lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20221028173417.GG13880@thinkpad>
Date:   Fri, 28 Oct 2022 23:04:17 +0530
From:   Manivannan Sadhasivam <mani@...nel.org>
To:     Qiang Yu <quic_qianyu@...cinc.com>
Cc:     loic.poulain@...aro.org, mhi@...ts.linux.dev,
        linux-arm-msm@...r.kernel.org, linux-kernel@...r.kernel.org,
        quic_cang@...cinc.com, mrana@...cinc.com
Subject: Re: [PATCH v2] bus: mhi: host: Fix race between channel preparation
 and M0 event

On Fri, Oct 28, 2022 at 10:24:01PM +0530, Manivannan Sadhasivam wrote:
> On Sun, Oct 16, 2022 at 11:05:32AM +0800, Qiang Yu wrote:
> > There is a race condition where mhi_prepare_channel() updates the
> > read and write pointers as the base address and in parallel, if
> > an M0 transition occurs, the tasklet goes ahead and rings
> > doorbells for all channels with a delta in TRE rings assuming
> > they are already enabled. This causes a null pointer access. Fix
> > it by adding a channel enabled check before ringing channel
> > doorbells.
> > 
> > Fixes: a6e2e3522f29 "bus: mhi: core: Add support for PM state transitions"
> > Signed-off-by: Qiang Yu <quic_qianyu@...cinc.com>
> 
> Can you also CC stable list for backporting?
> 

Nvm, I added stable list and applied the patch to mhi-next! Because of the
addition of MHI EP support, this patch can be backported without modifications
till 5.19 only. If you want to backport to older kernels, please send them to
stable list once this got merged.

Thanks,
Mani

> Reviewed-by: Manivannan Sadhasivam <mani@...nel.org>
> 
> Thanks,
> Mani
> 
> > ---
> > v1->v2: add Fixes tags
> > 
> >  drivers/bus/mhi/host/pm.c | 3 ++-
> >  1 file changed, 2 insertions(+), 1 deletion(-)
> > 
> > diff --git a/drivers/bus/mhi/host/pm.c b/drivers/bus/mhi/host/pm.c
> > index 4a42186..0834590 100644
> > --- a/drivers/bus/mhi/host/pm.c
> > +++ b/drivers/bus/mhi/host/pm.c
> > @@ -301,7 +301,8 @@ int mhi_pm_m0_transition(struct mhi_controller *mhi_cntrl)
> >  		read_lock_irq(&mhi_chan->lock);
> >  
> >  		/* Only ring DB if ring is not empty */
> > -		if (tre_ring->base && tre_ring->wp  != tre_ring->rp)
> > +		if (tre_ring->base && tre_ring->wp  != tre_ring->rp &&
> > +		    mhi_chan->ch_state == MHI_CH_STATE_ENABLED)
> >  			mhi_ring_chan_db(mhi_cntrl, mhi_chan);
> >  		read_unlock_irq(&mhi_chan->lock);
> >  	}
> > -- 
> > 2.7.4
> > 
> > 
> 
> -- 
> மணிவண்ணன் சதாசிவம்
> 

-- 
மணிவண்ணன் சதாசிவம்

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ