lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20220913094306.317734-2-namit@vmware.com>
Date:   Tue, 13 Sep 2022 02:43:04 -0700
From:   Nadav Amit <nadav.amit@...il.com>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     linux-kernel@...r.kernel.org,
        VMware PV-Drivers Reviewers <pv-drivers@...are.com>,
        Arnd Bergmann <arnd@...db.de>, Nadav Amit <namit@...are.com>
Subject: [PATCH 1/3] vmw_balloon: access reset_required through READ/WRITE_ONCE

From: Nadav Amit <namit@...are.com>

reset_required might be accessed concurrently, at least through debugfs.
While there is no apparent functional risk, avoid any potential race,
even if it is benign.

Use READ_ONCE() and WRITE_ONCE() when accessing reset_required.

Signed-off-by: Nadav Amit <namit@...are.com>
---
 drivers/misc/vmw_balloon.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/drivers/misc/vmw_balloon.c b/drivers/misc/vmw_balloon.c
index 61a2be712bf7..7fa91983c567 100644
--- a/drivers/misc/vmw_balloon.c
+++ b/drivers/misc/vmw_balloon.c
@@ -492,7 +492,7 @@ __vmballoon_cmd(struct vmballoon *b, unsigned long cmd, unsigned long arg1,
 
 	/* mark reset required accordingly */
 	if (status == VMW_BALLOON_ERROR_RESET)
-		b->reset_required = true;
+		WRITE_ONCE(b->reset_required, true);
 
 	return status;
 }
@@ -965,7 +965,7 @@ static int64_t vmballoon_change(struct vmballoon *b)
 	 * Otherwise we might get huge positives instead of negatives
 	 */
 
-	if (b->reset_required)
+	if (READ_ONCE(b->reset_required))
 		return 0;
 
 	/* consider a 2MB slack on deflate, unless the balloon is emptied */
@@ -1446,7 +1446,7 @@ static void vmballoon_reset(struct vmballoon *b)
 	}
 
 	vmballoon_stats_gen_inc(b, VMW_BALLOON_STAT_RESET);
-	b->reset_required = false;
+	WRITE_ONCE(b->reset_required, false);
 
 	error = vmballoon_vmci_init(b);
 	if (error)
@@ -1473,7 +1473,7 @@ static void vmballoon_work(struct work_struct *work)
 	struct vmballoon *b = container_of(dwork, struct vmballoon, dwork);
 	int64_t change = 0;
 
-	if (b->reset_required)
+	if (READ_ONCE(b->reset_required))
 		vmballoon_reset(b);
 
 	down_read(&b->conf_sem);
@@ -1666,7 +1666,7 @@ static int vmballoon_debug_show(struct seq_file *f, void *offset)
 		   VMW_BALLOON_CAPABILITIES);
 	seq_printf(f, "%-22s: %#16lx\n", "used capabilities", b->capabilities);
 	seq_printf(f, "%-22s: %16s\n", "is resetting",
-		   b->reset_required ? "y" : "n");
+		   READ_ONCE(b->reset_required) ? "y" : "n");
 
 	/* format size info */
 	seq_printf(f, "%-22s: %16lu\n", "target", READ_ONCE(b->target));
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ