Possible race in ucb1400_ts.ko

From: Anton Volkov
Date: Tue Aug 15 2017 - 09:46:32 EST

Next message: Thomas Gleixner: "Re: early x86 unseeded randomness"
Previous message: Borislav Petkov: "Re: early x86 unseeded randomness"
Next in thread: Dmitry Torokhov: "Re: Possible race in ucb1400_ts.ko"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello.

While searching for races in the Linux kernel I've come across "drivers/input/touchscreen/ucb1400_ts.ko" module. Here is a question that I came up with while analyzing results. Lines are given using the info from Linux v4.12.

Consider the following case:

Thread 1: Thread 2:
ucb1400_suspend
->ucb1400_ts_start
ucb->stopped = false
enable_irq()

ucb1400_resume
->ucb1400_ts_stop ucb1400_irq
ucb->stopped = true while(!ucb->stopped && ...)
(ucb1400_ts.c: line 230) (ucb1400_ts.c: line 202)
disable_irq()

The value of ucb->stopped may be changed in the midst of 'while' loop iterations or prevent all of them from happening. Is this feasible from your point of view? If so, is it a benign race or is it serious?

Thank you for your time.

-- Anton Volkov
Linux Verification Center, ISPRAS
web: http://linuxtesting.org
e-mail: avolkov@xxxxxxxxx

Next message: Thomas Gleixner: "Re: early x86 unseeded randomness"
Previous message: Borislav Petkov: "Re: early x86 unseeded randomness"
Next in thread: Dmitry Torokhov: "Re: Possible race in ucb1400_ts.ko"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]