Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp681236ybh; Wed, 22 Jul 2020 10:24:12 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwTnzxHw3XZUg2CCmo8kGk0MoZkS/vf2jehg9DrScdeIj3CgCerJCda4aVhPa5Du+5wRWVE X-Received: by 2002:a17:906:3a9b:: with SMTP id y27mr631778ejd.38.1595438652415; Wed, 22 Jul 2020 10:24:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595438652; cv=none; d=google.com; s=arc-20160816; b=g1TiWrVYP9V1gXxTNmELI7OjzW/Q7oGEVqj9woEt1aTfdvVu4DN34200zLPhLTRxT7 /aw8IWyjJvUhrEn6V3ywmwdhm37cIqpEuzCDNjvwXGEwwkKqpbFccEeA0l5gdaPbWd3l mTcdezeDqRYKf3NSotKxzoeAQ9LZE3ii6fexPxGDKx9b5+5bIsHo5MJcDBnR2fDj0UA1 CWSdxbkkM/SzsCjqQ6BoxdrWNNAggjEA8fjERvC8+2lEADJBehYWXLeptCTO/lX4up5W pqyes4FxW7oOPzxNN4yNclz8urzGFu3HoARB8qbz77oFsYVthx0Jw8HoSZApFvvyXfgp BClQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature; bh=waZLpv1oY9JdxGCqz+hGEo0vyh0IdaCvW7suryCs2O4=; b=HFACPyMe7vxw4cj59HuNNpTKNXodUkjku6kQToKJDXyslEismdymo5Rq2xQuTNLXjv VJ3hydiBqLtciHLpC0OLbdd7kIZwfi4Y2JHNg776f75xilT8U89PG7NpOOC5bE7hYwgO U4Rk+7mx8GsO3MCNHsuMqGD2Jz0nFL3wNx44FrqCwn2AQC2HQDeoB9namNzrjWVGBOXV eouBl60zuWNh8LFljj804rQRz4141zYZBWsH1lpRvG5o9RZwwQEhng317wOR8JZz35HP Am2EYrm/ppAyKZYNRV6w7Fsr482db18+DeIjAZzKdx/GkB1KTgpoMvLMOhXHvhSMPN9Q U2aQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="UGKz/h4V"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c6si383011edv.311.2020.07.22.10.23.49; Wed, 22 Jul 2020 10:24:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="UGKz/h4V"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729015AbgGVRXp (ORCPT + 99 others); Wed, 22 Jul 2020 13:23:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50888 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726685AbgGVRXp (ORCPT ); Wed, 22 Jul 2020 13:23:45 -0400 Received: from mail-pl1-x643.google.com (mail-pl1-x643.google.com [IPv6:2607:f8b0:4864:20::643]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 04AD3C0619DC; Wed, 22 Jul 2020 10:23:45 -0700 (PDT) Received: by mail-pl1-x643.google.com with SMTP id o1so1341514plk.1; Wed, 22 Jul 2020 10:23:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=waZLpv1oY9JdxGCqz+hGEo0vyh0IdaCvW7suryCs2O4=; b=UGKz/h4VX3Fs9zNxByZNcOHlX2WV4UskJvDTWBLqRIwV0gDQBpQMb9+KOtli5YhmV0 2OVFWOF6YewsefBrJXmusr7/Tj+nnx7rI9uHh5B3+In79uwNsCn9/CqzFqqp6Te8p0ut yUF91epQqT9NOlC51H9gpIDtF+Nxuu0m6uLtphiK0xRtwNnTCNnWaJxoV3RkawM3ZfF+ vaLsrPjC+bcyG6pXB2jvyDqVe9ur/E6T9EknTEqcTSp/U4Kml/Piy5TFam1y4xNW3Nb5 fCcJfw6W4jTXStKbmv7+40ZjOcJ4c9ZU8IAYM9zI0dcaufFQrghfLo9IjsIoZBeQtVx2 rlVA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=waZLpv1oY9JdxGCqz+hGEo0vyh0IdaCvW7suryCs2O4=; b=SU2vzPDGu7C1Gcm/AijOGoVYC9x9JU5QF8eWK3cPAGtOZ7FsZuTVpyc2+YK2Ca2gH6 j5f9tSPTmCNYO63ForpCcIkikTucZiK1gSMWOEMuZ6mFe/URKYiFUoN8wikpGfRS/GdU e3N5JSXqPRiuML3RfAoupK7u6MBwhxzx8tPmr4NL9m5tFS/YhcsslqAVLRvse7nEkI6Z 747BQTTSKwE5mfaBD8GRKqxREAJrL82e10aLaC4yPPPiXvG2jHFmXjOdYi5zQrKJ6MWD UejR2nVTnoK2QuNIc29c60iBHUNeVVs4JM7jcfwvx7E9jOnMALIZJ1G4hjCjzLY6I1yQ 8s3w== X-Gm-Message-State: AOAM530TvmSyvKoDzOFU3oQIm7+hBcrfyu9KbboA//M1zWgmpgQrWPgE jwPfe0dfL16HXTZuBwQ1og== X-Received: by 2002:a17:90a:368c:: with SMTP id t12mr455311pjb.90.1595438624469; Wed, 22 Jul 2020 10:23:44 -0700 (PDT) Received: from localhost.localdomain ([2402:3a80:cdb:f8f:507e:560d:bcc3:7e82]) by smtp.gmail.com with ESMTPSA id x10sm197567pfp.80.2020.07.22.10.23.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Jul 2020 10:23:43 -0700 (PDT) From: madhuparnabhowmik10@gmail.com To: isdn@linux-pingi.de, davem@davemloft.net, arnd@arndb.de, gregkh@linuxfoundation.org, edumazet@google.com Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, andrianov@ispras.ru, ldv-project@linuxtesting.org, Madhuparna Bhowmik Subject: [PATCH] drivers: isdn: capi: Fix data-race bug Date: Wed, 22 Jul 2020 22:53:29 +0530 Message-Id: <20200722172329.16727-1-madhuparnabhowmik10@gmail.com> X-Mailer: git-send-email 2.17.1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Madhuparna Bhowmik In capi_init(), after register_chrdev() the file operation callbacks can be called. However capinc_tty_init() is called later. Since capiminors and capinc_tty_driver are initialized in capinc_tty_init(), their initialization can race with their usage in various callbacks like in capi_release(). Therefore, call capinc_tty_init() before register_chrdev to avoid such race conditions. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Madhuparna Bhowmik --- drivers/isdn/capi/capi.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/drivers/isdn/capi/capi.c b/drivers/isdn/capi/capi.c index 85767f52fe3c..7e8ab48a15af 100644 --- a/drivers/isdn/capi/capi.c +++ b/drivers/isdn/capi/capi.c @@ -1332,7 +1332,7 @@ static int __init capinc_tty_init(void) return 0; } -static void __exit capinc_tty_exit(void) +static void capinc_tty_exit(void) { tty_unregister_driver(capinc_tty_driver); put_tty_driver(capinc_tty_driver); @@ -1420,29 +1420,28 @@ static int __init capi_init(void) if (ret) return ret; + if (capinc_tty_init() < 0) { + kcapi_exit(); + return -ENOMEM; + } + major_ret = register_chrdev(capi_major, "capi20", &capi_fops); if (major_ret < 0) { printk(KERN_ERR "capi20: unable to get major %d\n", capi_major); + capinc_tty_exit(); kcapi_exit(); return major_ret; } capi_class = class_create(THIS_MODULE, "capi"); if (IS_ERR(capi_class)) { unregister_chrdev(capi_major, "capi20"); + capinc_tty_exit(); kcapi_exit(); return PTR_ERR(capi_class); } device_create(capi_class, NULL, MKDEV(capi_major, 0), NULL, "capi20"); - if (capinc_tty_init() < 0) { - device_destroy(capi_class, MKDEV(capi_major, 0)); - class_destroy(capi_class); - unregister_chrdev(capi_major, "capi20"); - kcapi_exit(); - return -ENOMEM; - } - proc_init(); #ifdef CONFIG_ISDN_CAPI_MIDDLEWARE -- 2.17.1