From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jia-Ju Bai <baijiaju1990@gmail.com>
Subject: Re: [BUG] skge: a possible sleep-in-atomic bug in skge_remove
Date: Wed, 13 Dec 2017 15:42:56 +0800
Message-ID: <f2dee82a-af75-a3af-9899-5dec7950b9e8@gmail.com>
References: <1e8a8196-f0d1-2a82-3632-b882787c4391@gmail.com>
 <20171212.083445.2256119006373036925.davem@davemloft.net>
 <20171212102240.4a09cf9a@xeon-e3>
 <20171212.205701.569779668163323943.davem@davemloft.net>
 <20171212211849.3e8b43b9@xeon-e3>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: David Miller <davem@davemloft.net>, mlindner@marvell.com,
        shemminger@osdl.org, shemminger@linux-foundation.org,
        netdev@vger.kernel.org, linux-kernel@vger.kernel.org
To: Stephen Hemminger <stephen@networkplumber.org>
Return-path: <linux-kernel-owner@vger.kernel.org>
In-Reply-To: <20171212211849.3e8b43b9@xeon-e3>
Content-Language: en-US
Sender: linux-kernel-owner@vger.kernel.org
List-Id: netdev.vger.kernel.org


On 2017/12/13 13:18, Stephen Hemminger wrote:
> On Tue, 12 Dec 2017 20:57:01 -0500 (EST)
> David Miller <davem@davemloft.net> wrote:
>
>> From: Stephen Hemminger <stephen@networkplumber.org>
>> Date: Tue, 12 Dec 2017 10:22:40 -0800
>>
>>> On Tue, 12 Dec 2017 08:34:45 -0500 (EST)
>>> David Miller <davem@davemloft.net> wrote:
>>>    
>>>> From: Jia-Ju Bai <baijiaju1990@gmail.com>
>>>> Date: Tue, 12 Dec 2017 16:38:12 +0800
>>>>    
>>>>> According to drivers/net/ethernet/marvell/skge.c, the driver may sleep
>>>>> under a spinlock.
>>>>> The function call path is:
>>>>> skge_remove (acquire the spinlock)
>>>>>    free_irq --> may sleep
>>>>>
>>>>> I do not find a good way to fix it, so I only report.
>>>>> This possible bug is found by my static analysis tool (DSAC) and
>>>>> checked by my code review.
>>>> This was added by:
>>>>
>>>> commit a9e9fd7182332d0cf5f3e601df3e71dd431b70d7
>>>> Author: Stephen Hemminger <shemminger@vyatta.com>
>>>> Date:   Tue Sep 27 13:41:37 2011 -0400
>>>>
>>>>      skge: handle irq better on single port card
>>>>
>>>> I think the free_irq() can be moved below the unlock.
>>>>
>>>> Stephen, please take a look.
>>> The IRQ was being free twice.
>>> How did you see it, I really doubt any multi-port SKGE cards
>>> still exist.
>> He sees it by reading the code, please take a look at this
>> and move the free_irq() out of the spin locked section since
>> it can sleep.
> Thanks, I was hoping for some automated static analysis tool.

This bug was found by an automated static analysis tool named DSAC, 
which is written by myself.
Then I manually checked driver source code, and finally sent the bug report.


Thanks,
Jia-Ju Bai