lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260107032610.13166-1-eleanor.lin@realtek.com>
Date: Wed, 7 Jan 2026 11:26:10 +0800
From: Yu-Chun Lin <eleanor.lin@...ltek.com>
To: <broonie@...nel.org>, <gregkh@...uxfoundation.org>, <rafael@...nel.org>,
        <dakr@...nel.org>, <baolin.wang@...ux.alibaba.com>,
        <cylee12@...ltek.com>
CC: <linux-kernel@...r.kernel.org>, <james.tai@...ltek.com>,
        <cy.huang@...ltek.com>, <stanley_chang@...ltek.com>,
        <eleanor.lin@...ltek.com>
Subject: [PATCH v2] regmap: Fix race condition in hwspinlock irqsave routine

From: Cheng-Yu Lee <cylee12@...ltek.com>

Previously, the address of the shared member '&map->spinlock_flags' was
passed directly to 'hwspin_lock_timeout_irqsave'. This creates a race
condition where multiple contexts contending for the lock could overwrite
the shared flags variable, potentially corrupting the state for the
current lock owner.

Fix this by using a local stack variable 'flags' to store the IRQ state
temporarily.

Fixes: 8698b9364710 ("regmap: Add hardware spinlock support")
Signed-off-by: Cheng-Yu Lee <cylee12@...ltek.com>
Co-developed-by: Yu-Chun Lin <eleanor.lin@...ltek.com>
Signed-off-by: Yu-Chun Lin <eleanor.lin@...ltek.com>
---
v2:
 - Initialize 'flags' to 0. This fixes a -Werror build failure when
   CONFIG_HWSPINLOCK is disabled, as the stub function in that case does
   not initialize the pointer.

v1: https://lore.kernel.org/lkml/20260106021501.30682-1-eleanor.lin@realtek.com/

 drivers/base/regmap/regmap.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/base/regmap/regmap.c b/drivers/base/regmap/regmap.c
index ce9be3989a21..8d889372517f 100644
--- a/drivers/base/regmap/regmap.c
+++ b/drivers/base/regmap/regmap.c
@@ -408,9 +408,11 @@ static void regmap_lock_hwlock_irq(void *__map)
 static void regmap_lock_hwlock_irqsave(void *__map)
 {
 	struct regmap *map = __map;
+	unsigned long flags;
 
 	hwspin_lock_timeout_irqsave(map->hwlock, UINT_MAX,
-				    &map->spinlock_flags);
+				    &flags);
+	map->spinlock_flags = flags;
 }
 
 static void regmap_unlock_hwlock(void *__map)
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ