lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160418163918.GE29343@roeck-us.net>
Date:	Mon, 18 Apr 2016 09:39:18 -0700
From:	Guenter Roeck <linux@...ck-us.net>
To:	Oliver Neukum <oneukum@...e.com>
Cc:	Alexey Klimov <klimov.linux@...il.com>, yury.norov@...il.com,
	wim@...ana.be, linux-kernel@...r.kernel.org,
	linux-usb@...r.kernel.org, linux-watchdog@...r.kernel.org
Subject: Re: [PATCH v2] watchdog: add driver for StreamLabs USB watchdog
 device

On Mon, Apr 18, 2016 at 04:08:38PM +0200, Oliver Neukum wrote:
> On Mon, 2016-04-18 at 06:57 -0700, Guenter Roeck wrote:
> > On 04/18/2016 01:32 AM, Oliver Neukum wrote:
> > > On Mon, 2016-04-18 at 03:53 +0100, Alexey Klimov wrote:
> > >> This patch creates new driver that supports StreamLabs usb watchdog
> > >> device. This device plugs into 9-pin usb header and connects to
> > >> reset pin and reset button on common PC.
> > >>
> > >> USB commands used to communicate with device were reverse
> > >> engineered using usbmon.
> > >
> > > Almost. I see only one issue.
> > >
> > >> +struct streamlabs_wdt {
> > >> +	struct watchdog_device wdt_dev;
> > >> +	struct usb_interface *intf;
> > >> +
> > >> +	struct mutex lock;
> > >> +	u8 buffer[BUFFER_LENGTH];
> > >
> > > That is wrong.
> > >
> > >> +};
> > >> +
> > >
> > > [..]
> > >
> > >> +static int usb_streamlabs_wdt_command(struct watchdog_device *wdt_dev, u16 cmd)
> > >> +{
> > >> +	struct streamlabs_wdt *streamlabs_wdt = watchdog_get_drvdata(wdt_dev);
> > >> +	struct usb_device *usbdev;
> > >> +	int retval;
> > >> +	int size;
> > >> +	unsigned long timeout_msec;
> > >> +
> > >> +	int retry_counter = 10;		/* how many times to re-send stop cmd */
> > >> +
> > >> +	mutex_lock(&streamlabs_wdt->lock);
> > >> +
> > >> +	if (unlikely(!streamlabs_wdt->intf)) {
> > >> +		mutex_unlock(&streamlabs_wdt->lock);
> > >> +		return -ENODEV;
> > >> +	}
> > >> +
> > >> +	usbdev = interface_to_usbdev(streamlabs_wdt->intf);
> > >> +	timeout_msec = wdt_dev->timeout * MSEC_PER_SEC;
> > >> +
> > >> +	do {
> > >> +		usb_streamlabs_wdt_prepare_buf((u16 *) streamlabs_wdt->buffer,
> > >> +							cmd, timeout_msec);
> > >> +		/* send command to watchdog */
> > >> +		retval = usb_interrupt_msg(usbdev, usb_sndintpipe(usbdev, 0x02),
> > >> +				streamlabs_wdt->buffer, BUFFER_TRANSFER_LENGTH,
> > >
> > > Because of this line.
> > >
> > > The problem is subtle. Your buffer and your lock share a cacheline.
> > > On some architecture the cache is not consistent with respect to DMA.
> > > On them cachelines holding a buffer for DMA need to be flushed to RAM
> > > and invalidated and you may read from them only after DMA has finished.
> > >
> > > Thus you may have prepared a cacheline for DMA but somebody tries taking
> > > the lock. Then the cacheline with the lock is read from RAM. If that
> > > happens before you finish the DMA the data resulting from DMA is lost.
> > >
> > > The fix is to allocate the buffer with its own allocation. The VM
> > > subsystem makes sure separate allocation don't share cachelines.
> > >
> > 
> > Hi Oliver,
> > 
> > For my own education, would adding ____cacheline_aligned to the buffer variable
> > declaration solve the problem as well ?
> 
> Possibly. We have never gone that route. The obvious problems is that
> I am not sure our alignment is known before boot.
> 
Seems scary. I always thought that the alignment associated with
____cacheline_aligned would be the maximum possible for a given
build/architecture. If not, what is the value of having
____cacheline_aligned in the first place ?

Thanks,
Guenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ