lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAD=jOEYzbemo=WBev97q36578h5VA7jYVAdewgf5vKycGP1y+g@mail.gmail.com>
Date:   Wed, 22 Jul 2020 03:00:49 +0530
From:   Madhuparna Bhowmik <madhuparnabhowmik10@...il.com>
To:     jirislaby@...il.com, arnd@...db.de
Cc:     andrianov <andrianov@...ras.ru>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Regarding bug in phantom.c

Hi,

This is regarding a race-condition related bug found in phantom.c by
the Linux Driver Verification Project.

dev->status is accessed in phantom_release with dev->open_lock and in
phantom_isr() using dev->regs_lock therefore there can be a race
between updating dev->status in phantom_release() and phantom_status()
and reading it's value in phantom_isr().
I don't think there is any particular lock protecting dev->status
(like open_lock and regs_lock are for dev->opened and dev->oregs) and
also not sure why exactly dev->status is updated in phantom_status()
and just after that updated again in phantom_release().
It will be great if you could look into this bug.

Thank you,
Madhuparna

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ