[Kernel] Re: [PATCH OpenHarmony-5.10 13/18] NFC: reorganize the functions in nci_request

24 Jan 2022


      在 2022/1/24 9:03, yiyuchangchun@126.com 写道:
...
From: Lin Ma 
stable inclusion
form stable-v5.10.82
commit cb14b196d991c864ed2d1b6e79d68a7ce38e6538
issue: #I4RVJ4
CVE: CVE-2021-4202
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...
Signed-off-by: Yu Changchun 
--------------------------------
[ Upstream commit 86cdf8e38792545161dbe3350a7eced558ba4d15 ]
There is a possible data race as shown below:
thread-A in nci_request()       | thread-B in nci_close_device()
                                 | mutex_lock(&ndev->req_lock);
test_bit(NCI_UP, &ndev->flags); |
...                             | test_and_clear_bit(NCI_UP, &ndev->flags)
mutex_lock(&ndev->req_lock);    |
                                 |
This race will allow __nci_request() to be awaked while the device is
getting removed.
Similar to commit e2cb6b891ad2 ("bluetooth: eliminate the potential race
condition when removing the HCI controller"). this patch alters the
function sequence in nci_request() to prevent the data races between the
nci_close_device().
Signed-off-by: Lin Ma 
Fixes: 6a2968aaf50c ("NFC: basic NCI protocol implementation")
Link: https://lore.kernel.org/r/20211115145600.8320-1-linma@zju.edu.cn
Signed-off-by: Jakub Kicinski 
Signed-off-by: Sasha Levin 
Signed-off-by: Chen Jun 
Signed-off-by: Zheng Zengkai 
Signed-off-by: Yu Changchun 
---
Reviewed-by: Wei Yongjun

[Kernel] Re: [PATCH OpenHarmony-5.10 13/18] NFC: reorganize the functions in nci_request

weiyongjun (A)