netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [BUG] net: wireless: mwifiex: A possible sleep-in-atomic-context bug in mwifiex_wait_queue_complete()
@ 2018-09-01  9:08 Jia-Ju Bai
  2018-09-03  6:41 ` [EXT] " Ganapathi Bhat
  0 siblings, 1 reply; 3+ messages in thread
From: Jia-Ju Bai @ 2018-09-01  9:08 UTC (permalink / raw)
  To: amitkarwar, nishants, gbhat, huxinming820, kvalo
  Cc: linux-wireless, netdev, Linux Kernel Mailing List

mwifiex_usb_tx_complete() is a completion handler function for the
USB driver. So it should not sleep, but it is can sleep according to the
function call paths (from bottom to top) in Linux-4.16:

[FUNC] schedule_timeout
drivers/net/wireless/marvell/mwifiex/sta_ioctl.c, 63:
     schedule_timeout in mwifiex_wait_queue_complete
drivers/net/wireless/marvell/mwifiex/cmdevt.c, 673:
     mwifiex_wait_queue_complete in mwifiex_send_cmd
drivers/net/wireless/marvell/mwifiex/main.c, 1046:
     mwifiex_send_cmd in mwifiex_multi_chan_resync
drivers/net/wireless/marvell/mwifiex/usb.c, 288:
     mwifiex_multi_chan_resync in mwifiex_usb_tx_complete

I do not find a good way to fix this bug, so I only report it.

This bug is found by my static analysis tool DSAC.


Best wishes,
Jia-Ju Bai

^ permalink raw reply	[flat|nested] 3+ messages in thread
* RE: [EXT] [BUG] net: wireless: mwifiex: A possible sleep-in-atomic-context bug in mwifiex_wait_queue_complete()
  2018-09-01  9:08 [BUG] net: wireless: mwifiex: A possible sleep-in-atomic-context bug in mwifiex_wait_queue_complete() Jia-Ju Bai
@ 2018-09-03  6:41 ` Ganapathi Bhat
  2018-09-03  7:35   ` Jia-Ju Bai
  0 siblings, 1 reply; 3+ messages in thread
From: Ganapathi Bhat @ 2018-09-03  6:41 UTC (permalink / raw)
  To: Jia-Ju Bai, amitkarwar@gmail.com, nishants@marvell.com,
	huxinming820@gmail.com, kvalo@codeaurora.org
  Cc: linux-wireless@vger.kernel.org, netdev@vger.kernel.org,
	Linux Kernel Mailing List

Hi Jia-Ju,

>
> [FUNC] schedule_timeout
> drivers/net/wireless/marvell/mwifiex/sta_ioctl.c, 63:
>      schedule_timeout in mwifiex_wait_queue_complete
> drivers/net/wireless/marvell/mwifiex/cmdevt.c, 673:
>      mwifiex_wait_queue_complete in mwifiex_send_cmd
Here, mwifiex_send_cmd does not call mwifiex_wait_queue_complete, because the sync parameter is false.
Note that the function mwifiex_multi_chan_resync did call mwifiex_send_cmd with sync = false.
> drivers/net/wireless/marvell/mwifiex/main.c, 1046:
>      mwifiex_send_cmd in mwifiex_multi_chan_resync
> drivers/net/wireless/marvell/mwifiex/usb.c, 288:
>      mwifiex_multi_chan_resync in mwifiex_usb_tx_complete
>
Thanks,
Ganapathi

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [EXT] [BUG] net: wireless: mwifiex: A possible sleep-in-atomic-context bug in mwifiex_wait_queue_complete()
  2018-09-03  6:41 ` [EXT] " Ganapathi Bhat
@ 2018-09-03  7:35   ` Jia-Ju Bai
  0 siblings, 0 replies; 3+ messages in thread
From: Jia-Ju Bai @ 2018-09-03  7:35 UTC (permalink / raw)
  To: Ganapathi Bhat, amitkarwar@gmail.com, nishants@marvell.com,
	huxinming820@gmail.com, kvalo@codeaurora.org
  Cc: linux-wireless@vger.kernel.org, netdev@vger.kernel.org,
	Linux Kernel Mailing List



On 2018/9/3 14:41, Ganapathi Bhat wrote:
> Hi Jia-Ju,
>
>> [FUNC] schedule_timeout
>> drivers/net/wireless/marvell/mwifiex/sta_ioctl.c, 63:
>>       schedule_timeout in mwifiex_wait_queue_complete
>> drivers/net/wireless/marvell/mwifiex/cmdevt.c, 673:
>>       mwifiex_wait_queue_complete in mwifiex_send_cmd
> Here, mwifiex_send_cmd does not call mwifiex_wait_queue_complete, because the sync parameter is false.
> Note that the function mwifiex_multi_chan_resync did call mwifiex_send_cmd with sync = false.

Thanks for the reply.
I check the code again, and find my report it false, sorry for that.


Best wishes,
Jia-Ju Bai

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-09-03  7:35 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-09-01  9:08 [BUG] net: wireless: mwifiex: A possible sleep-in-atomic-context bug in mwifiex_wait_queue_complete() Jia-Ju Bai
2018-09-03  6:41 ` [EXT] " Ganapathi Bhat
2018-09-03  7:35   ` Jia-Ju Bai

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).