lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <0C18FE92A7765D4EB9EE5D38D86A563A05C93F77@SHSMSX103.ccr.corp.intel.com>
Date:	Tue, 5 Jan 2016 04:09:47 +0000
From:	"Du, Changbin" <changbin.du@...el.com>
To:	Peter Chen <hzpeterchen@...il.com>
CC:	"balbi@...com" <balbi@...com>,
	"gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>,
	"viro@...iv.linux.org.uk" <viro@...iv.linux.org.uk>,
	"mina86@...a86.com" <mina86@...a86.com>,
	"r.baldyga@...sung.com" <r.baldyga@...sung.com>,
	"rui.silva@...aro.org" <rui.silva@...aro.org>,
	"k.opasiak@...sung.com" <k.opasiak@...sung.com>,
	"linux-usb@...r.kernel.org" <linux-usb@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH] usb: f_fs: avoid race condition with
 ffs_epfile_io_complete

> > To avoid this, just dequeue the request first. After usb_ep_dequeue, the
> > request must be done or canceled.
> >
> > With this change, we can ensure no race condition in f_fs driver. But
> > actually I found some of the udc driver has analogical issue in its
> > dequeue implementation. For example,
> > 1) the dequeue function hold the controller's lock.
> > 2) before driver request controller  to stop transfer, a request
> >    completed.
> > 3) the controller trigger a interrupt, but its irq handler need wait
> >    dequeue function to release the lock.
> > 4) dequeue function give back the request with negative status, and
> >    release lock.
> > 5) irq handler get lock but the request has already been given back.
> >
> 
> get unlock?
> 
> During the interrupt handler, it should only handle the "data complete"
> interrupt on queued request; if the "data complete" interrupt occurs, but
> it belongs to nobody, it will handle noop.
> 
> 
> Best Regards,
> Peter Chen

You are right, but the problem is the request->status is wrong. If the data
send out but report caller as -EINTR, it will introduce duplicate-send
issue.

Regards,
Du, Changbin
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ