| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 27 Jul 2015 12:00:39 +0200 From: Oliver Neukum <oneukum@...e.com> To: Eugene Shatokhin <eugene.shatokhin@...alab.ru> Cc: LKML <linux-kernel@...r.kernel.org>, linux-usb@...r.kernel.org, netdev@...r.kernel.org Subject: Re: Several races in "usbnet" module (kernel 4.1.x) On Fri, 2015-07-24 at 17:41 +0300, Eugene Shatokhin wrote: > 23.07.2015 12:15, Oliver Neukum пишет: > From what I see now in Documentation/atomic_ops.txt, stores to the > properly aligned memory locations are in fact atomic. They are, but again only with respect to each other. > So, I think, the situation you described above cannot happen for > dev->flags, which is good. No need to address that in the patch. The > race might be harmless after all. > > If I understand the code correctly now, dev->flags is set to 0 in > usbnet_stop() so that the worker function (usbnet_deferred_kevent) would Yes, particularly not reschedule itself. > do nothing, should it start later. If so, how about adding memory > barriers for all CPUs to see dev->flags is 0 before other things? Taking a lock, as del_timer_sync() does, implies a memory barrier, as does a work. Regards Oliver -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists