| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 2 Apr 2016 23:20:14 +0000
From: "Sell, Timothy C" <Timothy.Sell@...sys.com>
To: Iban Rodriguez <iban.rodriguez@....com>,
"Kershner, David A" <David.Kershner@...sys.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Benjamin Romer <benjamin.romer@...sys.com>,
Neil Horman <nhorman@...hat.com>
CC: *S-Par-Maintainer <SParMaintainer@...sys.com>,
"devel@...verdev.osuosl.org" <devel@...verdev.osuosl.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: Staging: unisys/verisonic: Correct double unlock
> -----Original Message-----
> From: Iban Rodriguez [mailto:iban.rodriguez@....com]
> Sent: Saturday, April 02, 2016 1:47 PM
> To: Kershner, David A; Greg Kroah-Hartman; Benjamin Romer; Sell, Timothy
> C; Neil Horman
> Cc: *S-Par-Maintainer; devel@...verdev.osuosl.org; linux-
> kernel@...r.kernel.org; Iban Rodriguez
> Subject: Staging: unisys/verisonic: Correct double unlock
>
> 'priv_lock' is unlocked twice. The first one is removed and
> the function 'visornic_serverdown_complete' is now called with
> 'priv_lock' locked because 'devdata' is modified inside.
>
> Signed-off-by: Iban Rodriguez <iban.rodriguez@....com>
> ---
> drivers/staging/unisys/visornic/visornic_main.c | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/drivers/staging/unisys/visornic/visornic_main.c
> b/drivers/staging/unisys/visornic/visornic_main.c
> index be0d057346c3..af03f2938fe9 100644
> --- a/drivers/staging/unisys/visornic/visornic_main.c
> +++ b/drivers/staging/unisys/visornic/visornic_main.c
> @@ -368,7 +368,6 @@ visornic_serverdown(struct visornic_devdata
> *devdata,
> }
> devdata->server_change_state = true;
> devdata->server_down_complete_func = complete_func;
> - spin_unlock_irqrestore(&devdata->priv_lock, flags);
> visornic_serverdown_complete(devdata);
> } else if (devdata->server_change_state) {
> dev_dbg(&devdata->dev->device, "%s changing state\n",
I agree there is a bug here involving priv_lock being unlocked
twice, but this patch isn't the appropriate fix. Reason is, we can NOT
call visornic_serverdown_complete() while holding a spinlock
(which is what this patch would cause to occur) because
visornic_serverdown_complete() might block when it calls
rtnl_lock() in this code sequence (rtnl_lock() grabs a mutex):
rtnl_lock();
dev_close(netdev);
rtnl_unlock();
Blocking with a spinlock held is always a bad idea. :-(
> --
> 1.9.1
Powered by blists - more mailing lists