Regarding bug in phantom.c

From: Madhuparna Bhowmik
Date: Tue Jul 21 2020 - 17:31:04 EST

Next message: Ralph Campbell: "[PATCH v3 0/5] mm/migrate: avoid device private invalidations"
Previous message: Steven Rostedt: "Re: [PATCH] dynamic debug: allow printing to trace event"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

This is regarding a race-condition related bug found in phantom.c by
the Linux Driver Verification Project.

dev->status is accessed in phantom_release with dev->open_lock and in
phantom_isr() using dev->regs_lock therefore there can be a race
between updating dev->status in phantom_release() and phantom_status()
and reading it's value in phantom_isr().
I don't think there is any particular lock protecting dev->status
(like open_lock and regs_lock are for dev->opened and dev->oregs) and
also not sure why exactly dev->status is updated in phantom_status()
and just after that updated again in phantom_release().
It will be great if you could look into this bug.

Thank you,
Madhuparna

Next message: Ralph Campbell: "[PATCH v3 0/5] mm/migrate: avoid device private invalidations"
Previous message: Steven Rostedt: "Re: [PATCH] dynamic debug: allow printing to trace event"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]