[PATCH] atm/fore200e: Fix possible data race in fore200e

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] atm/fore200e: Fix possible data race in fore200e_open()
@ 2025-01-15 13:10 Gui-Dong Han
  2025-01-17  0:59 ` Jakub Kicinski
  0 siblings, 1 reply; 5+ messages in thread
From: Gui-Dong Han @ 2025-01-15 13:10 UTC (permalink / raw)
  To: 3chas3
  Cc: linux-atm-general, netdev, linux-kernel, baijiaju1990,
	Gui-Dong Han, stable

Protect access to fore200e->available_cell_rate with rate_mtx lock to
prevent potential data race.

The field fore200e.available_cell_rate is generally protected by the lock
fore200e.rate_mtx when accessed. In all other read and write cases, this
field is consistently protected by the lock, except for this case and
during initialization.

This potential bug was detected by our experimental static analysis tool,
which analyzes locking APIs and paired functions to identify data races
and atomicity violations.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Signed-off-by: Gui-Dong Han <2045gemini@gmail.com>
---
 drivers/atm/fore200e.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/atm/fore200e.c b/drivers/atm/fore200e.c
index 4fea1149e003..f62e38571440 100644
--- a/drivers/atm/fore200e.c
+++ b/drivers/atm/fore200e.c
@@ -1374,7 +1374,9 @@ fore200e_open(struct atm_vcc *vcc)

 	vcc->dev_data = NULL;

+	mutex_lock(&fore200e->rate_mtx);
 	fore200e->available_cell_rate += vcc->qos.txtp.max_pcr;
+	mutex_unlock(&fore200e->rate_mtx);

 	kfree(fore200e_vcc);
 	return -EINVAL;
-- 
2.25.1

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH] atm/fore200e: Fix possible data race in fore200e_open()
  2025-01-15 13:10 [PATCH] atm/fore200e: Fix possible data race in fore200e_open() Gui-Dong Han
@ 2025-01-17  0:59 ` Jakub Kicinski
  2025-01-17  2:28   ` Gui-Dong Han
  0 siblings, 1 reply; 5+ messages in thread
From: Jakub Kicinski @ 2025-01-17  0:59 UTC (permalink / raw)
  To: Gui-Dong Han
  Cc: 3chas3, linux-atm-general, netdev, linux-kernel, baijiaju1990,
	stable

On Wed, 15 Jan 2025 13:10:06 +0000 Gui-Dong Han wrote:
> Protect access to fore200e->available_cell_rate with rate_mtx lock to
> prevent potential data race.
> 
> The field fore200e.available_cell_rate is generally protected by the lock
> fore200e.rate_mtx when accessed. In all other read and write cases, this
> field is consistently protected by the lock, except for this case and
> during initialization.

That's not sufficient in terms of analysis.

You need to be able to articulate what can go wrong.
-- 
pw-bot: reject

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] atm/fore200e: Fix possible data race in fore200e_open()
  2025-01-17  0:59 ` Jakub Kicinski
@ 2025-01-17  2:28   ` Gui-Dong Han
  2025-01-20 10:55     ` Simon Horman
  0 siblings, 1 reply; 5+ messages in thread
From: Gui-Dong Han @ 2025-01-17  2:28 UTC (permalink / raw)
  To: Jakub Kicinski
  Cc: 3chas3, linux-atm-general, netdev, linux-kernel, baijiaju1990,
	stable

> On Wed, 15 Jan 2025 13:10:06 +0000 Gui-Dong Han wrote:
> > Protect access to fore200e->available_cell_rate with rate_mtx lock to
> > prevent potential data race.
> >
> > The field fore200e.available_cell_rate is generally protected by the lock
> > fore200e.rate_mtx when accessed. In all other read and write cases, this
> > field is consistently protected by the lock, except for this case and
> > during initialization.
>
> That's not sufficient in terms of analysis.
>
> You need to be able to articulate what can go wrong.

fore200e->available_cell_rate += vcc->qos.txtp.max_pcr;
In this case, since the update depends on a prior read, a data race
could lead to a wrong fore200e.available_cell_rate value.

Regards,
Han

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] atm/fore200e: Fix possible data race in fore200e_open()
  2025-01-17  2:28   ` Gui-Dong Han
@ 2025-01-20 10:55     ` Simon Horman
  2025-01-22  2:48       ` Gui-Dong Han
  0 siblings, 1 reply; 5+ messages in thread
From: Simon Horman @ 2025-01-20 10:55 UTC (permalink / raw)
  To: Gui-Dong Han
  Cc: Jakub Kicinski, 3chas3, linux-atm-general, netdev, linux-kernel,
	baijiaju1990, stable

On Fri, Jan 17, 2025 at 10:28:59AM +0800, Gui-Dong Han wrote:
> > On Wed, 15 Jan 2025 13:10:06 +0000 Gui-Dong Han wrote:
> > > Protect access to fore200e->available_cell_rate with rate_mtx lock to
> > > prevent potential data race.
> > >
> > > The field fore200e.available_cell_rate is generally protected by the lock
> > > fore200e.rate_mtx when accessed. In all other read and write cases, this
> > > field is consistently protected by the lock, except for this case and
> > > during initialization.
> >
> > That's not sufficient in terms of analysis.
> >
> > You need to be able to articulate what can go wrong.
> 
> fore200e->available_cell_rate += vcc->qos.txtp.max_pcr;
> In this case, since the update depends on a prior read, a data race
> could lead to a wrong fore200e.available_cell_rate value.

Hi Gui-Dong Han,

I think it would be good to post a v2 of this patch with
an explanation along the lines of the above included in
the patch description.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] atm/fore200e: Fix possible data race in fore200e_open()
  2025-01-20 10:55     ` Simon Horman
@ 2025-01-22  2:48       ` Gui-Dong Han
  0 siblings, 0 replies; 5+ messages in thread
From: Gui-Dong Han @ 2025-01-22  2:48 UTC (permalink / raw)
  To: Simon Horman
  Cc: Jakub Kicinski, 3chas3, linux-atm-general, netdev, linux-kernel,
	baijiaju1990, stable

> On Fri, Jan 17, 2025 at 10:28:59AM +0800, Gui-Dong Han wrote:
> > > On Wed, 15 Jan 2025 13:10:06 +0000 Gui-Dong Han wrote:
> > > > Protect access to fore200e->available_cell_rate with rate_mtx lock to
> > > > prevent potential data race.
> > > >
> > > > The field fore200e.available_cell_rate is generally protected by the lock
> > > > fore200e.rate_mtx when accessed. In all other read and write cases, this
> > > > field is consistently protected by the lock, except for this case and
> > > > during initialization.
> > >
> > > That's not sufficient in terms of analysis.
> > >
> > > You need to be able to articulate what can go wrong.
> >
> > fore200e->available_cell_rate += vcc->qos.txtp.max_pcr;
> > In this case, since the update depends on a prior read, a data race
> > could lead to a wrong fore200e.available_cell_rate value.
>
> Hi Gui-Dong Han,
>
> I think it would be good to post a v2 of this patch with
> an explanation along the lines of the above included in
> the patch description.

Hi Simon Horman,

Thank you for your feedback. I have submitted a v2 version of the
patch with an added description of the data race hazard, as suggested.

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2025-01-22  2:49 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-01-15 13:10 [PATCH] atm/fore200e: Fix possible data race in fore200e_open() Gui-Dong Han
2025-01-17  0:59 ` Jakub Kicinski
2025-01-17  2:28   ` Gui-Dong Han
2025-01-20 10:55     ` Simon Horman
2025-01-22  2:48       ` Gui-Dong Han

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).