lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 8 Apr 2022 15:30:21 -0700
From:   Guenter Roeck <linux@...ck-us.net>
To:     "Coelho, Luciano" <luciano.coelho@...el.com>,
        "Greenman, Gregory" <gregory.greenman@...el.com>
Cc:     "kvalo@...nel.org" <kvalo@...nel.org>,
        "linux-wireless@...r.kernel.org" <linux-wireless@...r.kernel.org>,
        "rostedt@...dmis.org" <rostedt@...dmis.org>,
        "Berg, Johannes" <johannes.berg@...el.com>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Re: [RFC PATCH] iwlwifi: iwl-dbg: Use del_timer_sync() before freeing

Hi Luca,

On 4/7/22 22:20, Coelho, Luciano wrote:
> On Thu, 2022-04-07 at 12:50 -0700, Guenter Roeck wrote:
>> Hi,
>>
>> On 4/6/22 08:34, Guenter Roeck wrote:
>>> In Chrome OS, a large number of crashes is observed due to corrupted timer
>>> lists. Steven Rostedt pointed out that this usually happens when a timer
>>> is freed while still active, and that the problem is often triggered
>>> by code calling del_timer() instead of del_timer_sync() just before
>>> freeing.
>>>
>>> Steven also identified the iwlwifi driver as one of the possible culprits
>>> since it does exactly that.
>>>
>>> Reported-by: Steven Rostedt <rostedt@...dmis.org>
>>> Cc: Steven Rostedt <rostedt@...dmis.org>
>>> Cc: Shahar S Matityahu <shahar.s.matityahu@...el.com>
>>> Cc: Johannes Berg <johannes.berg@...el.com>
>>> Fixes: 60e8abd9d3e91 ("iwlwifi: dbg_ini: add periodic trigger new API support")
>>> Signed-off-by: Guenter Roeck <linux@...ck-us.net>
>>> ---
>>> RFC:
>>>       Maybe there was a reason to use del_timer() instead of del_timer_sync().
>>>       Also, I am not sure if the change is sufficient since I don't see any
>>>       obvious locking that would prevent timers from being added and then
>>>       modified in iwl_dbg_tlv_set_periodic_trigs() while being removed in
>>>       iwl_dbg_tlv_del_timers().
>>>
>>
>> I prepared a new version of this patch, introducing a mutex to protect changes
>> to periodic_trig_list. I'd like to get some feedback before sending it out,
>> though, so I'll wait until next week before sending it.
>>
>> If you have any feedback/thoughts/comments, please let me know.
> 
> Hi Guenter,
> 
> Thanks for your proposal!
> 
> I recently moved from the Intel WiFi team to the Graphics team, so I'm
> adding Gregory, who has taken over my duties, to the discussion.
> 
> I don't recall any specific reasons for using del_timer() instead of
> del_timer_sync() here.  So your patch does look correct to me.
> 

Thanks a lot for the feedback. I spent some time trying to determine
if a mutex to protect the periodic timer list is needed, but concluded
that it is not necessary because the code adding the timer list and
the code removing it are never executed in parallel. Of course,
I may be missing something, so I'd be happy to be corrected.

Thanks,
Guenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ