All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] bluecard: Fix a possible sleep-in-atomic bug in bluecard_write_wakeup
@ 2017-12-13  9:28 Jia-Ju Bai
  2017-12-13 13:39 ` Marcel Holtmann
  0 siblings, 1 reply; 2+ messages in thread
From: Jia-Ju Bai @ 2017-12-13  9:28 UTC (permalink / raw)
  To: marcel, gustavo, johan.hedberg; +Cc: linux-bluetooth, linux-kernel, Jia-Ju Bai

The driver may sleep in the interrupt handler.
The function call path is:
bluecard_interrupt (interrupt handler)
  bluecard_write_wakeup
    schedule_timeout --> may sleep

To fix it, schedule_timeout is replaced with mdelay.

This bug is found by my static analysis tool(DSAC) and checked by my code review.

Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
---
 drivers/bluetooth/bluecard_cs.c |    8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/drivers/bluetooth/bluecard_cs.c b/drivers/bluetooth/bluecard_cs.c
index d513ef4..82437a6 100644
--- a/drivers/bluetooth/bluecard_cs.c
+++ b/drivers/bluetooth/bluecard_cs.c
@@ -302,9 +302,7 @@ static void bluecard_write_wakeup(struct bluecard_info *info)
 			}
 
 			/* Wait until the command reaches the baseband */
-			prepare_to_wait(&wq, &wait, TASK_INTERRUPTIBLE);
-			schedule_timeout(HZ/10);
-			finish_wait(&wq, &wait);
+			mdelay(100);
 
 			/* Set baud on baseband */
 			info->ctrl_reg &= ~0x03;
@@ -316,9 +314,7 @@ static void bluecard_write_wakeup(struct bluecard_info *info)
 			outb(info->ctrl_reg, iobase + REG_CONTROL);
 
 			/* Wait before the next HCI packet can be send */
-			prepare_to_wait(&wq, &wait, TASK_INTERRUPTIBLE);
-			schedule_timeout(HZ);
-			finish_wait(&wq, &wait);
+			mdelay(1000);
 		}
 
 		if (len == skb->len) {
-- 
1.7.9.5

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] bluecard: Fix a possible sleep-in-atomic bug in bluecard_write_wakeup
  2017-12-13  9:28 [PATCH] bluecard: Fix a possible sleep-in-atomic bug in bluecard_write_wakeup Jia-Ju Bai
@ 2017-12-13 13:39 ` Marcel Holtmann
  0 siblings, 0 replies; 2+ messages in thread
From: Marcel Holtmann @ 2017-12-13 13:39 UTC (permalink / raw)
  To: Jia-Ju Bai
  Cc: Gustavo F. Padovan, Johan Hedberg, open list:BLUETOOTH DRIVERS,
	linux-kernel

Hi Jia-Ju,

> The driver may sleep in the interrupt handler.
> The function call path is:
> bluecard_interrupt (interrupt handler)
>  bluecard_write_wakeup
>    schedule_timeout --> may sleep
> 
> To fix it, schedule_timeout is replaced with mdelay.
> 
> This bug is found by my static analysis tool(DSAC) and checked by my code review.
> 
> Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
> ---
> drivers/bluetooth/bluecard_cs.c |    8 ++------
> 1 file changed, 2 insertions(+), 6 deletions(-)

patch has been applied to bluetooth-next tree.

Regards

Marcel

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-12-13 13:39 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-12-13  9:28 [PATCH] bluecard: Fix a possible sleep-in-atomic bug in bluecard_write_wakeup Jia-Ju Bai
2017-12-13 13:39 ` Marcel Holtmann

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.