| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <547332D7.7050104@3dautomazione.it>
Date: Mon, 24 Nov 2014 14:29:59 +0100
From: Angelo Rizzi <angelo.rizzi@...utomazione.it>
To: netdev@...r.kernel.org
Subject: net_tx_action race condition?
Hi Daniel,
Here attached the patch file you required.
The problem i've found is on the declaration of 'struct softnet_data
*sd' in function 'net_tx_action'
What happens to me (i have an embedded system based on FPGA and a NIOS2
cpu) is that, due to compiler optimization, the content of
'sd->completion_queue' is saved in a CPU register before interrupt
disabling (when the instruction 'if (sd->completion_queue) {' is
executed) and then the register contents is used for interrupt-disabled
assignment ('clist = sd->completion_queue') instead of re-read the
variable contents.
This seems to lead to a race condition when an interrupt modifies the
content of 'sd->completion_queue' between these two instructions.
What i have done to avoid this situation is to change the declaration of
'struct softnet_data *sd' to 'volatile struct softnet_data *sd' and now
everything seems to be ok.
I hope this will help.
Regards,
Angelo
View attachment "net_tx_action_patch" of type "text/plain" (439 bytes)
Powered by blists - more mailing lists