lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 4 Aug 2011 22:46:06 +0200
From:	Sebastian Andrzej Siewior <bigeasy@...utronix.de>
To:	"Michael S. Tsirkin" <mst@...hat.com>
Cc:	Chris Wright <chrisw@...hat.com>,
	"Hans J. Koch" <hjk@...sjkoch.de>,
	Jesse Barnes <jbarnes@...tuousgeek.org>,
	Greg Kroah-Hartman <gregkh@...e.de>,
	Anthony Foiani <anthony.foiani@...il.com>,
	linux-kernel@...r.kernel.org
Subject: [PATCH] uio/gen-pci: don't enable interrupts in ISR

As reported by Anthony in a short way:

|irq 17 handler uio_interrupt+0x0/0x68 enabled interrupts
|NIP [c0069d84] handle_irq_event_percpu+0x260/0x26c

The problem here is that spin_unlock_irq() enables the interrupts which
is a no-no in interrupt context because they always run with interrupts
disabled. This is the case even if IRQF_DISABLED has not been specified
since v2.6.35. Therefore this patch uses simple spin_locks().

Looking at it further here is only one spot where the lock is hold. So
giving the fact that an ISR is not reentrant and is not executed on two
cpus at the same time why do we need a lock here?
The driver lacks of ->irqcontrol function so I guess the interrupt is
enabled via direct PCI-access in userland. So there is _no_ protection
against read-modify-write of user vs kernel so even that
pci_block_user_cfg_access() is kinda pointless.
pci_block_user_cfg_access() in open() + ->irqcontrol() should fix this.
Since changes the API of this driver I leave it up to the relevant users
what to do.

Cc: <stable@...nel.org> # .35 and later
Reported-and-Tested-by: Anthony Foiani <anthony.foiani@...il.com>
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@...utronix.de>
---
 drivers/uio/uio_pci_generic.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/uio/uio_pci_generic.c b/drivers/uio/uio_pci_generic.c
index fc22e1e..5c82681 100644
--- a/drivers/uio/uio_pci_generic.c
+++ b/drivers/uio/uio_pci_generic.c
@@ -57,7 +57,7 @@ static irqreturn_t irqhandler(int irq, struct uio_info *info)
 	BUILD_BUG_ON(PCI_COMMAND % 4);
 	BUILD_BUG_ON(PCI_COMMAND + 2 != PCI_STATUS);
 
-	spin_lock_irq(&gdev->lock);
+	spin_lock(&gdev->lock);
 	pci_block_user_cfg_access(pdev);
 
 	/* Read both command and status registers in a single 32-bit operation.
@@ -83,7 +83,7 @@ static irqreturn_t irqhandler(int irq, struct uio_info *info)
 done:
 
 	pci_unblock_user_cfg_access(pdev);
-	spin_unlock_irq(&gdev->lock);
+	spin_unlock(&gdev->lock);
 	return ret;
 }
 
-- 
1.7.4.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ