lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080622172826.GA7487@joi>
Date:	Sun, 22 Jun 2008 19:33:37 +0200
From:	Marcin Slusarz <marcin.slusarz@...il.com>
To:	Arjan van de Ven <arjan@...radead.org>
Cc:	mchehab@...radead.org, linux-kernel@...r.kernel.org,
	Al Viro <viro@....linux.org.uk>
Subject: Re: [PATCH] Fix open/close race in saa7134

On Sun, Jun 22, 2008 at 10:05:07AM -0700, Arjan van de Ven wrote:
> 
> From: Arjan van de Ven <arjan@...ux.intel.com>
> Date: Sun, 22 Jun 2008 10:03:02 -0700
> Subject: [PATCH] Fix open/close race in saa7134
> 
> The saa7134 driver uses a (non-atomic) variable in an attempt to
> only allow one opener of the device (how it deals with sending
> the fd over unix sockets I don't know).
> 
> Unfortunately, the release function first decrements this variable,
> and THEN goes on to disable more of the device. This allows for
> a race where another opener of the device comes in after the decrement of
> the variable, configures the hardware just to then see the hardware
> be disabled by the rest of the release function.

Simplier fix:
http://lkml.org/lkml/2008/6/9/308
But I don't remember whether it was applied or not...

> 
> This patch makes the release function use the same lock as the open
> function to protect the hardware as well as the variable (which now
> at least has some locking to protect it).
> 
> Signed-off-by: Arjan van de Ven <arjan@...ux.intel.com>
> ---
>  drivers/media/video/saa7134/saa7134-empress.c |    4 ++++
>  1 files changed, 4 insertions(+), 0 deletions(-)
> 
> diff --git a/drivers/media/video/saa7134/saa7134-empress.c b/drivers/media/video/saa7134/saa7134-empress.c
> index 81431ee..9108843 100644
> --- a/drivers/media/video/saa7134/saa7134-empress.c
> +++ b/drivers/media/video/saa7134/saa7134-empress.c
> @@ -110,6 +110,8 @@ static int ts_release(struct inode *inode, struct file *file)
>  {
>  	struct saa7134_dev *dev = file->private_data;
>  
> +	mutex_lock(&dev->empress_tsq.vb_lock);
> +
>  	videobuf_stop(&dev->empress_tsq);
>  	videobuf_mmap_free(&dev->empress_tsq);
>  	dev->empress_users--;
> @@ -121,6 +123,8 @@ static int ts_release(struct inode *inode, struct file *file)
>  	saa_writeb(SAA7134_AUDIO_MUTE_CTRL,
>  		saa_readb(SAA7134_AUDIO_MUTE_CTRL) | (1 << 6));
>  
> +	mutex_unlock(&dev->empress_tsq.vb_lock);
> +
>  	return 0;
>  }
>  
> -- 
> 1.5.5.1

PS: I can't access 2.6.25 oopses anymore (timeout). Can you fix it?
http://kerneloops.org/version.php?start=1671168&end=1703935&version=25-release&count=4509

Marcin

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ