lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 19 Aug 2016 11:54:31 +0530
From:   Vaishali Thakkar <vaishali.thakkar@...cle.com>
To:     Clemens Ladisch <clemens@...isch.de>,
        Jaroslav Kysela <perex@...ex.cz>,
        Takashi Iwai <tiwai@...e.com>,
        Takashi Sakamoto <o-takashi@...amocchi.jp>,
        alsa-devel@...a-project.org, linux-kernel@...r.kernel.org,
        Julia Lawall <julia.lawall@...6.fr>
Subject: Use of copy_to_user in fireworks_hwdep.c while holding a spin_lock


Hello,

I was wondering about the call to copy_to_user in function hwdep_read_locked and
hwdep_read_resp_buf for driver sound/firewire/fireworks/fireworks_hwdep.c. 
The function hwdep_read calls both of these functions while holding a spinlock[1],
which is not normally allowed due to the possibility of a deadlock.

This seems to be coming from the commit 555e8a8f7f149544eb7d4aa3a6420bc4c3055638
while adding a command/response functionality into hwdep interface. Is there some
reason that I am overlooking, why it is OK in this case? Is there some code in the
same file which ensures that page fault will not occur when we are calling these
functions while holding a spin_lock_irq?

The same issue is there with the driver sound/firewire/tascam/tascam-hwdep.c for
obvious reasons.

Coccinelle script is used to detect this issue.

Thank you.

[1] http://lxr.free-electrons.com/source/sound/firewire/fireworks/fireworks_hwdep.c#L114

-- 
Vaishali

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ