| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20160810035133.GD25053@mtj.duckdns.org> Date: Tue, 9 Aug 2016 23:51:33 -0400 From: Tejun Heo <tj@...nel.org> To: Pavel Andrianov <andrianov@...ras.ru> Cc: linux-ide@...r.kernel.org, linux-kernel@...r.kernel.org, ldv-project@...uxtesting.org, Vaishali Thakkar <vaishali.thakkar@...cle.com> Subject: Re: Potential race condition in drivers/ata/sata_mv.ko Hello, On Fri, Aug 05, 2016 at 03:43:30PM +0300, Pavel Andrianov wrote: > In drivers/ata/sata_mv.ko function mv_set_main_irq_mask is called several > times. Twice with a spinlock, twice from init function and once without any > protection. The call without protection rises to several handlers from > ata_port_operations. The structure with the ata_port_operations is included > into a structure 'host' in mv_platform_probe and in mv_pci_init_one. At the > end of these functions ata_host operations are activated together with > interrupt handler. The conclusion is: interrupt handler may be executed in > parallel with handlers from ata_port_operations, or, more formally, it may > interrupt its execution. > > In mv_set_main_irq_mask and in interrupt handler mv_interrupt the interrupt > mask is modified, but, as I said, handlers from ata_port_operations do not > acquire any lock. Thus, the interrupt mask may be set incorrectly if the are > two conflicting modifications. It depends on which operations. Most are only called from EH context and racing there isn't likely to cause any actual issues. Care to submit a patch to fix the issue? Thanks. -- tejun
Powered by blists - more mailing lists