| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 8 Aug 2023 10:28:14 +0200
From: Greg KH <gregkh@...uxfoundation.org>
To: Chengfeng Ye <dg573847474@...il.com>
Cc: gustavoars@...nel.org, u.kleine-koenig@...gutronix.de,
giometti@...ux.it, linux-usb@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] usb: host: oxu210hp-hcd: Fix potential deadlock on
&oxu->mem_lock
On Sat, Jul 29, 2023 at 09:26:34AM +0000, Chengfeng Ye wrote:
> &oxu->mem_lock is acquired by isr oxu_irq() along the below call
> chain under hardirq context.
>
> <hard interrupt>
> -> oxu_irq()
> -> oxu210_hcd_irq()
> -> ehci_work()
> -> scan_async()
> -> qh_completions()
> -> oxu_murb_free()
> -> spin_lock(&oxu->mem_lock)
>
> Thus the acquisition of the lock under process context should disable
> irq, otherwise deadlock could happen if the irq happens to preempt the
> execution while the lock is held in process context on the same CPU.
>
> This flaw was found by an experimental static analysis tool I am developing
> for irq-related deadlock. x86_64 allmodconfig using gcc shows no new
> warning.
>
> The patch fixes the potential deadlocks by using spin_lock_irqsave() on
> &oxu->mem_lock
>
> Signed-off-by: Chengfeng Ye <dg573847474@...il.com>
>
> Changes in v2
> - use spin_lock_irqsave() on more potential deadlock sites of &oxu->mem_lock
This needs to be below the --- line, as documented, so it doesn't show
up in the changelog.
How did you test this change? Do you have hardware to test it out? If
not, I don't think we can accpet this, see the kernel documentation for
what we accept from tools and researchers.
thanks,
greg k-h
Powered by blists - more mailing lists