lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20240614122341.GK8447@kernel.org>
Date: Fri, 14 Jun 2024 13:23:41 +0100
From: Simon Horman <horms@...nel.org>
To: Gui-Dong Han <hanguidong02@...look.com>
Cc: 3chas3@...il.com, linux-atm-general@...ts.sourceforge.net,
	netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
	baijiaju1990@...il.com
Subject: Re: [PATCH] atm/fore200e: Consolidate available cell rate update to
 prevent race condition

On Tue, Jun 11, 2024 at 11:54:10AM +0800, Gui-Dong Han wrote:
> In fore200e_change_qos, there is a race condition due to two consecutive
> updates to the 'available_cell_rate' variable. If a read operation 
> occurs between these updates, an intermediate value might be read, 
> leading to potential bugs.
> 
> To fix this issue, 'available_cell_rate' should be adjusted in a single 
> operation, ensuring consistency and preventing any intermediate states 
> from being read.
> 
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Signed-off-by: Gui-Dong Han <hanguidong02@...look.com>

Hi Gui-Dong Han,

If there is a race involving writing and reading available_cell_rate,
then I believe there is still a race after your patch: if nothing protects
to protect available_cell_rate from being read while it is written then
that is true both before and after this patch.

Also, I would suggest that this is a very old and possibly unused driver.
If you wish to spend time on it I'd suggest that time go into
investigating if it is appropriate to remove the driver entirely.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ