Re: [PATCH] b43legacy: Fix a sleep-in-atomic bug in b43legacy_attr_interfmode_store

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Jia-Ju Bai <baijiaju1990-9Onoh4P/yGk@public.gmane.org>
To: Larry Finger <Larry.Finger-tQ5ms3gMjBLk1uMJSBkQmQ@public.gmane.org>
Cc: netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
	linux-wireless-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
	b43-dev-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org,
	kvalo-sgV2jX0FEOL9JmXXK+q4OQ@public.gmane.org,
	linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [PATCH] b43legacy: Fix a sleep-in-atomic bug in b43legacy_attr_interfmode_store
Date: Thu, 01 Jun 2017 09:05:07 +0800	[thread overview]
Message-ID: <592F6843.9000204@163.com> (raw)
In-Reply-To: <85905124-7167-aeb0-8aff-4ceec09e9542-tQ5ms3gMjBLk1uMJSBkQmQ@public.gmane.org>

On 06/01/2017 01:33 AM, Larry Finger wrote:
> On 05/31/2017 05:29 AM, Jia-Ju Bai wrote:
>> The driver may sleep under a spin lock, and the function call path is:
>> b43legacy_attr_interfmode_store (acquire the lock by spin_lock_irqsave)
>>    b43legacy_radio_set_interference_mitigation
>>      b43legacy_radio_interference_mitigation_disable
>>        b43legacy_calc_nrssi_slope
>>          b43legacy_synth_pu_workaround
>>            might_sleep and msleep --> may sleep
>>
>> Fixing it may be complex, and a possible way is to remove
>> spin_lock_irqsave and spin_lock_irqrestore in
>> b43legacy_attr_interfmode_store, and the code has been protected by
>> mutex_lock and mutex_unlock.
>>
>> Signed-off-by: Jia-Ju Bai <baijiaju1990-9Onoh4P/yGk@public.gmane.org>
>> ---
>>   drivers/net/wireless/broadcom/b43legacy/sysfs.c |    2 --
>>   1 file changed, 2 deletions(-)
>>
>> diff --git a/drivers/net/wireless/broadcom/b43legacy/sysfs.c 
>> b/drivers/net/wireless/broadcom/b43legacy/sysfs.c
>> index 2a1da15..9ede143 100644
>> --- a/drivers/net/wireless/broadcom/b43legacy/sysfs.c
>> +++ b/drivers/net/wireless/broadcom/b43legacy/sysfs.c
>> @@ -137,14 +137,12 @@ static ssize_t 
>> b43legacy_attr_interfmode_store(struct device *dev,
>>       }
>>         mutex_lock(&wldev->wl->mutex);
>> -    spin_lock_irqsave(&wldev->wl->irq_lock, flags);
>>         err = b43legacy_radio_set_interference_mitigation(wldev, mode);
>>       if (err)
>>           b43legacyerr(wldev->wl, "Interference Mitigation not "
>>                  "supported by device\n");
>>       mmiowb();
>> -    spin_unlock_irqrestore(&wldev->wl->irq_lock, flags);
>>       mutex_unlock(&wldev->wl->mutex);
>>         return err ? err : count;
>>
>
> Jia-Ju,
>
> Did you actually observe the attempt to sleep under the spin lock, or 
> did you discover this using some tool? In other words, have either of 
> your patches been tested?
>
> Larry
>
Hi,

In fact, my reported bugs are found by a static analysis tool written by 
me, and they are checked by my review of the driver code.
I admit my patches are not well tested, and they may not well fix the bugs.
I am looking forward to opinions and suggestions :)

Thanks,
Jia-Ju Bai

next prev parent reply	other threads:[~2017-06-01  1:05 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-05-31 10:29 [PATCH] b43legacy: Fix a sleep-in-atomic bug in b43legacy_attr_interfmode_store Jia-Ju Bai
2017-05-31 15:17 ` Michael Büsch
2017-05-31 17:33 ` Larry Finger
     [not found]   ` <85905124-7167-aeb0-8aff-4ceec09e9542-tQ5ms3gMjBLk1uMJSBkQmQ@public.gmane.org>
2017-06-01  1:05     ` Jia-Ju Bai [this message]
     [not found]       ` <592F6843.9000204-9Onoh4P/yGk@public.gmane.org>
2017-06-01  4:15         ` Kalle Valo
2017-06-01 16:11       ` Jonathan Corbet
2017-06-01 17:43         ` Larry Finger
     [not found]         ` <20170601101113.6dd30d6d-T1hC0tSOHrs@public.gmane.org>
2017-06-02  1:18           ` Jia-Ju Bai
     [not found]             ` <5930BCD6.9010306-9Onoh4P/yGk@public.gmane.org>
2017-07-30 10:24               ` Michael Büsch
2017-06-01 23:24 ` kbuild test robot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=592F6843.9000204@163.com \
    --to=baijiaju1990-9onoh4p/ygk@public.gmane.org \
    --cc=Larry.Finger-tQ5ms3gMjBLk1uMJSBkQmQ@public.gmane.org \
    --cc=b43-dev-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org \
    --cc=kvalo-sgV2jX0FEOL9JmXXK+q4OQ@public.gmane.org \
    --cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
    --cc=linux-wireless-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
    --cc=netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).