holding
the lock while the data is copied.

Fixes: ff3cc952d3f00 ("resource: Add remove_resource interface")
Cc: stable@xxxxxxxxxxxxxxx
Cc: Borislav Petkov <bp@xxxxxxx>
Cc: Toshi Kani <toshi.kani@xxxxxxx>
Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
Cc: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
Cc: Dan Williams <dan.j.williams@xxxxxxxxx>
Cc: Bjorn Helgaas <bhelgaas@xxxxxxxxxx>
Cc: Ingo Molnar <mingo@xxxxxxxxxx>
Signed-off-by: Nadav Amit <namit@xxxxxxxxxx>
---
 kernel/resource.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/kernel/resource.c b/kernel/resource.c
index 30e1bc68503b..0201feade7d5 100644
--- a/kernel/resource.c
+++ b/kernel/resource.c
@@ -331,6 +331,7 @@ static int find_next_iomem_res(struct resource *res, unsigned long desc,
 	resource_size_t start, end;
 	struct resource *p;
 	bool sibling_only = false;
+	int r = 0;
 
 	BUG_ON(!res);
 
@@ -356,9 +357,11 @@ static int find_next_iomem_res(struct resource *res, unsigned long desc,
 			break;
 	}
 
-	read_unlock(&resource_lock);
-	if (!p)
-		return -1;
+	if (!p) {
+		r = -1;
+		goto out;
+	}
+
 	/* copy data */
 	if (res->start < p->start)
 		res->start = p->start;
@@ -366,7 +369,9 @@ static int find_next_iomem_res(struct resource *res, unsigned long desc,
 		res->end = p->end;
 	res->flags = p->flags;
 	res->desc = p->desc;
-	return 0;
+out:
+	read_unlock(&resource_lock);
+	return r;
 }
 
 static int __walk_iomem_res_desc(struct resource *res, unsigned long desc,
-- 
2.17.1