Bug 217613

Summary: [BUG] [media] dvb-usb: possible data-inconsistency due to data races in dib0700_rc_query_old_firmware()
Product: Drivers Reporter: Tuo Li (islituo)
Component: USBAssignee: Default virtual assignee for Drivers/USB (drivers_usb)
Status: RESOLVED DUPLICATE    
Severity: normal    
Priority: P3    
Hardware: All   
OS: Linux   
Kernel Version: Subsystem:
Regression: No Bisected commit-id:

Description Tuo Li 2023-06-30 01:35:28 UTC 
Our static analysis tool finds some possible data races in the
DVB USB driver in Linux 6.4.0.

The variable d->priv->buf is often accessed with holding the
lock d->usb_mutex, here is an example:

  dib0700_change_protocol()  --> Line 638 in dib0700_core.c
    st = d->priv;  --> Line 641 in dib0700_core.c (Alias)
    mutex_lock_interruptible(&d->usb_mutex)
               --> Line 644 in dib0700_core.c (Lock d->usb_mutex)
    st->buf[0] = REQUEST_SET_RC;
               --> Line 649 in dib0700_core.c (Access d->priv->buf)

However, in the function dib0700_rc_query_old_firmware(), the
variable d->priv->buf is accessed without holding the lock
d->usb_mutex:

  dib0700_rc_query_old_firmware()  --> Line 516 in dib0700_devices.c
    st = d->priv;  --> Line 522 in dib0700_devices.c (Alias)
    st->buf[0] = REQUEST_POLL_RC;
               --> Line 532 in dib0700_devices.c (Access st->buf)

And thus harmful data races can occur because they can make
data in st-buf inconsistent.

I am not quite sure whether these possible data races are real and
how to fix them if they are real.

Any feedback would be appreciated, thanks!

Reported-by: BassCheck <bass@buaa.edu.cn>
Comment 1 Tuo Li 2023-06-30 01:48:35 UTC 

*** This bug has been marked as a duplicate of bug 217614 ***
Comment 2 Greg Kroah-Hartman 2023-06-30 05:22:22 UTC 
On Fri, Jun 30, 2023 at 01:35:28AM +0000, bugzilla-daemon@kernel.org wrote:
> https://bugzilla.kernel.org/show_bug.cgi?id=217613
> 
>             Bug ID: 217613
>            Summary: [BUG] [media] dvb-usb: possible data-inconsistency due
>                     to data races in dib0700_rc_query_old_firmware()
>            Product: Drivers
>            Version: 2.5
>           Hardware: All
>                 OS: Linux
>             Status: NEW
>           Severity: normal
>           Priority: P3
>          Component: USB
>           Assignee: drivers_usb@kernel-bugs.kernel.org
>           Reporter: islituo@gmail.com
>         Regression: No
> 
> Our static analysis tool finds some possible data races in the
> DVB USB driver in Linux 6.4.0.

Please report this to the mailing lists for these drivers, not in
bugzilla.

thanks,

greg k-h
Comment 3 Tuo Li 2023-06-30 08:11:33 UTC 
(In reply to Greg Kroah-Hartman from comment #2)
> On Fri, Jun 30, 2023 at 01:35:28AM +0000, bugzilla-daemon@kernel.org wrote:
> > https://bugzilla.kernel.org/show_bug.cgi?id=217613
> > 
> >             Bug ID: 217613
> >            Summary: [BUG] [media] dvb-usb: possible data-inconsistency due
> >                     to data races in dib0700_rc_query_old_firmware()
> >            Product: Drivers
> >            Version: 2.5
> >           Hardware: All
> >                 OS: Linux
> >             Status: NEW
> >           Severity: normal
> >           Priority: P3
> >          Component: USB
> >           Assignee: drivers_usb@kernel-bugs.kernel.org
> >           Reporter: islituo@gmail.com
> >         Regression: No
> > 
> > Our static analysis tool finds some possible data races in the
> > DVB USB driver in Linux 6.4.0.
> 
> Please report this to the mailing lists for these drivers, not in
> bugzilla.
> 
> thanks,
> 
> greg k-h

Thanks for your reply! I am really sorry to bother you. I have 
reported this to the mailing lists for these drivers, but have 
not received any reply.I have resent a report to the mailing lists
just now, and any feedback would be appreciated.

Thanks,
Tuo Li