Hello.
While searching for races in the Linux kernel I've come across
"drivers/misc/ibmasm/ibmasm.ko" module. Here is a question that I came
up with while analyzing results. Lines are given using the info from
Linux v4.12.
Consider the following case:
Thread 1: Thread 2:
ibmasm_interrupt_handler
->ibmasm_receive_message
->ibmasm_receive_event event_file_open
buffer = sp->event_buffer ->ibmasm_event_reader_register
buffer->next_serial_number++ sp->event_buffer->next_serial_number
(event.c: line 73) (event.c: line 133)
There is a possibility of event serial_number clash if in
ibmasm_event_reader_register value of next_serial_number field is read
before the assignment happens. This is possible only if the readers can
dynamically subscribe to an event. Is this case feasible from your point
of view?
Thank you for your time.
-- Anton Volkov
Linux Verification Center, ISPRAS
web: http://linuxtesting.org
e-mail: avol...@ispras.ru
