lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20200826144459.8245-1-madhuparnabhowmik10@gmail.com>
Date:   Wed, 26 Aug 2020 20:14:59 +0530
From:   madhuparnabhowmik10@...il.com
To:     jacmet@...site.dk, gregkh@...uxfoundation.org
Cc:     linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org,
        ldv-project@...uxtesting.org, andrianov@...ras.ru,
        Madhuparna Bhowmik <madhuparnabhowmik10@...il.com>
Subject: [PATCH] usb/c67x00/c67x00-drv: Fix Data Race bug

From: Madhuparna Bhowmik <madhuparnabhowmik10@...il.com>

Currently in c67x00_drv_probe() IRQ is requested before calling
c67x00_probe_sie() and hence if interrupt happens the reading of certain
variables in the handler can race with initialization of the variables,
for e.g. sie->sie_num is written in c67x00_probe_sie() and read in
 c67x00_hcd_irq().
Hence, this patch calls c67x00_probe_sie() before requesting IRQ in
probe.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Madhuparna Bhowmik <madhuparnabhowmik10@...il.com>
---
 drivers/usb/c67x00/c67x00-drv.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/usb/c67x00/c67x00-drv.c b/drivers/usb/c67x00/c67x00-drv.c
index 53838e7d4eef..2e816d5ca0eb 100644
--- a/drivers/usb/c67x00/c67x00-drv.c
+++ b/drivers/usb/c67x00/c67x00-drv.c
@@ -146,6 +146,9 @@ static int c67x00_drv_probe(struct platform_device *pdev)
 	c67x00_ll_init(c67x00);
 	c67x00_ll_hpi_reg_init(c67x00);
 
+	for (i = 0; i < C67X00_SIES; i++)
+		c67x00_probe_sie(&c67x00->sie[i], c67x00, i);
+
 	ret = request_irq(res2->start, c67x00_irq, 0, pdev->name, c67x00);
 	if (ret) {
 		dev_err(&pdev->dev, "Cannot claim IRQ\n");
@@ -158,9 +161,6 @@ static int c67x00_drv_probe(struct platform_device *pdev)
 		goto reset_failed;
 	}
 
-	for (i = 0; i < C67X00_SIES; i++)
-		c67x00_probe_sie(&c67x00->sie[i], c67x00, i);
-
 	platform_set_drvdata(pdev, c67x00);
 
 	return 0;
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ