Possible race in loop.ko

From: Anton Volkov
Date: Fri Jul 28 2017 - 11:55:57 EST

Next message: Tom Lendacky: "[PATCH v2 0/2] x86: Secure Memory Encryption (SME) fixes 2017-07-26"
Previous message: Robin Murphy: "Re: [PATCH 0/4] ACPI: DMA ranges management"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello.
While searching for races in Linux kernel I've come across drivers/block/loop.ko module. Here is the question that I came up with while analyzing results. Lines are given using the info from Linux v4.12.

In loop_init function additional initialization happens after a successful call to misc_register() (loop.c: line 1961). Consider the following case:

Thread 1: Thread 2:
loop_init()
misc_register() loop_control_ioctl
part_shift = 0 -> loop_add
if (max_part > 0) { alloc_disk(1 << part_shift)
part_shift =
<greater than 0>
...
}

In this case alloc_disk() will be called with 1 as a parameter although part_shift should have been greater than 0. Maybe it would be better to move the call to a misc_register() function a bit further down (at least so it could be after the part_shift initialization)?

Thank you for your time.

-- Anton Volkov
Linux Verification Center, ISPRAS
web: http://linuxtesting.org
e-mail: avolkov@xxxxxxxxx

Next message: Tom Lendacky: "[PATCH v2 0/2] x86: Secure Memory Encryption (SME) fixes 2017-07-26"
Previous message: Robin Murphy: "Re: [PATCH 0/4] ACPI: DMA ranges management"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]