On Sun, Oct 17, 2021 at 01:55:21PM -0500, David Lechner wrote:
> This removes the chrdev_lock from the counter subsystem. This was
> intended to prevent opening the chrdev more than once. However, this
> doesn't work in practice since userspace can duplicate file descriptors
> and pass file descriptors to other processes. Since this protection
> can't be relied on, it is best to just remove it.
>
> Suggested-by: Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>
> Signed-off-by: David Lechner <david@xxxxxxxxxxxxxx>
Hi David,
If userspace can bypass this protection then we might as well remove the
code as moot. In agree in principle to this change, but I do have some
comments inline below.
> ---
> drivers/counter/counter-chrdev.c | 6 ------
> drivers/counter/counter-sysfs.c | 13 +++----------
> include/linux/counter.h | 7 -------
> 3 files changed, 3 insertions(+), 23 deletions(-)
>
> diff --git a/drivers/counter/counter-chrdev.c b/drivers/counter/counter-chrdev.c
> index 967c94ae95bb..b747dc81cfc6 100644
> --- a/drivers/counter/counter-chrdev.c
> +++ b/drivers/counter/counter-chrdev.c
> @@ -384,10 +384,6 @@ static int counter_chrdev_open(struct inode *inode, struct file *filp)
> typeof(*counter),
> chrdev);
>
> - /* Ensure chrdev is not opened more than 1 at a time */
> - if (!atomic_add_unless(&counter->chrdev_lock, 1, 1))
> - return -EBUSY;
> -
> get_device(&counter->dev);
> filp->private_data = counter;
>
> @@ -419,7 +415,6 @@ static int counter_chrdev_release(struct inode *inode, struct file *filp)
> mutex_unlock(&counter->ops_exist_lock);
>
> put_device(&counter->dev);
> - atomic_dec(&counter->chrdev_lock);
>
> return ret;
> }
> @@ -445,7 +440,6 @@ int counter_chrdev_add(struct counter_device *const counter)
> mutex_init(&counter->events_lock);
>
> /* Initialize character device */
We can remove this comment because the purpose of calling cdev_init() is
obvious enough from the name.
> - atomic_set(&counter->chrdev_lock, 0);
> cdev_init(&counter->chrdev, &counter_fops);
>
> /* Allocate Counter events queue */
> diff --git a/drivers/counter/counter-sysfs.c b/drivers/counter/counter-sysfs.c
> index 1ccd771da25f..7bf8882ff54d 100644
> --- a/drivers/counter/counter-sysfs.c
> +++ b/drivers/counter/counter-sysfs.c
> @@ -796,25 +796,18 @@ static int counter_events_queue_size_write(struct counter_device *counter,
> u64 val)
> {
> DECLARE_KFIFO_PTR(events, struct counter_event);
> - int err = 0;
> -
> - /* Ensure chrdev is not opened more than 1 at a time */
> - if (!atomic_add_unless(&counter->chrdev_lock, 1, 1))
> - return -EBUSY;
> + int err;
>
> /* Allocate new events queue */
> err = kfifo_alloc(&events, val, GFP_KERNEL);
> if (err)
> - goto exit_early;
> + return err;
>
> /* Swap in new events queue */
> kfifo_free(&counter->events);
> counter->events.kfifo = events.kfifo;
Do we need to hold the events_lock mutex here for this swap in case
counter_chrdev_read() is in the middle of reading the kfifo to
userspace, or do the kfifo macros already protect us from a race
condition here?
William Breathitt Gray
>
> -exit_early:
> - atomic_dec(&counter->chrdev_lock);
> -
> - return err;
> + return 0;
> }
>
> static struct counter_comp counter_num_signals_comp =
> diff --git a/include/linux/counter.h b/include/linux/counter.h
> index 22b14a552b1d..0fd99e255a50 100644
> --- a/include/linux/counter.h
> +++ b/include/linux/counter.h
> @@ -297,7 +297,6 @@ struct counter_ops {
> * @events: queue of detected Counter events
> * @events_wait: wait queue to allow blocking reads of Counter events
> * @events_lock: lock to protect Counter events queue read operations
> - * @chrdev_lock: lock to limit chrdev to a single open at a time
> * @ops_exist_lock: lock to prevent use during removal
> */
> struct counter_device {
> @@ -325,12 +324,6 @@ struct counter_device {
> DECLARE_KFIFO_PTR(events, struct counter_event);
> wait_queue_head_t events_wait;
> struct mutex events_lock;
> - /*
> - * chrdev_lock is locked by counter_chrdev_open() and unlocked by
> - * counter_chrdev_release(), so a mutex is not possible here because
> - * chrdev_lock will invariably be held when returning to user space
> - */
> - atomic_t chrdev_lock;
> struct mutex ops_exist_lock;
> };
>
> --
> 2.25.1
>
Attachment:
signature.asc
Description: PGP signature
