https://bugzilla.kernel.org/show_bug.cgi?id=217614 Bug ID: 217614 Summary: [BUG] [media] dvb-usb: possible data-inconsistency due to data races in dib0700_rc_query_old_firmware() Product: Drivers Version: 2.5 Hardware: All OS: Linux Status: NEW Severity: normal Priority: P3 Component: USB Assignee: drivers_usb@xxxxxxxxxxxxxxxxxxxxxx Reporter: islituo@xxxxxxxxx Regression: No Our static analysis tool finds some possible data races in the DVB USB driver in Linux 6.4.0. The variable d->priv->buf is often accessed with holding the lock d->usb_mutex, here is an example: dib0700_change_protocol() --> Line 638 in dib0700_core.c st = d->priv; --> Line 641 in dib0700_core.c (Alias) mutex_lock_interruptible(&d->usb_mutex) --> Line 644 in dib0700_core.c (Lock d->usb_mutex) st->buf[0] = REQUEST_SET_RC; --> Line 649 in dib0700_core.c (Access d->priv->buf) However, in the function dib0700_rc_query_old_firmware(), the variable d->priv->buf is accessed without holding the lock d->usb_mutex: dib0700_rc_query_old_firmware() --> Line 516 in dib0700_devices.c st = d->priv; --> Line 522 in dib0700_devices.c (Alias) st->buf[0] = REQUEST_POLL_RC; --> Line 532 in dib0700_devices.c (Access st->buf) And thus harmful data races can occur because they can make data in st-buf inconsistent. I am not quite sure whether these possible data races are real and how to fix them if they are real. Any feedback would be appreciated, thanks! Reported-by: BassCheck <bass@xxxxxxxxxxx> -- You may reply to this email to add a comment. You are receiving this mail because: You are watching the assignee of the bug.
