lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <20081202163055.e80e0b81.akpm@linux-foundation.org>
Date:	Tue, 2 Dec 2008 16:30:55 -0800
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	Michael Buesch <mb@...sch.de>
Cc:	philb@....org, carsten@....wohnheim.uni-ulm.de, renau@....org,
	tim@...erelk.demon.co.uk, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] IEEE1284: Use del_timer_sync in parport_wait_event

On Sun, 30 Nov 2008 21:20:49 +0100
Michael Buesch <mb@...sch.de> wrote:

> Use del_timer_sync() instead of del_timer() to make sure
> the timer won't be running when we return from parport_wait_event(),
> because this would crash due to destruction of timer_list.
> 
> Signed-off-by: Michael Buesch <mb@...sch.de>
> 
> ---
> 
> This is completely untested and just based on a code review.
> Just think about the following sequence of events:
> add_timer.
> down_interruptible is interrupted by a signal.
> We enter the timer callback handler on another CPU.
> del_timer, but the timer callback is still running.
> Return from parport_wait_even, which destroys the automatic variable "timer"
> while the callback is running on another CPU.
> 

Yes, I agree.

> ===================================================================
> --- linux-2.6.orig/drivers/parport/ieee1284.c	2008-10-24 21:08:12.000000000 +0200
> +++ linux-2.6/drivers/parport/ieee1284.c	2008-11-30 21:09:25.000000000 +0100
> @@ -84,7 +84,7 @@ int parport_wait_event (struct parport *
>  
>  	add_timer (&timer);
>  	ret = down_interruptible (&port->physport->ieee1284.irq);
> -	if (!del_timer (&timer) && !ret)
> +	if (!del_timer_sync (&timer) && !ret)
>  		/* Timed out. */
>  		ret = 1;

Please fix checkpatch errors when altering code.  This function is
already a mismash of correct and incorrect styles - we might as well
increase the correctness density.

What we really want in this function is down_interruptible_timeout(). 
afaict we have all the infrastructure in place to implement that, but
nobody has typed

static noinline int __sched
__down_interruptible_timeout(struct semaphore *sem, long jiffies)
{
	return __down_common(sem, TASK_INTERRUPTIBLE, jiffies);
}

and then tested it.

Or convert the whole thing to mutexes and write
mutex_lock_interruptible_timeout() :)

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ