lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 30 Aug 2016 19:08:47 +0200
From:   Boris Brezillon <boris.brezillon@...e-electrons.com>
To:     Marcel Holtmann <marcel@...tmann.org>
Cc:     "Gustavo F. Padovan" <gustavo@...ovan.org>,
        Johan Hedberg <johan.hedberg@...il.com>,
        linux-bluetooth@...r.kernel.org, linux-kernel@...r.kernel.org,
        jason.abele@...il.com
Subject: Re: [PATCH 1/4] Bluetooth: hci_ldisc: fix a race in the hdev
 closing path

On Tue, 30 Aug 2016 09:53:59 -0700
Marcel Holtmann <marcel@...tmann.org> wrote:

> Hi Boris,
> 
> > hci_uart_tty_close() is cancelling any pending write work, but some
> > hci_uart_proto implementations might re-schedule this work after its
> > cancellation (by calling hci_uart_tx_wakeup()).
> > 
> > Make sure the write work is not re-scheduled in our back while we're
> > closing the device.
> > 
> > We also cancel any pending init work and prevent the active one (if
> > any) from registering the hdev if the line discipline is being closed.
> > 
> > Signed-off-by: Boris Brezillon <boris.brezillon@...e-electrons.com>
> > ---
> > drivers/bluetooth/hci_ldisc.c | 15 ++++++++++++++-
> > drivers/bluetooth/hci_uart.h  |  1 +
> > 2 files changed, 15 insertions(+), 1 deletion(-)
> > 
> > diff --git a/drivers/bluetooth/hci_ldisc.c b/drivers/bluetooth/hci_ldisc.c
> > index dda97398c59a..de7f7f1f995c 100644
> > --- a/drivers/bluetooth/hci_ldisc.c
> > +++ b/drivers/bluetooth/hci_ldisc.c
> > @@ -130,7 +130,9 @@ int hci_uart_tx_wakeup(struct hci_uart *hu)
> > 
> > 	BT_DBG("");
> > 
> > -	schedule_work(&hu->write_work);
> > +	/* Don't schedule the work if the device is being closed. */
> > +	if (!test_bit(HCI_UART_CLOSING, &hu->flags))
> > +		schedule_work(&hu->write_work);
> > 
> > 	return 0;
> > }
> > @@ -180,6 +182,11 @@ static void hci_uart_init_work(struct work_struct *work)
> > 	if (!test_and_clear_bit(HCI_UART_INIT_PENDING, &hu->hdev_flags))
> > 		return;
> > 
> > +	if (test_bit(HCI_UART_CLOSING, &hu->flags)) {
> > +		BT_DBG("HCI device is being closed, don't register it.");
> > +		return;
> > +	}
> > +
> > 	err = hci_register_dev(hu->hdev);
> > 	if (err < 0) {
> > 		BT_ERR("Can't register HCI device");
> > @@ -490,7 +497,13 @@ static void hci_uart_tty_close(struct tty_struct *tty)
> > 	if (hdev)
> > 		hci_uart_close(hdev);
> > 
> > +	/*
> > +	 * Set the closing bit to make sure nobody re-schedules the write work
> > +	 * in our back.
> > +	 */  
> 
> please use the network subsystem comment style here.

Sure, I'll comply to the net subsystem coding style in my v2.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ