#define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include "linux/ptrace.h" static int sys_rt_sigqueueinfo(pid_t tgid, int sig, siginfo_t *uinfo) { return syscall(SYS_rt_sigqueueinfo, tgid, sig, uinfo); } static int sys_rt_tgsigqueueinfo(pid_t tgid, pid_t tid, int sig, siginfo_t *uinfo) { return syscall(SYS_rt_tgsigqueueinfo, tgid, tid, sig, uinfo); } static int sys_ptrace(int request, pid_t pid, void *addr, void *data) { return syscall(SYS_ptrace, request, pid, addr, data); } #define SIGNR 10 #define TEST_SICODE_PRIV -1 #define TEST_SICODE_SHARE -2 #ifndef PAGE_SIZE #define PAGE_SIZE sysconf(_SC_PAGESIZE) #endif #define err(fmt, ...) \ fprintf(stderr, \ "Error (%s:%d): " fmt, \ __FILE__, __LINE__, ##__VA_ARGS__) static int check_error_paths(pid_t child) { struct ptrace_peeksiginfo_args arg; int ret, exit_code = -1; void *addr_rw, *addr_ro; /* * Allocate two contiguous pages. The first one is for read-write, * another is for read-only. */ addr_rw = mmap(NULL, 2 * PAGE_SIZE, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); if (addr_rw == MAP_FAILED) { err("mmap() failed: %m\n"); return 1; } addr_ro = mmap(addr_rw + PAGE_SIZE, PAGE_SIZE, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, -1, 0); if (addr_ro == MAP_FAILED) { err("mmap() failed: %m\n"); goto out; } arg.nr = SIGNR; arg.off = 0; /* Unsupported flags */ arg.flags = ~0; ret = sys_ptrace(PTRACE_PEEKSIGINFO, child, &arg, addr_rw); if (ret != -1 || errno != EINVAL) { err("sys_ptrace() returns %d (expected -1)," " errno %d (expected %d): %m\n", ret, errno, EINVAL); goto out; } arg.flags = 0; /* A part of the buffer is read-only */ ret = sys_ptrace(PTRACE_PEEKSIGINFO, child, &arg, addr_ro - sizeof(siginfo_t) * 2); if (ret != 2) { err("sys_ptrace() returns %d (expected 2): %m\n", ret); goto out; } /* Read-only buffer */ ret = sys_ptrace(PTRACE_PEEKSIGINFO, child, &arg, addr_ro); if (ret != -1 && errno != EFAULT) { err("sys_ptrace() returns %d (expected -1)," " errno %d (expected %d): %m\n", ret, errno, EFAULT); goto out; } exit_code = 0; out: munmap(addr_rw, 2 * PAGE_SIZE); return exit_code; } int check_direct_path(pid_t child, int shared, int nr) { struct ptrace_peeksiginfo_args arg = {.flags = 0, .nr = nr, .off = 0}; int i, j, ret, exit_code = -1; siginfo_t siginfo[SIGNR]; int si_code; if (shared == 1) { arg.flags = PTRACE_PEEKSIGINFO_SHARED; si_code = TEST_SICODE_SHARE; } else { arg.flags = 0; si_code = TEST_SICODE_PRIV; } for (i = 0; i < SIGNR; ) { arg.off = i; ret = sys_ptrace(PTRACE_PEEKSIGINFO, child, &arg, siginfo); if (ret == -1) { err("ptrace() failed: %m\n"); goto out; } if (ret == 0) break; for (j = 0; j < ret; j++, i++) { if (siginfo[j].si_code == si_code && siginfo[j].si_int == i) continue; err("%d: Wrong siginfo i=%d si_code=%d si_int=%d\n", shared, i, siginfo[j].si_code, siginfo[j].si_int); goto out; } } if (i != SIGNR) { err("Only %d signals were read\n", i); goto out; } exit_code = 0; out: return exit_code; } int main(int argc, char *argv[]) { siginfo_t siginfo[SIGNR]; int i, exit_code = 1; sigset_t blockmask; pid_t child; sigemptyset(&blockmask); sigaddset(&blockmask, SIGRTMIN); sigprocmask(SIG_BLOCK, &blockmask, NULL); child = fork(); if (child == -1) { err("fork() failed: %m"); return 1; } else if (child == 0) { pid_t ppid = getppid(); while (1) { if (ppid != getppid()) break; sleep(1); } return 1; } /* Send signals in process-wide and per-thread queues */ for (i = 0; i < SIGNR; i++) { siginfo->si_code = TEST_SICODE_SHARE; siginfo->si_int = i; sys_rt_sigqueueinfo(child, SIGRTMIN, siginfo); siginfo->si_code = TEST_SICODE_PRIV; siginfo->si_int = i; sys_rt_tgsigqueueinfo(child, child, SIGRTMIN, siginfo); } if (sys_ptrace(PTRACE_ATTACH, child, NULL, NULL) == -1) return 1; waitpid(child, NULL, 0); /* Dump signals one by one*/ if (check_direct_path(child, 0, 1)) goto out; /* Dump all signals for one call */ if (check_direct_path(child, 0, SIGNR)) goto out; /* * Dump signal from the process-wide queue. * The number of signals is not multible to the buffer size */ if (check_direct_path(child, 1, 3)) goto out; if (check_error_paths(child)) goto out; printf("PASS\n"); exit_code = 0; out: if (sys_ptrace(PTRACE_KILL, child, NULL, NULL) == -1) return 1; waitpid(child, NULL, 0); return exit_code; } /tr>mode:
authorIago Abal <mail@iagoabal.eu>2017-01-11 14:00:21 +0100
committerVinod Koul <vinod.koul@intel.com>2017-01-25 15:35:11 +0530
commit91539eb1fda2d530d3b268eef542c5414e54bf1a (patch)
tree960f5ca6342ad20837aff18aad6e8ecd7da32fd6 /tools/perf/pmu-events/jevents.h
parent6610d0edf6dc7ee97e46ab3a538a565c79d26199 (diff)
dmaengine: pl330: fix double lock
The static bug finder EBA (http://www.iagoabal.eu/eba/) reported the following double-lock bug: Double lock: 1. spin_lock_irqsave(pch->lock, flags) at pl330_free_chan_resources:2236; 2. call to function `pl330_release_channel' immediately after; 3. call to function `dma_pl330_rqcb' in line 1753; 4. spin_lock_irqsave(pch->lock, flags) at dma_pl330_rqcb:1505. I have fixed it as suggested by Marek Szyprowski. First, I have replaced `pch->lock' with `pl330->lock' in functions `pl330_alloc_chan_resources' and `pl330_free_chan_resources'. This avoids the double-lock by acquiring a different lock than `dma_pl330_rqcb'. NOTE that, as a result, `pl330_free_chan_resources' executes `list_splice_tail_init' on `pch->work_list' under lock `pl330->lock', whereas in the rest of the code `pch->work_list' is protected by `pch->lock'. I don't know if this may cause race conditions. Similarly `pch->cyclic' is written by `pl330_alloc_chan_resources' under `pl330->lock' but read by `pl330_tx_submit' under `pch->lock'. Second, I have removed locking from `pl330_request_channel' and `pl330_release_channel' functions. Function `pl330_request_channel' is only called from `pl330_alloc_chan_resources', so the lock is already held. Function `pl330_release_channel' is called from `pl330_free_chan_resources', which already holds the lock, and from `pl330_del'. Function `pl330_del' is called in an error path of `pl330_probe' and at the end of `pl330_remove', but I assume that there cannot be concurrent accesses to the protected data at those points. Signed-off-by: Iago Abal <mail@iagoabal.eu> Reviewed-by: Marek Szyprowski <m.szyprowski@samsung.com> Signed-off-by: Vinod Koul <vinod.koul@intel.com>
Diffstat (limited to 'tools/perf/pmu-events/jevents.h')