lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <8825f20c-7e58-c44e-fa7a-bca811add5a1@collabora.com>
Date:   Fri, 23 Apr 2021 12:48:01 +0200
From:   Enric Balletbo i Serra <enric.balletbo@...labora.com>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        linux-kernel@...r.kernel.org
Cc:     Qiushi Wu <wu000273@....edu>, Mathew King <mathewk@...omium.org>,
        Benson Leung <bleung@...omium.org>,
        Rushikesh S Kadam <rushikesh.s.kadam@...el.com>
Subject: Re: [PATCH 025/190] Revert "platform/chrome: cros_ec_ishtp: Fix a
 double-unlock issue"

Hi Greg,

Many thanks for the patchset and notice us to take attention about these patches.

On 21/4/21 14:58, Greg Kroah-Hartman wrote:
> This reverts commit aaa3cbbac326c95308e315f1ab964a3369c4d07d.
> 
> Commits from @umn.edu addresses have been found to be submitted in "bad
> faith" to try to test the kernel community's ability to review "known
> malicious" changes.  The result of these submissions can be found in a
> paper published at the 42nd IEEE Symposium on Security and Privacy
> entitled, "Open Source Insecurity: Stealthily Introducing
> Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
> of Minnesota) and Kangjie Lu (University of Minnesota).
> 
> Because of this, all submissions from this group must be reverted from
> the kernel tree and will need to be re-reviewed again to determine if
> they actually are a valid fix.  Until that work is complete, remove this
> change to ensure that no problems are being introduced into the
> codebase.
> 
> Cc: Qiushi Wu <wu000273@....edu>
> Cc: Mathew King <mathewk@...omium.org>
> Cc: Enric Balletbo i Serra <enric.balletbo@...labora.com>
> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>

I've reviewed the patch again (also double checked with people involved in this
driver) and I don't spot an obvious issue with the original patch. Without it,
on error path, the read-write sempahore used, will be released without having
held it before.

So it's IMO a valid fix that would have to be done the same way after
revert.

Please don't revert it.

Thanks,
 Enric


> ---
>  drivers/platform/chrome/cros_ec_ishtp.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
> 
> diff --git a/drivers/platform/chrome/cros_ec_ishtp.c b/drivers/platform/chrome/cros_ec_ishtp.c
> index f00107017318..d4f41d68232c 100644
> --- a/drivers/platform/chrome/cros_ec_ishtp.c
> +++ b/drivers/platform/chrome/cros_ec_ishtp.c
> @@ -677,10 +677,8 @@ static int cros_ec_ishtp_probe(struct ishtp_cl_device *cl_device)
>  
>  	/* Register croc_ec_dev mfd */
>  	rv = cros_ec_dev_init(client_data);
> -	if (rv) {
> -		down_write(&init_lock);
> +	if (rv)
>  		goto end_cros_ec_dev_init_error;
> -	}
>  
>  	return 0;
>  
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ