linux/drivers/staging
Yisheng Xie 740a5759bf staging: android: ashmem: Fix possible deadlock in ashmem_ioctl
ashmem_mutex may create a chain of dependencies like:

CPU0                                    CPU1
 mmap syscall                           ioctl syscall
 -> mmap_sem (acquired)                 -> ashmem_ioctl
 -> ashmem_mmap                            -> ashmem_mutex (acquired)
    -> ashmem_mutex (try to acquire)       -> copy_from_user
                                              -> mmap_sem (try to acquire)

There is a lock odering problem between mmap_sem and ashmem_mutex causing
a lockdep splat[1] during a syzcaller test. This patch fixes the problem
by move copy_from_user out of ashmem_mutex.

[1] https://www.spinics.net/lists/kernel/msg2733200.html

Fixes: ce8a3a9e76 (staging: android: ashmem: Fix a race condition in pin ioctls)
Reported-by: syzbot+d7a918a7a8e1c952bc36@syzkaller.appspotmail.com
Signed-off-by: Yisheng Xie <xieyisheng1@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-03-06 07:21:10 -08:00
..
android staging: android: ashmem: Fix possible deadlock in ashmem_ioctl 2018-03-06 07:21:10 -08:00
board License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ccree staging: ccree: Fix missing blank line after declaration 2018-01-25 13:11:33 +01:00
clocking-wizard staging: clocking-wizard: remove redundant license text 2018-01-15 16:03:45 +01:00
comedi staging: comedi: fix comedi_nsamples_left. 2018-03-06 07:21:10 -08:00
dgnc staging: dgnc: drop unused neo_uart_struct 2018-01-17 15:02:56 +01:00
emxx_udc staging: emxx_udc: remove redundant license text 2018-01-15 16:03:46 +01:00
fbtft staging: fbtft: remove unused FB_TFT_SSD1325 kconfig 2018-01-25 13:10:39 +01:00
fsl-dpaa2 staging: fsl-dpaa2/eth: Use affine DPIO services 2018-01-08 16:47:23 +01:00
fsl-mc Staging/IIO fixes for 4.16-rc2 2018-02-22 12:05:43 -08:00
fwserial vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
gdm724x Staging/IIO patches for 4.15-rc1 2017-11-13 20:53:28 -08:00
goldfish staging: goldfish: (Coding Style) Fixed parenthesis alignment. 2017-08-31 18:21:37 +02:00
greybus vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
gs_fpgaboot Staging: gs_fpgaboot: remove FSF's mailing address from io.h 2018-01-08 16:47:23 +01:00
iio staging: iio: ad5933: switch buffer mode to software 2018-01-28 08:24:20 +00:00
ipx Staging/IIO patches for 4.16-rc1 2018-02-01 09:51:57 -08:00
irda vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
ks7010 Staging: ks7010: ks_wlan_net: Fixing coding style warning 2017-12-19 15:23:18 +01:00
lustre Staging/IIO patches for 4.16-rc1 2018-02-01 09:51:57 -08:00
media vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
most vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
mt29f_spinand mtd: nand: force drivers to explicitly send READ/PROG commands 2017-12-14 13:34:17 +01:00
ncpfs Staging/IIO patches for 4.16-rc1 2018-02-01 09:51:57 -08:00
netlogic staging: net: netlogic: Fix alignment issue 2017-10-18 16:17:14 +02:00
nvec staging: nvec: remove redundant license text 2018-01-15 16:03:45 +01:00
octeon staging: octeon: remove redundant license text 2018-01-15 16:03:45 +01:00
octeon-usb staging: octeon-usb: use __delay() instead of cvmx_wait() 2017-11-28 14:36:46 +01:00
olpc_dcon staging: olpc_dcon: Line up parentheses in func calls and defs 2017-12-06 10:00:30 +01:00
pi433 staging: pi433: Cleanup codestyle, indent statements after case labels 2018-01-10 19:29:34 +01:00
rtl8188eu staging: rtl8188eu: remove redundant initialization of 'pwrcfgcmd' 2018-01-25 13:11:33 +01:00
rtl8192e Staging: rtl8192e: kconfig: Remove blank help text 2018-02-02 23:53:10 +09:00
rtl8192u Staging: rtl8192u: kconfig: Remove blank help text 2018-02-02 23:53:10 +09:00
rtl8712 staging: rtl8712: remove redundant initialization to 'rfPath' 2018-01-22 11:48:05 +01:00
rtl8723bs staging: rtl8723bs: remove a couple of redundant initializations 2018-01-26 15:08:43 +01:00
rtlwifi Kconfig updates for v4.16 2018-02-01 11:45:49 -08:00
rts5208 staging: rts5208: Fix "seg_no" calculation in reset_ms_card() 2018-01-22 15:21:09 +01:00
skein License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sm750fb staging: sm750fb: fix CamelCase for dispSet var 2018-01-23 11:42:03 +01:00
speakup vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
typec staging: typec: remove redundant license text 2018-01-15 16:03:44 +01:00
unisys drivers: visorbus: move driver out of staging 2017-12-08 16:37:50 +01:00
vboxvideo drm/graphics pull request for v4.16-rc1 2018-02-01 17:48:47 -08:00
vc04_services staging: vc04_services: bcm2835-camera: remove redundant license text 2018-01-15 16:03:44 +01:00
vme Staging/IIO patches for 4.16-rc1 2018-02-01 09:51:57 -08:00
vt6655 staging: vt6655: Use GFP_KERNEL in kzalloc 2017-12-19 15:16:50 +01:00
vt6656 Staging: vt6656: Fix unnecessary 'out of memory' message 2018-01-08 16:45:45 +01:00
wilc1000 staging: wilc1000: fix alignments to match open parenthesis 2018-01-23 11:47:29 +01:00
wlan-ng Staging: wlan-ng: hfa384x_usb: fixed two line limit coding style issues 2018-01-08 16:41:36 +01:00
xgifb staging: xgifb: vb_setmode: brace style fixes 2018-01-16 09:41:19 +01:00
Kconfig ncpfs: move net/ncpfs to drivers/staging/ncpfs 2017-11-28 13:55:01 +01:00
Makefile ncpfs: move net/ncpfs to drivers/staging/ncpfs 2017-11-28 13:55:01 +01:00