lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <PZJFNQ.QM2LFFEGRUXN3@crapouillou.net>
Date:   Sun, 24 Jan 2021 08:38:13 +0000
From:   Paul Cercueil <paul@...pouillou.net>
To:     Sergei Shtylyov <sergei.shtylyov@...il.com>
Cc:     Bin Liu <b-liu@...com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Tony Lindgren <tony@...mide.com>, od@...c.me,
        linux-mips@...r.kernel.org, linux-usb@...r.kernel.org,
        linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [RE-RESEND PATCH 1/4] usb: musb: Fix runtime PM race
 in
 musb_queue_resume_work

Hi Sergei,


Le sam. 23 janv. 2021 à 19:41, Sergei Shtylyov 
<sergei.shtylyov@...il.com> a écrit :
> On 1/23/21 5:24 PM, Paul Cercueil wrote:
> 
>>  musb_queue_resume_work() would call the provided callback if the 
>> runtime
>>  PM status was 'active'. Otherwise, it would enqueue the request if 
>> the
>>  hardware was still suspended (musb->is_runtime_suspended is true).
>> 
>>  This causes a race with the runtime PM handlers, as it is possible 
>> to be
>>  in the case where the runtime PM status is not yet 'active', but the
>>  hardware has been awaken (PM resume function has been called).
> 
>    Awakened. :-)

Oops. Hopefully Bin or Greg can fix it when merging (if I don't need to 
v2, that is to say - feedback welcome).

Cheers,
-Paul

>>  When hitting the race, the resume work was not enqueued, which 
>> probably
>>  triggered other bugs further down the stack. For instance, a telnet
>>  connection on Ingenic SoCs would result in a 50/50 chance of a
>>  segmentation fault somewhere in the musb code.
>> 
>>  Rework the code so that either we call the callback directly if
>>  (musb->is_runtime_suspended == 0), or enqueue the query otherwise.
>> 
>>  Fixes: ea2f35c01d5e ("usb: musb: Fix sleeping function called from 
>> invalid context for hdrc glue")
>>  Cc: stable@...r.kernel.org # v4.9+
>>  Signed-off-by: Paul Cercueil <paul@...pouillou.net>
>>  Reviewed-by: Tony Lindgren <tony@...mide.com>
>>  Tested-by: Tony Lindgren <tony@...mide.com>
> [...]
> 
> 
> MBR, Sergei

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ