| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AANLkTi=f_UUoLSdv6zf3-kghu-jyPTGo9Vg1i3_F-5J+@mail.gmail.com> Date: Thu, 17 Feb 2011 13:49:46 +0900 From: 홍신 shin hong <hongshin@...il.com> To: netdev@...r.kernel.org Subject: BUG? racy code at net/atm/br2684.c Hi. I am reporting a suspected race bug at br2684_push() in /net/atm/br2684.c. Please examine the report and let me know your opinion. I reported the same issue several month ago and got feedback however, I found that the code is still not changed. In br2684_push() accesses &brdev->brvcss without devs_lock holding at line 334. But it seems that all accesses to &brdev->brvcss are synchronized by devs_lock. So that br2684_push() may result race condition in concurrent execution with other functions that manipulate &brdev->brvcss. It seems that it is better to guard list_empty(&brdev->brvccs) by devs_lock. Or check list_empty(&brdev->brvccs) once again after devs_lock holding. Thank you. Sincerely Shin Hong -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists