lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20200330115243.11107-1-madhuparnabhowmik10@gmail.com>
Date:   Mon, 30 Mar 2020 17:22:43 +0530
From:   madhuparnabhowmik10@...il.com
To:     gregkh@...uxfoundation.org, hariprasad.kelam@...il.com,
        colin.king@...onical.com, tony.olech@...ndigitalsystems.com
Cc:     linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org,
        andrianov@...ras.ru
Subject: Possible data-race related bug in u132_hcd module.

Hi,

This bug is found by  Linux Driver Verification project (linuxtesting.org).

The bug is related to the parallel execution of u132_probe() function and u132_hcd_exit() function in u132_hcd.c. In case the module is unloaded when the probe function is executing there can be data race as the mutex lock u132_module_lock is not used properly. 

i) Usage of mutex lock only when writing into the u132_exiting variable in u132_hcd_exit(). The lock is not used when this variable is read in u132_probe().

Moreover, this variable does not serve its purpose, as even if locking is used while the u132_exiting variable is read in probe(), the function may still miss that exit function is executing if it acquires the mutex before exit() function does.

How to fix this?

ii) Usage of mutex while adding entries in u132_static_list in probe function but not in exit function while unregistering.
This should be easy to fix by holding the mutex in the exit function as well.

There can be other synchronization problems related to the usage of u132_module_lock in this module, I have only spotted these so far.

Please let me know if this bug report is helpful and I can send a patch fixing it.

Thank you,
Madhuparna

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ