Possible race in spi-tegra114.ko

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello.
While searching for races in Linux kernel I've come across drivers/spi/spi-tegra114.ko module. Here is the question that I came up with while analysing results. Lines are given using the info from Linux v4.12.

Consider the following case:
Thread 1:                                  Thread 2:
tegra_spi_probe
  -> request_threaded_irq
      (spi-tegra114.c: line 1070)
  ------------interrupt comes------------- tegra_spi_isr_thread
                                             -> handle_dma_based_xfer
-> tegra_spi_start_dma_based_transfer -> tegra_spi_copy_client_txbuf_to_spi_txbuf -> dma_sync_single_for_cpu(tspi->dev, tspi->tx_dma_phys, ...) (spi-tegra114.c: line 368)
  -> tspi->tx_dma_phys = ...
     (spi-tegra114.c: line 621 or 625)

If the situation above is feasible then the value of tspi->tx_dma_phys (which is 0) is passed to dma_sync_single_for_cpu and further down the callstack. This is probably not good. Note that other fields of tspi structure can also be affected using the similar templates. Similar cases can occur also for tspi structure in drivers/spi/spi-tegra20-slink.ko module and for tsd structure in drivers/spi/spi-tegra20-sflash.ko module. So the question is: is there a possibility of interrupt triggering before the registration of master (spi-tegra114.c: line 1125) or a write to tspi->def_command1_reg (spi-tegra114.c: line 1121)?

Thank you for your time.

-- Anton Volkov
Linux Verification Center, ISPRAS
web: http://linuxtesting.org
e-mail: avolkov@xxxxxxxxx <mailto:avolkov@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-spi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Kernel]     [Linux ARM (vger)]     [Linux ARM MSM]     [Linux Omap]     [Linux Arm]     [Linux Tegra]     [Fedora ARM]     [Linux for Samsung SOC]     [eCos]     [Linux Fastboot]     [Gcc Help]     [Git]     [DCCP]     [IETF Announce]     [Security]     [Linux MIPS]     [Yosemite Campsites]

  Powered by Linux