| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20180721.224409.437815752648454744.davem@davemloft.net>
Date: Sat, 21 Jul 2018 22:44:09 -0700 (PDT)
From: David Miller <davem@...emloft.net>
To: u.kleine-koenig@...gutronix.de
Cc: andrew@...n.ch, vivien.didelot@...oirfairelinux.com,
f.fainelli@...il.com, netdev@...r.kernel.org, kernel@...gutronix.de
Subject: Re: [PATCH] net: dsa: mv88e6xxx: fix races between lock and irq
freeing
From: Uwe Kleine-König <u.kleine-koenig@...gutronix.de>
Date: Fri, 20 Jul 2018 11:53:15 +0200
> free_irq() waits until all handlers for this IRQ have completed. As the
> relevant handler (mv88e6xxx_g1_irq_thread_fn()) takes the chip's reg_lock
> it might never return if the thread calling free_irq() holds this lock.
>
> For the same reason kthread_cancel_delayed_work_sync() in the polling case
> must not hold this lock.
>
> Also first free the irq (or stop the worker respectively) such that
> mv88e6xxx_g1_irq_thread_work() isn't called any more before the irq
> mappings are dropped in mv88e6xxx_g1_irq_free_common() to prevent the
> worker thread to call handle_nested_irq(0) which results in a NULL-pointer
> exception.
>
> Signed-off-by: Uwe Kleine-König <u.kleine-koenig@...gutronix.de>
Looks good.
Note than the IRQ domain unmapping will do a synchronize_irq() which
should cause the same deadlock as free_irq() will with the reg_lock
held.
Note also that g2 IRQ freeing gets the ordering right, and doesn't need
a lock because it doesn't program any registers when tearing down it's
IRQ.
Applied and queued up for -stable, thanks.
Powered by blists - more mailing lists