lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <fa762133-a4d2-93ea-4ce9-24efbc067595@ispras.ru>
Date:   Tue, 15 Aug 2017 17:11:57 +0300
From:   Anton Volkov <avolkov@...ras.ru>
To:     samuel@...tiz.org, sda@...t.de
Cc:     netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
        ldv-project@...uxtesting.org,
        Alexey Khoroshilov <khoroshilov@...ras.ru>
Subject: Possible race in via-ircc.ko

Hello.

While searching for races in the Linux kernel I've come across 
"drivers/net/irda/via-ircc.ko" module. Here are questions that I came up 
with while analyzing results. Lines are given using the info from Linux 
v4.12.

Consider the following case:

Thread 1:                Thread 2:
via_ircc_net_open
   request_irq
   <turn on interrupts>
                          via_ircc_interrupt
-> via_ircc_dma_receive  -> RxTimerHandler
    (via-ircc.c: line 1488)  (via-ircc.c: line 1315)
      self->... = ...          ... = self->...

In the via_ircc_dma_receive a lot of fields of 'self' structure are 
initialized and via_ircc_interrupt with RxTimerHandler use those fields. 
If no initialization happened interrupt handler and other functions that 
it calls may work with incorrect data. I'm not sure how bad this case 
can be and thus here are my questions. Is this situation feasible from 
your point of view? If it is feasible, is it a benign race or something 
serious?

Thank you for your time.

-- Anton Volkov
Linux Verification Center, ISPRAS
web: http://linuxtesting.org
e-mail: avolkov@...ras.ru

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ