From 3c557614033591febcc4457d940261e10d88954d Mon Sep 17 00:00:00 2001 From: Matt Taylor Date: Tue, 27 Aug 2019 20:09:09 +0100 Subject: [PATCH 1/2] Report vulnerability in spin crate's RwLock impl --- crates/spin/RUSTSEC-0000-0000.toml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 crates/spin/RUSTSEC-0000-0000.toml diff --git a/crates/spin/RUSTSEC-0000-0000.toml b/crates/spin/RUSTSEC-0000-0000.toml new file mode 100644 index 0000000..a34b100 --- /dev/null +++ b/crates/spin/RUSTSEC-0000-0000.toml @@ -0,0 +1,18 @@ +[advisory] +id = "RUSTSEC-0000-0000" +package = "spin" +date = "2019-08-27" +title = "Wrong memory orderings in RwLock potentially violates mutual exclusion" +description = """ +Wrong memory orderings inside the RwLock implementation allow for two writers to acquire the lock at the same time. The drop implementation used Ordering::Relaxed, which allows the compiler or CPU to reorder a mutable access on the locked data after the lock has been yielded. + +Only users of the RwLock implementation are effected. Users of lazy_static with the `spin_no_std` feature are NOT affected. + +On strongly ordered CPU architectures like x86, the only real way that this would lead to a memory corruption is if the compiler reorders an access after the lock is yielded, which is possible but in practice unlikely. It is a more serious issue on weakly ordered architectures such as ARM which, except in the presence of certain instructions, allow the hardware to decide which accesses are seen at what times. Therefore on an ARM system it is likely that using the wrong memory ordering would result in a memory corruption, even if the compiler itself doesn't reorder the memory accesses in a buggy way. + +The flaw was corrected by https://github.com/mvdnes/spin-rs/pull/66. +""" +patched_versions = [">= 0.5.2"] +url = "https://github.com/mvdnes/spin-rs/issues/65" +keywords = ["atomic", "ordering", "spin", "lock", "mutex", "rwlock"] +affected_functions = ["spin::RwLock::new"] From 5568479c480b863005d1b544da952815533b659e Mon Sep 17 00:00:00 2001 From: Matt Taylor Date: Wed, 28 Aug 2019 06:37:10 +0100 Subject: [PATCH 2/2] Clarify that users of Once are not affected --- crates/spin/RUSTSEC-0000-0000.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crates/spin/RUSTSEC-0000-0000.toml b/crates/spin/RUSTSEC-0000-0000.toml index a34b100..9b008d0 100644 --- a/crates/spin/RUSTSEC-0000-0000.toml +++ b/crates/spin/RUSTSEC-0000-0000.toml @@ -6,7 +6,7 @@ title = "Wrong memory orderings in RwLock potentially violates mutual exclusion" description = """ Wrong memory orderings inside the RwLock implementation allow for two writers to acquire the lock at the same time. The drop implementation used Ordering::Relaxed, which allows the compiler or CPU to reorder a mutable access on the locked data after the lock has been yielded. -Only users of the RwLock implementation are effected. Users of lazy_static with the `spin_no_std` feature are NOT affected. +Only users of the RwLock implementation are affected. Users of Once (including users of lazy_static with the `spin_no_std` feature enabled) are NOT affected. On strongly ordered CPU architectures like x86, the only real way that this would lead to a memory corruption is if the compiler reorders an access after the lock is yielded, which is possible but in practice unlikely. It is a more serious issue on weakly ordered architectures such as ARM which, except in the presence of certain instructions, allow the hardware to decide which accesses are seen at what times. Therefore on an ARM system it is likely that using the wrong memory ordering would result in a memory corruption, even if the compiler itself doesn't reorder the memory accesses in a buggy way.