From: bugzilla-daemon@kernel.org
To: linux-usb@vger.kernel.org
Subject: [Bug 217613] New: [BUG] [media] dvb-usb: possible data-inconsistency due to data races in dib0700_rc_query_old_firmware()
Date: Fri, 30 Jun 2023 01:35:28 +0000 [thread overview]
Message-ID: <bug-217613-208809@https.bugzilla.kernel.org/> (raw)
https://bugzilla.kernel.org/show_bug.cgi?id=217613
Bug ID: 217613
Summary: [BUG] [media] dvb-usb: possible data-inconsistency due
to data races in dib0700_rc_query_old_firmware()
Product: Drivers
Version: 2.5
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P3
Component: USB
Assignee: drivers_usb@kernel-bugs.kernel.org
Reporter: islituo@gmail.com
Regression: No
Our static analysis tool finds some possible data races in the
DVB USB driver in Linux 6.4.0.
The variable d->priv->buf is often accessed with holding the
lock d->usb_mutex, here is an example:
dib0700_change_protocol() --> Line 638 in dib0700_core.c
st = d->priv; --> Line 641 in dib0700_core.c (Alias)
mutex_lock_interruptible(&d->usb_mutex)
--> Line 644 in dib0700_core.c (Lock d->usb_mutex)
st->buf[0] = REQUEST_SET_RC;
--> Line 649 in dib0700_core.c (Access d->priv->buf)
However, in the function dib0700_rc_query_old_firmware(), the
variable d->priv->buf is accessed without holding the lock
d->usb_mutex:
dib0700_rc_query_old_firmware() --> Line 516 in dib0700_devices.c
st = d->priv; --> Line 522 in dib0700_devices.c (Alias)
st->buf[0] = REQUEST_POLL_RC;
--> Line 532 in dib0700_devices.c (Access st->buf)
And thus harmful data races can occur because they can make
data in st-buf inconsistent.
I am not quite sure whether these possible data races are real and
how to fix them if they are real.
Any feedback would be appreciated, thanks!
Reported-by: BassCheck <bass@buaa.edu.cn>
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
next reply other threads:[~2023-06-30 1:35 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-30 1:35 bugzilla-daemon [this message]
2023-06-30 1:48 ` [Bug 217613] [BUG] [media] dvb-usb: possible data-inconsistency due to data races in dib0700_rc_query_old_firmware() bugzilla-daemon
2023-06-30 5:22 ` [Bug 217613] New: " Greg KH
2023-06-30 5:22 ` [Bug 217613] " bugzilla-daemon
2023-06-30 8:11 ` bugzilla-daemon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-217613-208809@https.bugzilla.kernel.org/ \
--to=bugzilla-daemon@kernel.org \
--cc=linux-usb@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).