-
Notifications
You must be signed in to change notification settings - Fork 6.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sd: sd_ops: Data Race in card_ioctl
#72368
Labels
area: Disk Access
bug
The issue is a bug, or the PR is fixing a bug
priority: medium
Medium impact/importance bug
Comments
nashif
changed the title
subsystem: sd: sd_ops: Data Race in
sd: sd_ops: Data Race in May 7, 2024
card_ioctl
card_ioctl
Nice catch. But FWIW: "Suggested fixes" are usually best expressed as pull requests. :) |
Good point. Will try to do so next time 👍 |
danieldegrasse
added a commit
to nxp-upstream/zephyr
that referenced
this issue
May 14, 2024
Take card lock when running IOCTL command, to avoid race conditions that could occur within the lower SDHC transfer implementations (as these will be called by sdmmc_wait_ready) Fixes zephyrproject-rtos#72368 Signed-off-by: Daniel DeGrasse <[email protected]>
Thanks for catching this, I have created a pull request: #72757, with your suggested change |
Thank you @danieldegrasse |
danieldegrasse
added a commit
to nxp-upstream/zephyr
that referenced
this issue
May 14, 2024
Take card lock when running IOCTL command, to avoid race conditions that could occur within the lower SDHC transfer implementations (as these will be called by sdmmc_wait_ready) Fixes zephyrproject-rtos#72368 Signed-off-by: Daniel DeGrasse <[email protected]>
nashif
pushed a commit
that referenced
this issue
May 16, 2024
Take card lock when running IOCTL command, to avoid race conditions that could occur within the lower SDHC transfer implementations (as these will be called by sdmmc_wait_ready) Fixes #72368 Signed-off-by: Daniel DeGrasse <[email protected]>
mariopaja
pushed a commit
to mariopaja/zephyr
that referenced
this issue
May 26, 2024
Take card lock when running IOCTL command, to avoid race conditions that could occur within the lower SDHC transfer implementations (as these will be called by sdmmc_wait_ready) Fixes zephyrproject-rtos#72368 Signed-off-by: Daniel DeGrasse <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
area: Disk Access
bug
The issue is a bug, or the PR is fixing a bug
priority: medium
Medium impact/importance bug
The function
card_ioctl
insubsys/sd/sd_ops.c
callssdmmc_wait_ready
, which callssdhc_card_busy
without taking thecard->lock
mutex. This leads to a data-race on the lower layers (for example spi).Problematic line: https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/sd/sd_ops.c#L790
Suggested fix:
To reproduce: two threads concurrently accessing the sd-card. At least one of them issues
ioclt
s. For example filesystem.Expected behavior: No data race. With a data race, anything is possible. Of the possible scenarios, crashes are the least problematic.
Severly impacts all applications with concurrent access to the sd-card, when at least one of them uses
ioctl
.Similar mutex problem in same file: #72287
Let me know, if you need additional information.
The text was updated successfully, but these errors were encountered: