Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp2397096ybb; Mon, 30 Mar 2020 05:26:10 -0700 (PDT) X-Google-Smtp-Source: ADFU+vvyYtZIfvm2Zc9FoixOlHvZnpMdN2gNyPah/ZnLDV2QaFTX+MjukANBiSMwDhrmmMv9RXAR X-Received: by 2002:a9d:748e:: with SMTP id t14mr7090218otk.334.1585571170257; Mon, 30 Mar 2020 05:26:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585571170; cv=none; d=google.com; s=arc-20160816; b=b9i+PflQeNZd4e/7tzkyCUQY0Ksb8coO2dTWyedqWNQMeFexFMfvo4T/DkvOUe2pV0 gANMNlHfgDsEUkDjosecF4KvWDFA3xlLfN76z1lQYgrm07uLg7QYURn99r5/6MARyUn+ 7SpMFlHu6Q34gY+6Yh95aRuhx3keXTXd7bM/U3FRi37QMzkHll/z+Gb+3Ink0zrO2zqE +Z3CIsqBWuOuD3oX8Oaifb+rI3ZgCmIjKgjxc1+HRoUCvb+QW+ZprCEvzE4YEDq0CvO2 KatiHuOzttphzVP/KIm8evbidlDbS9iq7/u4pCS0+t/xzjIs8KKmjwIARFChswlKK2Y2 /tfA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-transfer-encoding:content-disposition:mime-version :references:message-id:subject:cc:to:date:from:dkim-signature; bh=M8Ib8l/azcsofbPAguA4h7SVkMzxDl6gmT98v4wG9GU=; b=HA6Jq7KuhyEQOLYtanH50hSma4N++vW7n/vkclvE2xaD+1OAngmHzhIyhm8zjpUwqs GIf/zrIYWv7wrtQCZKosRMxPXx/VZez6KinhYYtnvAIprU3QLF7gnySrWuzWExYuTRQN DztquxA8qjCwA+Oiw91+jXQC69euLfTICl1xUqVIpyuJA/4ZkTmIQNRyzA9lofFEoRGJ T4ae/DEaqL9jpizTafmnWmqyi8HCFJGT5WdKlCRdJSObtYBoqqcAOvNxkETWw+v+xDYB UW3OZEhwHSMJVtqbaiLwl2mWzWxsY7eonqgZpOO2eDwdE92OVkHnG2WqPP3o6S9mM0fG g8RQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=G9gm5VGh; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e24si6184722otq.2.2020.03.30.05.25.57; Mon, 30 Mar 2020 05:26:10 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=G9gm5VGh; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730040AbgC3MZ1 (ORCPT + 99 others); Mon, 30 Mar 2020 08:25:27 -0400 Received: from mail-pj1-f50.google.com ([209.85.216.50]:50415 "EHLO mail-pj1-f50.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729957AbgC3MZZ (ORCPT ); Mon, 30 Mar 2020 08:25:25 -0400 Received: by mail-pj1-f50.google.com with SMTP id v13so7490645pjb.0; Mon, 30 Mar 2020 05:25:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:date:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to :user-agent; bh=M8Ib8l/azcsofbPAguA4h7SVkMzxDl6gmT98v4wG9GU=; b=G9gm5VGhAArsT1CmH0uZY313vNbbuauBelRohmp7x0E53WwYgN/yccZmdD8/HLYLOH QNR3fLWxNp4efa/CbHkkioW639eQ4pDkZyx4273q2vNQDsvfYCtsJfaPd77RdPFN4UJU Pbz6VhGx8Sea6HgnZx+91WIAZtt3nsPL1wNM9PTfBuqTb+t5PQZvLU7DE8raWG7Y3SLJ vatFluJWaku6PJd4umh4j/XcN2Md/EH5Cw52K0MPNVaBtDJCrvxJopDGwtTmOLHkzzqe LV0timV5SbWDLmNNihgpriN5KPTXtdKEsVWM37zhFnNaB9s8EZornHbjbfkfhMrWKM0K YedQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:date:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to:user-agent; bh=M8Ib8l/azcsofbPAguA4h7SVkMzxDl6gmT98v4wG9GU=; b=Stgg/L1UpZhyIHXJAlrhP4WdyAWdJ1dmvU9yxDbyyZGOlVJQJHr9iIyjmiwHiLpAMj Pfswd++Oe5ZZ3ZbcpoYNtJsbQlXglYXOEhLUxH3FnUneKxgYUfCsLlUH9Eef6VbT5AeF efxkYVB1lTgViPkKFl5iJBLZdWl71oDilZO4Bn8vx9u1Bh0D8wCSc89ZPDQosJrlotAp PI2mWe9rRWlChvzv75hq9GfubgOA66H4lNl7zS1SYU801AGLCeBzuSYeAYh5kRbO2vuz fatwToHu8CGoFNcWDo2zMggDtPcqZtWjEU1in1+ABPUfoJeMZpZGB9RqiwG71yGAjy2j VCFw== X-Gm-Message-State: AGi0PuavyBKKB454+YaXqIdyrA2X4KPdyKDBrJCblq2dhrbuzXGa6tQm 70lZ5Gbmz6F/Fm36Z66nog== X-Received: by 2002:a17:90b:400a:: with SMTP id ie10mr8001144pjb.46.1585571124433; Mon, 30 Mar 2020 05:25:24 -0700 (PDT) Received: from madhuparna-HP-Notebook ([2402:3a80:d3b:3d6b:7942:93fd:fd15:96f0]) by smtp.gmail.com with ESMTPSA id y17sm10044862pfl.104.2020.03.30.05.25.20 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 30 Mar 2020 05:25:23 -0700 (PDT) From: Madhuparna Bhowmik X-Google-Original-From: Madhuparna Bhowmik Date: Mon, 30 Mar 2020 17:55:18 +0530 To: Greg KH Cc: madhuparnabhowmik10@gmail.com, hariprasad.kelam@gmail.com, colin.king@canonical.com, tony.olech@elandigitalsystems.com, linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org, andrianov@ispras.ru Subject: Re: Possible data-race related bug in u132_hcd module. Message-ID: <20200330122518.GA12077@madhuparna-HP-Notebook> References: <20200330115243.11107-1-madhuparnabhowmik10@gmail.com> <20200330120207.GA2807@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20200330120207.GA2807@kroah.com> User-Agent: Mutt/1.9.4 (2018-02-28) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Mar 30, 2020 at 02:02:07PM +0200, Greg KH wrote: > On Mon, Mar 30, 2020 at 05:22:43PM +0530, madhuparnabhowmik10@gmail.com wrote: > > Hi, > > > > This bug is found by? Linux Driver Verification project (linuxtesting.org). > > > > The bug is related to the parallel execution of u132_probe() function and?u132_hcd_exit() function in u132_hcd.c. In case the module is unloaded when the probe function is executing there can be data race as the mutex lock?u132_module_lock is not used properly.? > > Please note that module unloading, while a nice thing to have, is never > something that happens automatically :) > > > i) Usage of mutex lock only when writing into the u132_exiting variable in?u132_hcd_exit(). The lock is not used when this variable is read in?u132_probe(). > > > > Moreover, this variable does not serve its?purpose, as even if locking?is used while the u132_exiting variable is read in probe(), the function may still miss that exit function is executing if it acquires the mutex before exit() function does. > > > > How to fix this? > > > > ii) Usage of mutex while adding entries in?u132_static_list in probe function but not in exit function while unregistering. > > This should be easy to fix by holding the mutex in the exit function as well. > > > > There can be other synchronization problems related to the usage of u132_module_lock in this module, I have only spotted these so far. > > > > Please let me know if this bug report is helpful and I can send a patch fixing it. > > Please just send a patch, no need to ever ask if you should, that's the > best way to report and fix anything. > Sure, I will do it. Thank you, Madhuparna > thanks, > > greg k-h