lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <149fe7f1-c417-d71f-972c-ba445692ba0a@ispras.ru>
Date:	Mon, 15 Aug 2016 15:59:54 +0300
From:	Pavel Andrianov <andrianov@...ras.ru>
To:	Francois Romieu <romieu@...zoreil.com>
Cc:	netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
	Vaishali Thakkar <vaishali.thakkar@...cle.com>,
	ldv-project@...uxtesting.org
Subject: Potential data race in drivers/net/ethernet/sis/sis190.ko

Hi!

There is a potential data race in drivers/net/ethernet/sis/sis190.ko.

Regard such situation:

CPU 1 				CPU 2

...
->sis190_open
- registers interrupts
...
->sis190_tx_timeout
- is called at some point
    ->sis190_tx_clear
       skb = tp->Tx_skbuff[i]
       [skb != null]

                an interrupt comes to CPU 2

				-> sis190_irq
				  -> sis190_tx_interrupt
				    skb = tp->Tx_skbuff[entry];
       ...
       -> dev_kfree_skb_irq(skb)
         ->dev_kfree_skb(skb)

In this case the skb is freed twice. Likely, in the interrupt handler 
the same spinlock should be acquired as in
sis190_tx_timeout.

-- 
Pavel Andrianov
Linux Verification Center, ISPRAS
web: http://linuxtesting.org
e-mail: andrianov@...ras.ru

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ