| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Feb 2022 12:07:48 +0100
From: Rolf Eike Beer <eb@...ix.com>
To: Manivannan Sadhasivam <mani@...nel.org>
Cc: Cristian Ciocaltea <cristian.ciocaltea@...il.com>,
Lee Jones <lee.jones@...aro.org>,
linux-actions@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: atc260x has broken locking
When looking at this functions I found the locking to be broken for the atomic
case (comments stripped):
static void regmap_lock_mutex(void *__mutex)
{
struct mutex *mutex = __mutex;
if (system_state > SYSTEM_RUNNING && irqs_disabled())
mutex_trylock(mutex);
else
mutex_lock(mutex);
}
static void regmap_unlock_mutex(void *__mutex)
{
struct mutex *mutex = __mutex;
mutex_unlock(mutex);
}
When the mutex is already locked and the atomic context is hit then the lock
will not be acquired, this is never noticed, and it afterwards is unlocked
anyway.
The comment says this is inspired from i2c_in_atomic_xfer_mode() to detect the
atomic case, but the important caller __i2c_lock_bus_helper() actually does
check and pass on the return value of mutex_trylock(), which is missing here.
Greetings,
Eike
--
Rolf Eike Beer, emlix GmbH, https://www.emlix.com
Fon +49 551 30664-0, Fax +49 551 30664-11
Gothaer Platz 3, 37083 Göttingen, Germany
Sitz der Gesellschaft: Göttingen, Amtsgericht Göttingen HR B 3160
Geschäftsführung: Heike Jordan, Dr. Uwe Kracke – Ust-IdNr.: DE 205 198 055
emlix - smart embedded open source
Download attachment "signature.asc" of type "application/pgp-signature" (314 bytes)
Powered by blists - more mailing lists