Re: Possible race in pc87413_wdt.ko

From: Guenter Roeck
Date: Tue Aug 08 2017 - 00:10:37 EST

Next message: Guenter Roeck: "Re: [PATCH 3.18 00/50] 3.18.64-stable review"
Previous message: Mike Kravetz: "Re: [PATCH -mm] mm: Clear to access sub-page last when clearing huge page"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 08/07/2017 06:22 AM, Anton Volkov wrote:

Hello.

While searching for races in the Linux kernel I've come across "drivers/watchdog/pc87413_wdt.ko" module. Here is a question that I came up with while analyzing results. Lines are given using the info from Linux v4.12.

Consider the following case:

Thread 1: Thread 2:
pc87413_init
misc_register(&pc87413_miscdev)
-> pc87413_get_swc_base_addr pc87413_open
-> pc87413_refresh
-> pc87413_swc_bank3
swc_base_addr = ... <read access to swc_base_addr>
(pc87413_wdt.c: line 133) (pc87413_wdt.c: line 146)

So in this case preemptive registration of the device leads to a possibility of race between the initialization process and a callback to the registered device.

Is this race feasible from your point of view? And if it is, is it possible to move the device registration a bit further down in the pc87413_init function?

Yes, the race is feasible, and it is possible to move the device registration function
(though the preferred solution would be to convert the driver to use the watchdog
subsystem). The code looks pretty bad as written.

Just not sure if it is worth bothering about it. I suspect no on is using that driver
anymore (the datasheet is from 2001). Might as well just declare it obsolete and
wait for someone to scream.

Guenter

Next message: Guenter Roeck: "Re: [PATCH 3.18 00/50] 3.18.64-stable review"
Previous message: Mike Kravetz: "Re: [PATCH -mm] mm: Clear to access sub-page last when clearing huge page"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]