lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 18 Jun 2018 11:17:44 -0700
From:   Tony Lindgren <tony@...mide.com>
To:     "H. Nikolaus Schaller" <hns@...delico.com>
Cc:     Christ van Willegen <cvwillegen@...il.com>,
        Linus Walleij <linus.walleij@...aro.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        "open list:GPIO SUBSYSTEM" <linux-gpio@...r.kernel.org>,
        Andy Shevchenko <andy.shevchenko@...il.com>,
        kernel@...a-handheld.com,
        Discussions about the Letux Kernel 
        <letux-kernel@...nphoenux.org>
Subject: Re: [Letux-kernel] BUG: drivers/pinctrl/core: races in
 pinctrl_groups and deferred probing

* H. Nikolaus Schaller <hns@...delico.com> [180618 16:46]:

> 
> I can also demonstrate that the duplication has gone:

OK good to hear.

> And I was no longer able to reproduce the strcmp(NULL) issue. So it is either better hidden
> or gone.

It should not be possible with checks preventing registering
a group or function with no name. I'll try to repost the whole
series tomorrow with that added.

> So code just needs group cleanup on failed probing and fixing the mutex around pinctrl_generic_add_group().
> 
> I think we need the mutex because a race still can happen when create_pinctrl() is calling pcs_dt_node_to_map()
> and pinctrl_generic_add_group() w/o being locked on pinctrl_maps_mutex.
> 
> The race I suspect is that two drivers are trying to insert the same name and may come
> both to the conclusion that it does not yet exist. And both insert into the radix tree.
> 
> The window of risk is small though... It is in pinctrl_generic_add_group() between calling
> pinctrl_generic_group_name_to_selector() and radix_tree_insert() so we probably won't
> see it in real hardware tests.

Hmm but that race should be already fixed with mutex held
by the pin controller drivers with these fixes? Or am I
missing something still?

Regards,

Tony

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ