| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAAo+4rWk2ZgjSVk9bMSh683drt-bW9EjkYgBsS4q8CcraGDEBQ@mail.gmail.com> Date: Fri, 16 Jan 2026 21:41:55 +0800 From: Chengfeng Ye <dg573847474@...il.com> To: James Bottomley <James.Bottomley@...senpartnership.com> Cc: Jinpu Wang <jinpu.wang@...os.com>, "Martin K . Petersen" <martin.petersen@...cle.com>, Bart Van Assche <bvanassche@....org>, linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org, Chengfeng Ye <cyeaa@...nect.ust.hk> Subject: Re: [PATCH v2] scsi: pm8001: Fix data race in sysfs SAS address read Hi James, > I think everyone would agree this can't happen for built in drivers > (because user space doesn't start until long after driver init), so > your theory above rests on a race between inserting the module and a > tool reading the file which can be fixed by waiting a short period ... > it just doesn't seem to be an important issue. True for the case of built-in driver (most use scenario), the race window is short. > Whereas taking the internal host lock in a > sysfs read routine could potentially be a DoS vector. Agree that using a spinlock just to fix this hardly triggered output issue may not be a good idea. I think this theoretical uninitialized/torn-read issue could also be fixed by delaying the creation of the sysfs folder until initialization finishes. Can help create a new patch if you'd like to improve the code, or we can just ignore it if it is not worth bothering with a small issue like this. Best regards, Chengfeng
Powered by blists - more mailing lists