| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <DDDTFDCO7V8R.342Y4MA6FQ4FL@nvidia.com>
Date: Thu, 09 Oct 2025 22:11:45 +0900
From: "Alexandre Courbot" <acourbot@...dia.com>
To: "Danilo Krummrich" <dakr@...nel.org>, "Markus Probst"
<markus.probst@...teo.de>, "Alexandre Courbot" <acourbot@...dia.com>
Cc: "Lee Jones" <lee@...nel.org>, "Pavel Machek" <pavel@...nel.org>, "Miguel
Ojeda" <ojeda@...nel.org>, "Alex Gaynor" <alex.gaynor@...il.com>, "Igor
Korotin" <igor.korotin.linux@...il.com>, "Lorenzo Stoakes"
<lorenzo.stoakes@...cle.com>, "Vlastimil Babka" <vbabka@...e.cz>, "Liam R.
Howlett" <Liam.Howlett@...cle.com>, "Uladzislau Rezki" <urezki@...il.com>,
"Boqun Feng" <boqun.feng@...il.com>, "Gary Guo" <gary@...yguo.net>,
<bjorn3_gh@...tonmail.com>, "Benno Lossin" <lossin@...nel.org>, "Andreas
Hindborg" <a.hindborg@...nel.org>, "Alice Ryhl" <aliceryhl@...gle.com>,
"Trevor Gross" <tmgross@...ch.edu>, "Daniel Almeida"
<daniel.almeida@...labora.com>, <linux-leds@...r.kernel.org>,
<rust-for-linux@...r.kernel.org>, <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 4/4] leds: add driver for synology atmega1608 controlled
LEDs
On Thu Oct 9, 2025 at 9:41 PM JST, Danilo Krummrich wrote:
> (Cc: Alex)
>
> On Thu Oct 9, 2025 at 2:30 PM CEST, Markus Probst wrote:
>> On Thu, 2025-10-09 at 14:20 +0200, Danilo Krummrich wrote:
>>> (Not a full review (let's work out the dependencies first), but
>>> there's one
>>> thing that stood out to me.)
>>>
>>> On Wed Oct 8, 2025 at 8:10 PM CEST, Markus Probst wrote:
>>> > +struct Atmega1608Led {
>>> > + addr: Atmega1608LedAddress,
>>> > + id: Atmega1608LedId,
>>> > +
>>> > + client: ARef<I2cClient>,
>>> > +
>>> > + mode_lock: Arc<Mutex<()>>,
>>>
>>> Mutex<()> raises an eyebrow, since a mutex that doesn't protect
>>> anything is
>>> pointless. So, I assume it is protecting some data, but in an unsound
>>> way.
>>>
>>> > +impl Atmega1608Led {
>>> > + fn update_mode(&self, mode: Atmega1608LedMode) ->
>>> > Result<Atmega1608LedMode> {
>>> > + let _guard = self.mode_lock.lock();
>>>
>>> What exactly does the mutex protect in the code below?
>> Otherwise there would be a race condition. Each register has 8 bits,
>> each led has 2 bits. If the led mode is updated at the same time with
>> another one in the same register, it could lead to the first action
>> being overwritten by the second.
>> Meaning if two actions run at the same time:
>> - led0 reads from the register
>> - led1 reads from the register
>> - led0 writes to the register
>> - led1 writes to the register (the changes for led0 have been
>> overwritten here, as it did read the register before led0 has written
>> to it)
>
> Ok, so you need exclusive access to a register. I think this is something the
> register abstraction I also mentioned in [1] could support.
>
> @Alex: Have you thought about this already?
>
> [1] https://lore.kernel.org/rust-for-linux/DDDS2V0V2NVJ.16ZKXCKUA1HUV@kernel.org/
I haven't at all. :) And indeed intuitively I couldn't say what would be
the right level to provide such concurrent access protection. When
someone reads from a register, there is no guarantee that they did so
with the intent of writing an updated value back to it, so I don't think we can e.g. hold a
guard for as long as the read value exists.
Even the `alter` accessor does not take any lock for the duration of its
closure, so I don't think it protects us. OTOH, `led0` would hold the IO
resource for as long as `alter` runs, which should prevent `led1` from
accessing it? If so, I'd say that's the correct way of handling such
cases.
(drive-by comment: I will probably rename `alter` into `update` to match
the regmap API once the dust settles with all the code moves related to
register!())
Powered by blists - more mailing lists