| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 26 Jul 2016 23:54:01 +0300
From: "ivan.khoronzhuk" <ivan.khoronzhuk@...aro.org>
To: Grygorii Strashko <grygorii.strashko@...com>,
Ivan Khoronzhuk <ivan.khoronzhuk@...aro.org>,
"David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org,
Mugunthan V N <mugunthanvnm@...com>
Cc: Sekhar Nori <nsekhar@...com>, linux-kernel@...r.kernel.org,
linux-omap@...r.kernel.org
Subject: Re: [PATCH 1/3] net: ethernet: ti: cpdma: fix lockup in
cpdma_ctlr_destroy()
On 26.07.16 19:02, Grygorii Strashko wrote:
> On 07/23/2016 09:24 AM, Ivan Khoronzhuk wrote:
>>
>>
>> On 22.07.16 16:58, Grygorii Strashko wrote:
>>> Fix deadlock in cpdma_ctlr_destroy() which is triggered now on
>>> cpsw module removal:
>>> cpsw_remove()
>>> - cpdma_ctlr_destroy()
>>> - spin_lock_irqsave(&ctlr->lock, flags)
>>> - cpdma_ctlr_stop()
>>> - spin_lock_irqsave(&ctlr->lock, flags); <- deadlock
>>> - cpdma_chan_destroy()
>>> - spin_lock_irqsave(&ctlr->lock, flags); <- deadlock
>>>
>>> The issue has not been observed before because CPDMA channels have
>>> been destroyed manually by CPSW until commit d941ebe88a41 ("net:
>>> ethernet: ti: cpsw: use destroy ctlr to destroy channels") was merged.
>>>
>>> Signed-off-by: Grygorii Strashko <grygorii.strashko@...com>
>>> ---
>>> drivers/net/ethernet/ti/davinci_cpdma.c | 2 --
>>> 1 file changed, 2 deletions(-)
>>>
>>> diff --git a/drivers/net/ethernet/ti/davinci_cpdma.c
>>> b/drivers/net/ethernet/ti/davinci_cpdma.c
>>> index a68652a..89242e9 100644
>>> --- a/drivers/net/ethernet/ti/davinci_cpdma.c
>>> +++ b/drivers/net/ethernet/ti/davinci_cpdma.c
>>> @@ -436,7 +436,6 @@ int cpdma_ctlr_destroy(struct cpdma_ctlr *ctlr)
>>> if (!ctlr)
>>> return -EINVAL;
>>>
>>> - spin_lock_irqsave(&ctlr->lock, flags);
>> Should ctlr->state be checked under lock?
>> Seems like here should be used unlocked static versions of
>> cpdma_ctlr_stop() and cpdma_chan_destroy() instead.
>
> As per my understanding it's not expected the ctlr->state will be changed at this
> moment as all net devices has been unregistered already.
Seems yes, the race can be only in case of incorrect usage, stop while destroy,
destroy while start...etc..all they are mostly unreal use-cases, you are right,
but such check w/o lock always under eyes control, that always makes you think
that smth wrong.
>
>>
>>> if (ctlr->state != CPDMA_STATE_IDLE)
>
> May be I can move above check in cpdma_ctlr_stop() instead.
> What do you think?
Yes, it be more clear.
I was thinking about lock deletion also, as under this destroy function the
ctlr destroys it's resources one by one, ok, the channels are destroyed under lock,
but pool ....(it's good that it's destroyed after channels). I see that it should never
happen, but ctrl is external structure, who knows as it can be used while destroying.
That was my paranoiac point, so don't pay a lot attention to it. In case of normal usage,
as it's currently is and should be, the lock can be removed.
>
>>> cpdma_ctlr_stop(ctlr);
>>>
>>> @@ -444,7 +443,6 @@ int cpdma_ctlr_destroy(struct cpdma_ctlr *ctlr)
>>> cpdma_chan_destroy(ctlr->channels[i]);
>>>
>>> cpdma_desc_pool_destroy(ctlr->pool);
>>> - spin_unlock_irqrestore(&ctlr->lock, flags);
>>> return ret;
>>> }
>>> EXPORT_SYMBOL_GPL(cpdma_ctlr_destroy);
>>>
>>
>
>
Powered by blists - more mailing lists