tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

ASoC: SOF: ipc4-mtrace: protect per-core nodes against multiple open

Add protection against multiple open of the mtrace/coreN debugfs
nodes. This is not supported in the implementation, and this will
show up as unexpected behaviour of the interface, and potential
use of already freed memory.

Fixes: f4ea22f7aa75 ("ASoC: SOF: ipc4: Add support for mtrace log extraction")
Signed-off-by: Kai Vehmanen <kai.vehmanen@linux.intel.com>
Reviewed-by: Péter Ujfalusi <peter.ujfalusi@linux.intel.com>
Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Reviewed-by: Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
Link: https://lore.kernel.org/r/20221018121332.20802-1-peter.ujfalusi@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>

authored by

Kai Vehmanen and committed by
Mark Brown af6514f2 b4dd2e37

+18 -2
+18 -2
sound/soc/sof/ipc4-mtrace.c
··· 108 108 int id; 109 109 u32 slot_offset; 110 110 void *log_buffer; 111 + struct mutex buffer_lock; /* for log_buffer alloc/free */ 111 112 u32 host_read_ptr; 112 113 u32 dsp_write_ptr; 113 114 /* pos update IPC arrived before the slot offset is known, queried */ ··· 129 128 struct sof_mtrace_core_data *core_data = inode->i_private; 130 129 int ret; 131 130 131 + mutex_lock(&core_data->buffer_lock); 132 + 133 + if (core_data->log_buffer) { 134 + ret = -EBUSY; 135 + goto out; 136 + } 137 + 132 138 ret = debugfs_file_get(file->f_path.dentry); 133 139 if (unlikely(ret)) 134 - return ret; 140 + goto out; 135 141 136 142 core_data->log_buffer = kmalloc(SOF_MTRACE_SLOT_SIZE, GFP_KERNEL); 137 143 if (!core_data->log_buffer) { 138 144 debugfs_file_put(file->f_path.dentry); 139 - return -ENOMEM; 145 + ret = -ENOMEM; 146 + goto out; 140 147 } 141 148 142 149 ret = simple_open(inode, file); ··· 152 143 kfree(core_data->log_buffer); 153 144 debugfs_file_put(file->f_path.dentry); 154 145 } 146 + 147 + out: 148 + mutex_unlock(&core_data->buffer_lock); 155 149 156 150 return ret; 157 151 } ··· 292 280 293 281 debugfs_file_put(file->f_path.dentry); 294 282 283 + mutex_lock(&core_data->buffer_lock); 295 284 kfree(core_data->log_buffer); 285 + core_data->log_buffer = NULL; 286 + mutex_unlock(&core_data->buffer_lock); 296 287 297 288 return 0; 298 289 } ··· 578 563 struct sof_mtrace_core_data *core_data = &priv->cores[i]; 579 564 580 565 init_waitqueue_head(&core_data->trace_sleep); 566 + mutex_init(&core_data->buffer_lock); 581 567 core_data->sdev = sdev; 582 568 core_data->id = i; 583 569 }