95111 – Data race in llseek file operation in generic_nvram and mbcs char drivers

Bug 95111 - Data race in llseek file operation in generic_nvram and mbcs char drivers

Summary: Data race in llseek file operation in generic_nvram and mbcs char drivers

Status:	NEW

Alias:	None

Product:	Drivers
Classification:	Unclassified
Component:	Other (show other bugs)
Hardware:	All Linux

Importance:	P1 normal
Assignee:	drivers_other

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-03-19 21:47 UTC by Pantazis Deligiannis
Modified:	2015-03-19 21:47 UTC (History)
CC List:	0 users

See Also:
Kernel Version:	4.0-rc4
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Pantazis Deligiannis 2015-03-19 21:47:03 UTC

Hi, I believe that there is a data race when write/read accessing the file offset (file->f_pos) in the drivers/char/generic_nvram.c and drivers/char/mbcs during the llseek file operation.

The corresponding llseek functions can be found in lines: 34 for generic_nvram.c and 452 for mbcs.c

I am trying to understand if this is a genuine race, but when reading the documentation regarding locking in file_operations (Documentation/filesystem/Locking), it mentions that if you are implementing your own llseek (as in these 2 drivers) you need to synchronise with a lock.

I checked another module that uses the same API (arch/x86/kernel/cpuid.c), and they are indeed protecting the offset access with a mutex during the llseek file operation.

Any thoughts are appreciated.

Thanks

Note You need to log in before you can comment on or make changes to this bug.