Skip to main content

Browse the archive

https://github.com/torvalds/linux
05 April 2024, 19:05:47 UTC
Revision a20049071796691cf99eb6433968fc3c27632b95 authored by Heiner Kallweit on 13 February 2019, 19:12:54 UTC, committed by David S. Miller on 14 February 2019, 17:04:55 UTC 
net: phy: fix potential race in the phylib state machine
 
Russell reported the following race in the phylib state machine
(quoting from his mail):

if (phy_polling_mode(phydev) && phy_is_started(phydev))
	phy_queue_state_machine(phydev, PHY_STATE_TIME);

state = PHY_UP
thread 0			thread 1
				phy_disconnect()
				+-phy_is_started()
phy_is_started()                |
				`-phy_stop()
				  +-phydev->state = PHY_HALTED
				  `-phy_stop_machine()
				    `-cancel_delayed_work_sync()
phy_queue_state_machine()
`-mod_delayed_work()

At this point, the phydev->state_queue() has been added back onto the
system workqueue despite phy_stop_machine() having been called and
cancel_delayed_work_sync() called on it.

Fix this by protecting the complete operation in thread 0.

Fixes: 2b3e88ea6528 ("net: phy: improve phy state checking")
Reported-by: Russell King - ARM Linux admin <linux@armlinux.org.uk>
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent a2fc9d7
History
Tip revision: a20049071796691cf99eb6433968fc3c27632b95 authored by Heiner Kallweit on 13 February 2019, 19:12:54 UTC
net: phy: fix potential race in the phylib state machine
Tip revision: a200490
File Mode Size
Makefile -rw-r--r-- 361 bytes
compat.c -rw-r--r-- 2.2 KB
ipc_sysctl.c -rw-r--r-- 5.9 KB
mq_sysctl.c -rw-r--r-- 2.9 KB
mqueue.c -rw-r--r-- 39.0 KB
msg.c -rw-r--r-- 29.9 KB
msgutil.c -rw-r--r-- 3.6 KB
namespace.c -rw-r--r-- 4.6 KB
sem.c -rw-r--r-- 61.4 KB
shm.c -rw-r--r-- 42.4 KB
syscall.c -rw-r--r-- 4.7 KB
util.c -rw-r--r-- 22.1 KB
util.h -rw-r--r-- 9.0 KB
back to top