From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751949AbdHOOMA (ORCPT ); Tue, 15 Aug 2017 10:12:00 -0400 Received: from mail.ispras.ru ([83.149.199.45]:48710 "EHLO mail.ispras.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751202AbdHOOL6 (ORCPT ); Tue, 15 Aug 2017 10:11:58 -0400 From: Anton Volkov Subject: Possible race in via-ircc.ko To: samuel@sortiz.org, sda@bdit.de Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, ldv-project@linuxtesting.org, Alexey Khoroshilov Message-ID: Date: Tue, 15 Aug 2017 17:11:57 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello. While searching for races in the Linux kernel I've come across "drivers/net/irda/via-ircc.ko" module. Here are questions that I came up with while analyzing results. Lines are given using the info from Linux v4.12. Consider the following case: Thread 1: Thread 2: via_ircc_net_open request_irq via_ircc_interrupt -> via_ircc_dma_receive -> RxTimerHandler (via-ircc.c: line 1488) (via-ircc.c: line 1315) self->... = ... ... = self->... In the via_ircc_dma_receive a lot of fields of 'self' structure are initialized and via_ircc_interrupt with RxTimerHandler use those fields. If no initialization happened interrupt handler and other functions that it calls may work with incorrect data. I'm not sure how bad this case can be and thus here are my questions. Is this situation feasible from your point of view? If it is feasible, is it a benign race or something serious? Thank you for your time. -- Anton Volkov Linux Verification Center, ISPRAS web: http://linuxtesting.org e-mail: avolkov@ispras.ru