linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* Possible race in pc87413_wdt.ko
@ 2017-08-07 13:22 Anton Volkov
  2017-08-08  4:10 ` Guenter Roeck
  0 siblings, 1 reply; 2+ messages in thread
From: Anton Volkov @ 2017-08-07 13:22 UTC (permalink / raw)
  To: wim; +Cc: linux, linux-watchdog, linux-kernel, ldv-project, Alexey Khoroshilov

Hello.

While searching for races in the Linux kernel I've come across 
"drivers/watchdog/pc87413_wdt.ko" module. Here is a question that I came 
up with while analyzing results. Lines are given using the info from 
Linux v4.12.

Consider the following case:

Thread 1:                          Thread 2:
pc87413_init
    misc_register(&pc87413_miscdev)
-> pc87413_get_swc_base_addr       pc87413_open
                                    -> pc87413_refresh
                                       -> pc87413_swc_bank3
      swc_base_addr = ...                  <read access to swc_base_addr>
      (pc87413_wdt.c: line 133)            (pc87413_wdt.c: line 146)

So in this case preemptive registration of the device leads to a 
possibility of race between the initialization process and a callback to 
the registered device.

Is this race feasible from your point of view? And if it is, is it 
possible to move the device registration a bit further down in the 
pc87413_init function?

Thank you for your time.

-- Anton Volkov
Linux Verification Center, ISPRAS
web: http://linuxtesting.org
e-mail: avolkov@ispras.ru

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: Possible race in pc87413_wdt.ko
  2017-08-07 13:22 Possible race in pc87413_wdt.ko Anton Volkov
@ 2017-08-08  4:10 ` Guenter Roeck
  0 siblings, 0 replies; 2+ messages in thread
From: Guenter Roeck @ 2017-08-08  4:10 UTC (permalink / raw)
  To: Anton Volkov, wim
  Cc: linux-watchdog, linux-kernel, ldv-project, Alexey Khoroshilov

On 08/07/2017 06:22 AM, Anton Volkov wrote:
> Hello.
> 
> While searching for races in the Linux kernel I've come across "drivers/watchdog/pc87413_wdt.ko" module. Here is a question that I came up with while analyzing results. Lines are given using the info from Linux v4.12.
> 
> Consider the following case:
> 
> Thread 1:                          Thread 2:
> pc87413_init
>     misc_register(&pc87413_miscdev)
> -> pc87413_get_swc_base_addr       pc87413_open
>                                     -> pc87413_refresh
>                                        -> pc87413_swc_bank3
>       swc_base_addr = ...                  <read access to swc_base_addr>
>       (pc87413_wdt.c: line 133)            (pc87413_wdt.c: line 146)
> 
> So in this case preemptive registration of the device leads to a possibility of race between the initialization process and a callback to the registered device.
> 
> Is this race feasible from your point of view? And if it is, is it possible to move the device registration a bit further down in the pc87413_init function?
> 

Yes, the race is feasible, and it is possible to move the device registration function
(though the preferred solution would be to convert the driver to use the watchdog
subsystem). The code looks pretty bad as written.

Just not sure if it is worth bothering about it. I suspect no on is using that driver
anymore (the datasheet is from 2001). Might as well just declare it obsolete and
wait for someone to scream.

Guenter

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-08-08  4:10 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-08-07 13:22 Possible race in pc87413_wdt.ko Anton Volkov
2017-08-08  4:10 ` Guenter Roeck

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).