lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <c4546b3420864d0d8be7e4b8e36d1875@BY2PR0301MB0711.namprd03.prod.outlook.com>
Date:	Tue, 4 Nov 2014 16:50:42 +0000
From:	KY Srinivasan <kys@...rosoft.com>
To:	Vitaly Kuznetsov <vkuznets@...hat.com>,
	Haiyang Zhang <haiyangz@...rosoft.com>
CC:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	"devel@...uxdriverproject.org" <devel@...uxdriverproject.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH] Drivers: hv: vmbus: Fix a race condition when
 unregistering a device



> -----Original Message-----
> From: Vitaly Kuznetsov [mailto:vkuznets@...hat.com]
> Sent: Tuesday, November 4, 2014 4:40 AM
> To: KY Srinivasan; Haiyang Zhang
> Cc: Greg Kroah-Hartman; devel@...uxdriverproject.org; linux-
> kernel@...r.kernel.org
> Subject: [PATCH] Drivers: hv: vmbus: Fix a race condition when unregistering
> a device
> 
> When build with Debug the following crash is sometimes observed:
> Call Trace:
>  [<ffffffff812b9600>] string+0x40/0x100
>  [<ffffffff812bb038>] vsnprintf+0x218/0x5e0  [<ffffffff810baf7d>] ?
> trace_hardirqs_off+0xd/0x10  [<ffffffff812bb4c1>] vscnprintf+0x11/0x30
> [<ffffffff8107a2f0>] vprintk+0xd0/0x5c0  [<ffffffffa0051ea0>] ?
> vmbus_process_rescind_offer+0x0/0x110 [hv_vmbus]  [<ffffffff8155c71c>]
> printk+0x41/0x45  [<ffffffffa004ebac>] vmbus_device_unregister+0x2c/0x40
> [hv_vmbus]  [<ffffffffa0051ecb>]
> vmbus_process_rescind_offer+0x2b/0x110 [hv_vmbus] ...
> 
> This happens due to the following race: between 'if (channel->device_obj)'
> check in vmbus_process_rescind_offer() and pr_debug() in
> vmbus_device_unregister() the device can disappear. Fix the issue by taking
> an additional reference to the device before proceeding to
> vmbus_device_unregister().
> 
Thank you.
> Signed-off-by: Vitaly Kuznetsov <vkuznets@...hat.com>
Signed-off-by: K. Y. Srinivasan <kys@...rosoft.com>
Cc: <stable@...r.kernel.org>
> ---
>  drivers/hv/channel_mgmt.c | 11 +++++++++--
>  1 file changed, 9 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/hv/channel_mgmt.c b/drivers/hv/channel_mgmt.c index
> a2d1a96..d36ce68 100644
> --- a/drivers/hv/channel_mgmt.c
> +++ b/drivers/hv/channel_mgmt.c
> @@ -216,9 +216,16 @@ static void vmbus_process_rescind_offer(struct
> work_struct *work)
>  	unsigned long flags;
>  	struct vmbus_channel *primary_channel;
>  	struct vmbus_channel_relid_released msg;
> +	struct device *dev;
> +
> +	if (channel->device_obj) {
> +		dev = get_device(&channel->device_obj->device);
> +		if (dev) {
> +			vmbus_device_unregister(channel->device_obj);
> +			put_device(dev);
> +		}
> +	}
> 
> -	if (channel->device_obj)
> -		vmbus_device_unregister(channel->device_obj);
>  	memset(&msg, 0, sizeof(struct vmbus_channel_relid_released));
>  	msg.child_relid = channel->offermsg.child_relid;
>  	msg.header.msgtype = CHANNELMSG_RELID_RELEASED;
> --
> 1.9.3

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ