lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 18 Sep 2020 19:34:10 -0700
From:   bbhatt@...eaurora.org
To:     Shuah Khan <skhan@...uxfoundation.org>
Cc:     manivannan.sadhasivam@...aro.org, hemantk@...eaurora.org,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        jhugo@...eaurora.org, sdias@...eaurora.org,
        linux-arm-msm@...r.kernel.org,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: bus/mhi/core: Double lock in mhi_device_put() and dev_wake
 inc/dec

On 2020-09-17 16:16, Shuah Khan wrote:
> While looking at this file for an unrelated issue, I happen to notice
> there is a double locking on mhi_cntrl->pm_lock in the mhi_device_put()
> when it gets called from mhi_driver_remove()
> 
> The other two calls from mhi_driver_probe() don't hold the pm_lock.
> 
> In addition, lock holding while dev_wake updates is inconsistent.
> 
> dev_wake gets incremented and decremented without holding pm_lock in
> mhi_device_get(), mhi_device_get_sync() and mhi_device_put().
> 
> Exception are when mhi_device_put() is called from mhi_driver_remove().
> 
> The following commit is where all this code is added.
> 
> bus: mhi: core: Add support for data transfer
> https://github.com/torvalds/linux/commit/189ff97cca53e3fe2d8b38d64105040ce17fc62d
> 
> It appears to be real problem. I don't have a way to test this driver,
> hence reaching out to let you know about my findings.
> 
> thanks,
> -- Shuah
Thank you for inputs.

Hemant and I discussed this and we agree that there are inconsistencies 
we need to fix.

We will be uploading a patch to remove the read_lock_bh/read_unlock_bh 
calls from the
mhi_driver_remove().

Thanks,
Bhaumik
'The Qualcomm Innovation Center, Inc. is a member of the Code Aurora 
Forum, a Linux Foundation Collaborative Project'

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ